Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe

Overview

General Information

Sample name:173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe
Analysis ID:1566420
MD5:031d9c09391de9e9530f989651b1a078
SHA1:683407bdefafb4fdaffe8e8d176806467e3c094f
SHA256:d3dd75c3a7d6e7107f34aee8090dfe4270b556b03331308c3aab5307a99c7c30
Tags:base64-decodedexeuser-abuse_ch
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
One or more processes crash
PE file does not import any functions
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2e203:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x162b2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.2.173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe.420000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0.2.173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe.420000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2e403:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x164b2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeAvira: detected
      Multi AV Scanner detection for submitted file
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeReversingLabs: Detection: 63%
      Yara detected FormBook
      Source: Yara matchFile source: 0.2.173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe.420000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeJoe Sandbox ML: detected
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: wntdll.pdbUGP source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000002.2041382964.000000000139E000.00000040.00001000.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1676281033.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1678293898.000000000104B000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000002.2041382964.000000000139E000.00000040.00001000.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1676281033.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1678293898.000000000104B000.00000004.00000020.00020000.00000000.sdmp
      Source: Amcache.hve.2.drString found in binary or memory: http://upx.sf.net

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0.2.173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe.420000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 0.2.173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe.420000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00421978 NtProtectVirtualMemory,NtProtectVirtualMemory,0_2_00421978
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0044C4A3 NtClose,0_2_0044C4A3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01272DF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01274340 NtSetContextThread,0_2_01274340
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01274650 NtSuspendThread,0_2_01274650
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272B60 NtClose,0_2_01272B60
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272BA0 NtEnumerateValueKey,0_2_01272BA0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272B80 NtQueryInformationFile,0_2_01272B80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272BE0 NtQueryValueKey,0_2_01272BE0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272BF0 NtAllocateVirtualMemory,0_2_01272BF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272AB0 NtWaitForSingleObject,0_2_01272AB0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272AF0 NtWriteFile,0_2_01272AF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272AD0 NtReadFile,0_2_01272AD0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272D30 NtUnmapViewOfSection,0_2_01272D30
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272D00 NtSetInformationFile,0_2_01272D00
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272D10 NtMapViewOfSection,0_2_01272D10
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272DB0 NtEnumerateKey,0_2_01272DB0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272DD0 NtDelayExecution,0_2_01272DD0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272C00 NtQueryInformationProcess,0_2_01272C00
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272C60 NtCreateKey,0_2_01272C60
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272C70 NtFreeVirtualMemory,0_2_01272C70
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272CA0 NtQueryInformationToken,0_2_01272CA0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272CF0 NtOpenProcess,0_2_01272CF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272CC0 NtQueryVirtualMemory,0_2_01272CC0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272F30 NtCreateSection,0_2_01272F30
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272F60 NtCreateProcessEx,0_2_01272F60
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272FA0 NtQuerySection,0_2_01272FA0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272FB0 NtResumeThread,0_2_01272FB0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272F90 NtProtectVirtualMemory,0_2_01272F90
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272FE0 NtCreateFile,0_2_01272FE0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272E30 NtWriteVirtualMemory,0_2_01272E30
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272EA0 NtAdjustPrivilegesToken,0_2_01272EA0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272E80 NtReadVirtualMemory,0_2_01272E80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272EE0 NtQueueApcThread,0_2_01272EE0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01273010 NtOpenDirectoryObject,0_2_01273010
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01273090 NtSetValueKey,0_2_01273090
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012735C0 NtCreateMutant,0_2_012735C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012739B0 NtGetContextThread,0_2_012739B0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01273D10 NtOpenProcessToken,0_2_01273D10
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01273D70 NtOpenThread,0_2_01273D70
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004219780_2_00421978
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004230600_2_00423060
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004211F00_2_004211F0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0044EAF30_2_0044EAF3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0042239E0_2_0042239E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004223A00_2_004223A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0042FC6A0_2_0042FC6A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0042FC730_2_0042FC73
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00422C110_2_00422C11
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004366230_2_00436623
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004366220_2_00436622
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0042FE930_2_0042FE93
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0042DF130_2_0042DF13
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004227C00_2_004227C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004227BC0_2_004227BC
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012301000_2_01230100
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DA1180_2_012DA118
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C81580_2_012C8158
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F41A20_2_012F41A2
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_013001AA0_2_013001AA
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F81CC0_2_012F81CC
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D20000_2_012D2000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FA3520_2_012FA352
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124E3F00_2_0124E3F0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_013003E60_2_013003E6
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E02740_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C02C00_2_012C02C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012405350_2_01240535
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_013005910_2_01300591
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E44200_2_012E4420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F24460_2_012F2446
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EE4F60_2_012EE4F6
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012407700_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012647500_2_01264750
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123C7C00_2_0123C7C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125C6E00_2_0125C6E0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012569620_2_01256962
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A00_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0130A9A60_2_0130A9A6
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124A8400_2_0124A840
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012428400_2_01242840
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012268B80_2_012268B8
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E8F00_2_0126E8F0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FAB400_2_012FAB40
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F6BD70_2_012F6BD7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123EA800_2_0123EA80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124AD000_2_0124AD00
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DCD1F0_2_012DCD1F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01258DBF0_2_01258DBF
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123ADE00_2_0123ADE0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240C000_2_01240C00
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0CB50_2_012E0CB5
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01230CF20_2_01230CF2
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01282F280_2_01282F28
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01260F300_2_01260F30
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E2F300_2_012E2F30
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B4F400_2_012B4F40
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BEFA00_2_012BEFA0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01232FC80_2_01232FC8
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FEE260_2_012FEE26
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240E590_2_01240E59
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01252E900_2_01252E90
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FCE930_2_012FCE93
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FEEDB0_2_012FEEDB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0127516C0_2_0127516C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122F1720_2_0122F172
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0130B16B0_2_0130B16B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124B1B00_2_0124B1B0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F70E90_2_012F70E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FF0E00_2_012FF0E0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EF0CC0_2_012EF0CC
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012470C00_2_012470C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F132D0_2_012F132D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122D34C0_2_0122D34C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0128739A0_2_0128739A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012452A00_2_012452A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E12ED0_2_012E12ED
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125B2C00_2_0125B2C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F75710_2_012F7571
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DD5B00_2_012DD5B0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_013095C30_2_013095C3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FF43F0_2_012FF43F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012314600_2_01231460
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FF7B00_2_012FF7B0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012856300_2_01285630
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F16CC0_2_012F16CC
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D59100_2_012D5910
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012499500_2_01249950
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125B9500_2_0125B950
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AD8000_2_012AD800
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012438E00_2_012438E0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FFB760_2_012FFB76
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125FB800_2_0125FB80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B5BF00_2_012B5BF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0127DBF90_2_0127DBF9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B3A6C0_2_012B3A6C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FFA490_2_012FFA49
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F7A460_2_012F7A46
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DDAAC0_2_012DDAAC
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01285AA00_2_01285AA0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E1AA30_2_012E1AA3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EDAC60_2_012EDAC6
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F7D730_2_012F7D73
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01243D400_2_01243D40
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F1D5A0_2_012F1D5A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125FDC00_2_0125FDC0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B9C320_2_012B9C32
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FFCF20_2_012FFCF2
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FFF090_2_012FFF09
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FFFB10_2_012FFFB1
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01241F920_2_01241F92
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01203FD20_2_01203FD2
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01203FD50_2_01203FD5
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01249EB00_2_01249EB0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: String function: 012BF290 appears 105 times
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: String function: 012AEA12 appears 86 times
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: String function: 0122B970 appears 265 times
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: String function: 01275130 appears 58 times
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: String function: 01287E54 appears 108 times
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 228
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeStatic PE information: No import functions for PE file found
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000002.2041382964.000000000132D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1676281033.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1678293898.0000000001178000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 0.2.173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe.420000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeStatic PE information: Section .text
      Source: classification engineClassification label: mal80.troj.winEXE@2/5@0/0
      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7320
      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\1c7ebd0f-41f3-4238-a3db-afc200940dcdJump to behavior
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeReversingLabs: Detection: 63%
      Source: unknownProcess created: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe "C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe"
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 228
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeSection loaded: apphelp.dllJump to behavior
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: wntdll.pdbUGP source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000002.2041382964.000000000139E000.00000040.00001000.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1676281033.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1678293898.000000000104B000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000002.2041382964.000000000139E000.00000040.00001000.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1676281033.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe, 00000000.00000003.1678293898.000000000104B000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0043606E push es; retf 0_2_0043606F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0043E922 push es; retf 0_2_0043E926
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004232D0 push eax; ret 0_2_004232D2
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00421BD8 pushad ; ret 0_2_00421BDC
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_004363F3 push edi; retf 0_2_004364AE
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00436393 push cs; iretd 0_2_004363C4
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00436390 push cs; iretd 0_2_004363C4
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00435B95 push esp; retf 0_2_00435B96
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00424C4C push ebx; retf 0_2_00424CDD
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00436453 push edi; retf 0_2_004364AE
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00424C65 push ebx; retf 0_2_00424CDD
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00436438 push edi; retf 0_2_004364AE
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00435DE1 push 8F76B6C4h; iretd 0_2_00435DE6
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00434616 push ebp; ret 0_2_00434631
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00434623 push ebp; ret 0_2_00434631
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_00438E31 push FFFFFFF1h; ret 0_2_00438E3C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0043E6A0 pushfd ; ret 0_2_0043E6C7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0043EF53 push edi; retf 0_2_0043EF5F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0042CFAF push esp; retf 0_2_0042CFB0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0120225F pushad ; ret 0_2_012027F9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012027FA pushad ; ret 0_2_012027F9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012309AD push ecx; mov dword ptr [esp], ecx0_2_012309B6
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0120283D push eax; iretd 0_2_01202858
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0120135E push eax; iretd 0_2_01201369
      Source: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeStatic PE information: section name: .text entropy: 7.995097609998807
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0127096E rdtsc 0_2_0127096E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeAPI coverage: 0.3 %
      Source: Amcache.hve.2.drBinary or memory string: VMware
      Source: Amcache.hve.2.drBinary or memory string: VMware Virtual USB Mouse
      Source: Amcache.hve.2.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.2.drBinary or memory string: VMware, Inc.
      Source: Amcache.hve.2.drBinary or memory string: VMware20,1hbin@
      Source: Amcache.hve.2.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.2.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.2.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.2.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.2.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.2.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.2.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.2.drBinary or memory string: vmci.sys
      Source: Amcache.hve.2.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
      Source: Amcache.hve.2.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.2.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Amcache.hve.2.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.2.drBinary or memory string: VMware20,1
      Source: Amcache.hve.2.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.2.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.2.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.2.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.2.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.2.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.2.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.2.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.2.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.2.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: Amcache.hve.2.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0127096E rdtsc 0_2_0127096E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01272DF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01260124 mov eax, dword ptr fs:[00000030h]0_2_01260124
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov eax, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov ecx, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov eax, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov eax, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov ecx, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov eax, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov eax, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov ecx, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov eax, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE10E mov ecx, dword ptr fs:[00000030h]0_2_012DE10E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DA118 mov ecx, dword ptr fs:[00000030h]0_2_012DA118
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DA118 mov eax, dword ptr fs:[00000030h]0_2_012DA118
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DA118 mov eax, dword ptr fs:[00000030h]0_2_012DA118
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DA118 mov eax, dword ptr fs:[00000030h]0_2_012DA118
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F0115 mov eax, dword ptr fs:[00000030h]0_2_012F0115
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304164 mov eax, dword ptr fs:[00000030h]0_2_01304164
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304164 mov eax, dword ptr fs:[00000030h]0_2_01304164
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C4144 mov eax, dword ptr fs:[00000030h]0_2_012C4144
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C4144 mov eax, dword ptr fs:[00000030h]0_2_012C4144
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C4144 mov ecx, dword ptr fs:[00000030h]0_2_012C4144
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C4144 mov eax, dword ptr fs:[00000030h]0_2_012C4144
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C4144 mov eax, dword ptr fs:[00000030h]0_2_012C4144
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122C156 mov eax, dword ptr fs:[00000030h]0_2_0122C156
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C8158 mov eax, dword ptr fs:[00000030h]0_2_012C8158
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236154 mov eax, dword ptr fs:[00000030h]0_2_01236154
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236154 mov eax, dword ptr fs:[00000030h]0_2_01236154
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01270185 mov eax, dword ptr fs:[00000030h]0_2_01270185
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EC188 mov eax, dword ptr fs:[00000030h]0_2_012EC188
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EC188 mov eax, dword ptr fs:[00000030h]0_2_012EC188
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D4180 mov eax, dword ptr fs:[00000030h]0_2_012D4180
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D4180 mov eax, dword ptr fs:[00000030h]0_2_012D4180
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B019F mov eax, dword ptr fs:[00000030h]0_2_012B019F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B019F mov eax, dword ptr fs:[00000030h]0_2_012B019F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B019F mov eax, dword ptr fs:[00000030h]0_2_012B019F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B019F mov eax, dword ptr fs:[00000030h]0_2_012B019F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122A197 mov eax, dword ptr fs:[00000030h]0_2_0122A197
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122A197 mov eax, dword ptr fs:[00000030h]0_2_0122A197
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122A197 mov eax, dword ptr fs:[00000030h]0_2_0122A197
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_013061E5 mov eax, dword ptr fs:[00000030h]0_2_013061E5
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012601F8 mov eax, dword ptr fs:[00000030h]0_2_012601F8
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F61C3 mov eax, dword ptr fs:[00000030h]0_2_012F61C3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F61C3 mov eax, dword ptr fs:[00000030h]0_2_012F61C3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE1D0 mov eax, dword ptr fs:[00000030h]0_2_012AE1D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE1D0 mov eax, dword ptr fs:[00000030h]0_2_012AE1D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE1D0 mov ecx, dword ptr fs:[00000030h]0_2_012AE1D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE1D0 mov eax, dword ptr fs:[00000030h]0_2_012AE1D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE1D0 mov eax, dword ptr fs:[00000030h]0_2_012AE1D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122A020 mov eax, dword ptr fs:[00000030h]0_2_0122A020
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122C020 mov eax, dword ptr fs:[00000030h]0_2_0122C020
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C6030 mov eax, dword ptr fs:[00000030h]0_2_012C6030
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B4000 mov ecx, dword ptr fs:[00000030h]0_2_012B4000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D2000 mov eax, dword ptr fs:[00000030h]0_2_012D2000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D2000 mov eax, dword ptr fs:[00000030h]0_2_012D2000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D2000 mov eax, dword ptr fs:[00000030h]0_2_012D2000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D2000 mov eax, dword ptr fs:[00000030h]0_2_012D2000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D2000 mov eax, dword ptr fs:[00000030h]0_2_012D2000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D2000 mov eax, dword ptr fs:[00000030h]0_2_012D2000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D2000 mov eax, dword ptr fs:[00000030h]0_2_012D2000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D2000 mov eax, dword ptr fs:[00000030h]0_2_012D2000
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124E016 mov eax, dword ptr fs:[00000030h]0_2_0124E016
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124E016 mov eax, dword ptr fs:[00000030h]0_2_0124E016
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124E016 mov eax, dword ptr fs:[00000030h]0_2_0124E016
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124E016 mov eax, dword ptr fs:[00000030h]0_2_0124E016
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125C073 mov eax, dword ptr fs:[00000030h]0_2_0125C073
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01232050 mov eax, dword ptr fs:[00000030h]0_2_01232050
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B6050 mov eax, dword ptr fs:[00000030h]0_2_012B6050
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012280A0 mov eax, dword ptr fs:[00000030h]0_2_012280A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C80A8 mov eax, dword ptr fs:[00000030h]0_2_012C80A8
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F60B8 mov eax, dword ptr fs:[00000030h]0_2_012F60B8
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F60B8 mov ecx, dword ptr fs:[00000030h]0_2_012F60B8
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123208A mov eax, dword ptr fs:[00000030h]0_2_0123208A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122A0E3 mov ecx, dword ptr fs:[00000030h]0_2_0122A0E3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012380E9 mov eax, dword ptr fs:[00000030h]0_2_012380E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B60E0 mov eax, dword ptr fs:[00000030h]0_2_012B60E0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122C0F0 mov eax, dword ptr fs:[00000030h]0_2_0122C0F0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012720F0 mov ecx, dword ptr fs:[00000030h]0_2_012720F0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B20DE mov eax, dword ptr fs:[00000030h]0_2_012B20DE
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01308324 mov eax, dword ptr fs:[00000030h]0_2_01308324
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01308324 mov ecx, dword ptr fs:[00000030h]0_2_01308324
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01308324 mov eax, dword ptr fs:[00000030h]0_2_01308324
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01308324 mov eax, dword ptr fs:[00000030h]0_2_01308324
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A30B mov eax, dword ptr fs:[00000030h]0_2_0126A30B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A30B mov eax, dword ptr fs:[00000030h]0_2_0126A30B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A30B mov eax, dword ptr fs:[00000030h]0_2_0126A30B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122C310 mov ecx, dword ptr fs:[00000030h]0_2_0122C310
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01250310 mov ecx, dword ptr fs:[00000030h]0_2_01250310
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D437C mov eax, dword ptr fs:[00000030h]0_2_012D437C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B2349 mov eax, dword ptr fs:[00000030h]0_2_012B2349
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B035C mov eax, dword ptr fs:[00000030h]0_2_012B035C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B035C mov eax, dword ptr fs:[00000030h]0_2_012B035C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B035C mov eax, dword ptr fs:[00000030h]0_2_012B035C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B035C mov ecx, dword ptr fs:[00000030h]0_2_012B035C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B035C mov eax, dword ptr fs:[00000030h]0_2_012B035C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B035C mov eax, dword ptr fs:[00000030h]0_2_012B035C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FA352 mov eax, dword ptr fs:[00000030h]0_2_012FA352
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D8350 mov ecx, dword ptr fs:[00000030h]0_2_012D8350
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0130634F mov eax, dword ptr fs:[00000030h]0_2_0130634F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122E388 mov eax, dword ptr fs:[00000030h]0_2_0122E388
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122E388 mov eax, dword ptr fs:[00000030h]0_2_0122E388
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122E388 mov eax, dword ptr fs:[00000030h]0_2_0122E388
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125438F mov eax, dword ptr fs:[00000030h]0_2_0125438F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125438F mov eax, dword ptr fs:[00000030h]0_2_0125438F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01228397 mov eax, dword ptr fs:[00000030h]0_2_01228397
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01228397 mov eax, dword ptr fs:[00000030h]0_2_01228397
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01228397 mov eax, dword ptr fs:[00000030h]0_2_01228397
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012403E9 mov eax, dword ptr fs:[00000030h]0_2_012403E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012403E9 mov eax, dword ptr fs:[00000030h]0_2_012403E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012403E9 mov eax, dword ptr fs:[00000030h]0_2_012403E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012403E9 mov eax, dword ptr fs:[00000030h]0_2_012403E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012403E9 mov eax, dword ptr fs:[00000030h]0_2_012403E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012403E9 mov eax, dword ptr fs:[00000030h]0_2_012403E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012403E9 mov eax, dword ptr fs:[00000030h]0_2_012403E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012403E9 mov eax, dword ptr fs:[00000030h]0_2_012403E9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124E3F0 mov eax, dword ptr fs:[00000030h]0_2_0124E3F0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124E3F0 mov eax, dword ptr fs:[00000030h]0_2_0124E3F0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124E3F0 mov eax, dword ptr fs:[00000030h]0_2_0124E3F0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012663FF mov eax, dword ptr fs:[00000030h]0_2_012663FF
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EC3CD mov eax, dword ptr fs:[00000030h]0_2_012EC3CD
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A3C0 mov eax, dword ptr fs:[00000030h]0_2_0123A3C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A3C0 mov eax, dword ptr fs:[00000030h]0_2_0123A3C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A3C0 mov eax, dword ptr fs:[00000030h]0_2_0123A3C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A3C0 mov eax, dword ptr fs:[00000030h]0_2_0123A3C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A3C0 mov eax, dword ptr fs:[00000030h]0_2_0123A3C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A3C0 mov eax, dword ptr fs:[00000030h]0_2_0123A3C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012383C0 mov eax, dword ptr fs:[00000030h]0_2_012383C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012383C0 mov eax, dword ptr fs:[00000030h]0_2_012383C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012383C0 mov eax, dword ptr fs:[00000030h]0_2_012383C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012383C0 mov eax, dword ptr fs:[00000030h]0_2_012383C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B63C0 mov eax, dword ptr fs:[00000030h]0_2_012B63C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE3DB mov eax, dword ptr fs:[00000030h]0_2_012DE3DB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE3DB mov eax, dword ptr fs:[00000030h]0_2_012DE3DB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE3DB mov ecx, dword ptr fs:[00000030h]0_2_012DE3DB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DE3DB mov eax, dword ptr fs:[00000030h]0_2_012DE3DB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D43D4 mov eax, dword ptr fs:[00000030h]0_2_012D43D4
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D43D4 mov eax, dword ptr fs:[00000030h]0_2_012D43D4
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122823B mov eax, dword ptr fs:[00000030h]0_2_0122823B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01234260 mov eax, dword ptr fs:[00000030h]0_2_01234260
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01234260 mov eax, dword ptr fs:[00000030h]0_2_01234260
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01234260 mov eax, dword ptr fs:[00000030h]0_2_01234260
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122826B mov eax, dword ptr fs:[00000030h]0_2_0122826B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E0274 mov eax, dword ptr fs:[00000030h]0_2_012E0274
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B8243 mov eax, dword ptr fs:[00000030h]0_2_012B8243
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B8243 mov ecx, dword ptr fs:[00000030h]0_2_012B8243
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0130625D mov eax, dword ptr fs:[00000030h]0_2_0130625D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122A250 mov eax, dword ptr fs:[00000030h]0_2_0122A250
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236259 mov eax, dword ptr fs:[00000030h]0_2_01236259
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EA250 mov eax, dword ptr fs:[00000030h]0_2_012EA250
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EA250 mov eax, dword ptr fs:[00000030h]0_2_012EA250
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012402A0 mov eax, dword ptr fs:[00000030h]0_2_012402A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012402A0 mov eax, dword ptr fs:[00000030h]0_2_012402A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C62A0 mov eax, dword ptr fs:[00000030h]0_2_012C62A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C62A0 mov ecx, dword ptr fs:[00000030h]0_2_012C62A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C62A0 mov eax, dword ptr fs:[00000030h]0_2_012C62A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C62A0 mov eax, dword ptr fs:[00000030h]0_2_012C62A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C62A0 mov eax, dword ptr fs:[00000030h]0_2_012C62A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C62A0 mov eax, dword ptr fs:[00000030h]0_2_012C62A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E284 mov eax, dword ptr fs:[00000030h]0_2_0126E284
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E284 mov eax, dword ptr fs:[00000030h]0_2_0126E284
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B0283 mov eax, dword ptr fs:[00000030h]0_2_012B0283
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B0283 mov eax, dword ptr fs:[00000030h]0_2_012B0283
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B0283 mov eax, dword ptr fs:[00000030h]0_2_012B0283
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012402E1 mov eax, dword ptr fs:[00000030h]0_2_012402E1
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012402E1 mov eax, dword ptr fs:[00000030h]0_2_012402E1
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012402E1 mov eax, dword ptr fs:[00000030h]0_2_012402E1
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A2C3 mov eax, dword ptr fs:[00000030h]0_2_0123A2C3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A2C3 mov eax, dword ptr fs:[00000030h]0_2_0123A2C3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A2C3 mov eax, dword ptr fs:[00000030h]0_2_0123A2C3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A2C3 mov eax, dword ptr fs:[00000030h]0_2_0123A2C3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A2C3 mov eax, dword ptr fs:[00000030h]0_2_0123A2C3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_013062D6 mov eax, dword ptr fs:[00000030h]0_2_013062D6
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240535 mov eax, dword ptr fs:[00000030h]0_2_01240535
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240535 mov eax, dword ptr fs:[00000030h]0_2_01240535
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240535 mov eax, dword ptr fs:[00000030h]0_2_01240535
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240535 mov eax, dword ptr fs:[00000030h]0_2_01240535
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240535 mov eax, dword ptr fs:[00000030h]0_2_01240535
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240535 mov eax, dword ptr fs:[00000030h]0_2_01240535
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E53E mov eax, dword ptr fs:[00000030h]0_2_0125E53E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E53E mov eax, dword ptr fs:[00000030h]0_2_0125E53E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E53E mov eax, dword ptr fs:[00000030h]0_2_0125E53E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E53E mov eax, dword ptr fs:[00000030h]0_2_0125E53E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E53E mov eax, dword ptr fs:[00000030h]0_2_0125E53E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C6500 mov eax, dword ptr fs:[00000030h]0_2_012C6500
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304500 mov eax, dword ptr fs:[00000030h]0_2_01304500
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304500 mov eax, dword ptr fs:[00000030h]0_2_01304500
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304500 mov eax, dword ptr fs:[00000030h]0_2_01304500
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304500 mov eax, dword ptr fs:[00000030h]0_2_01304500
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304500 mov eax, dword ptr fs:[00000030h]0_2_01304500
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304500 mov eax, dword ptr fs:[00000030h]0_2_01304500
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304500 mov eax, dword ptr fs:[00000030h]0_2_01304500
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126656A mov eax, dword ptr fs:[00000030h]0_2_0126656A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126656A mov eax, dword ptr fs:[00000030h]0_2_0126656A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126656A mov eax, dword ptr fs:[00000030h]0_2_0126656A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01238550 mov eax, dword ptr fs:[00000030h]0_2_01238550
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01238550 mov eax, dword ptr fs:[00000030h]0_2_01238550
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B05A7 mov eax, dword ptr fs:[00000030h]0_2_012B05A7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B05A7 mov eax, dword ptr fs:[00000030h]0_2_012B05A7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B05A7 mov eax, dword ptr fs:[00000030h]0_2_012B05A7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012545B1 mov eax, dword ptr fs:[00000030h]0_2_012545B1
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012545B1 mov eax, dword ptr fs:[00000030h]0_2_012545B1
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01232582 mov eax, dword ptr fs:[00000030h]0_2_01232582
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01232582 mov ecx, dword ptr fs:[00000030h]0_2_01232582
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01264588 mov eax, dword ptr fs:[00000030h]0_2_01264588
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E59C mov eax, dword ptr fs:[00000030h]0_2_0126E59C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E5E7 mov eax, dword ptr fs:[00000030h]0_2_0125E5E7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E5E7 mov eax, dword ptr fs:[00000030h]0_2_0125E5E7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E5E7 mov eax, dword ptr fs:[00000030h]0_2_0125E5E7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E5E7 mov eax, dword ptr fs:[00000030h]0_2_0125E5E7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E5E7 mov eax, dword ptr fs:[00000030h]0_2_0125E5E7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E5E7 mov eax, dword ptr fs:[00000030h]0_2_0125E5E7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E5E7 mov eax, dword ptr fs:[00000030h]0_2_0125E5E7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E5E7 mov eax, dword ptr fs:[00000030h]0_2_0125E5E7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012325E0 mov eax, dword ptr fs:[00000030h]0_2_012325E0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126C5ED mov eax, dword ptr fs:[00000030h]0_2_0126C5ED
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126C5ED mov eax, dword ptr fs:[00000030h]0_2_0126C5ED
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E5CF mov eax, dword ptr fs:[00000030h]0_2_0126E5CF
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E5CF mov eax, dword ptr fs:[00000030h]0_2_0126E5CF
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012365D0 mov eax, dword ptr fs:[00000030h]0_2_012365D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A5D0 mov eax, dword ptr fs:[00000030h]0_2_0126A5D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A5D0 mov eax, dword ptr fs:[00000030h]0_2_0126A5D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122E420 mov eax, dword ptr fs:[00000030h]0_2_0122E420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122E420 mov eax, dword ptr fs:[00000030h]0_2_0122E420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122E420 mov eax, dword ptr fs:[00000030h]0_2_0122E420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122C427 mov eax, dword ptr fs:[00000030h]0_2_0122C427
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B6420 mov eax, dword ptr fs:[00000030h]0_2_012B6420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B6420 mov eax, dword ptr fs:[00000030h]0_2_012B6420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B6420 mov eax, dword ptr fs:[00000030h]0_2_012B6420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B6420 mov eax, dword ptr fs:[00000030h]0_2_012B6420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B6420 mov eax, dword ptr fs:[00000030h]0_2_012B6420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B6420 mov eax, dword ptr fs:[00000030h]0_2_012B6420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B6420 mov eax, dword ptr fs:[00000030h]0_2_012B6420
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A430 mov eax, dword ptr fs:[00000030h]0_2_0126A430
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01268402 mov eax, dword ptr fs:[00000030h]0_2_01268402
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01268402 mov eax, dword ptr fs:[00000030h]0_2_01268402
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01268402 mov eax, dword ptr fs:[00000030h]0_2_01268402
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BC460 mov ecx, dword ptr fs:[00000030h]0_2_012BC460
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125A470 mov eax, dword ptr fs:[00000030h]0_2_0125A470
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125A470 mov eax, dword ptr fs:[00000030h]0_2_0125A470
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125A470 mov eax, dword ptr fs:[00000030h]0_2_0125A470
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E443 mov eax, dword ptr fs:[00000030h]0_2_0126E443
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E443 mov eax, dword ptr fs:[00000030h]0_2_0126E443
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E443 mov eax, dword ptr fs:[00000030h]0_2_0126E443
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E443 mov eax, dword ptr fs:[00000030h]0_2_0126E443
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E443 mov eax, dword ptr fs:[00000030h]0_2_0126E443
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E443 mov eax, dword ptr fs:[00000030h]0_2_0126E443
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E443 mov eax, dword ptr fs:[00000030h]0_2_0126E443
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126E443 mov eax, dword ptr fs:[00000030h]0_2_0126E443
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EA456 mov eax, dword ptr fs:[00000030h]0_2_012EA456
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122645D mov eax, dword ptr fs:[00000030h]0_2_0122645D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125245A mov eax, dword ptr fs:[00000030h]0_2_0125245A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012364AB mov eax, dword ptr fs:[00000030h]0_2_012364AB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012644B0 mov ecx, dword ptr fs:[00000030h]0_2_012644B0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BA4B0 mov eax, dword ptr fs:[00000030h]0_2_012BA4B0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012EA49A mov eax, dword ptr fs:[00000030h]0_2_012EA49A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012304E5 mov ecx, dword ptr fs:[00000030h]0_2_012304E5
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126C720 mov eax, dword ptr fs:[00000030h]0_2_0126C720
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126C720 mov eax, dword ptr fs:[00000030h]0_2_0126C720
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126273C mov eax, dword ptr fs:[00000030h]0_2_0126273C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126273C mov ecx, dword ptr fs:[00000030h]0_2_0126273C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126273C mov eax, dword ptr fs:[00000030h]0_2_0126273C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AC730 mov eax, dword ptr fs:[00000030h]0_2_012AC730
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126C700 mov eax, dword ptr fs:[00000030h]0_2_0126C700
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01230710 mov eax, dword ptr fs:[00000030h]0_2_01230710
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01260710 mov eax, dword ptr fs:[00000030h]0_2_01260710
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01238770 mov eax, dword ptr fs:[00000030h]0_2_01238770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240770 mov eax, dword ptr fs:[00000030h]0_2_01240770
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126674D mov esi, dword ptr fs:[00000030h]0_2_0126674D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126674D mov eax, dword ptr fs:[00000030h]0_2_0126674D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126674D mov eax, dword ptr fs:[00000030h]0_2_0126674D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01230750 mov eax, dword ptr fs:[00000030h]0_2_01230750
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BE75D mov eax, dword ptr fs:[00000030h]0_2_012BE75D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272750 mov eax, dword ptr fs:[00000030h]0_2_01272750
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272750 mov eax, dword ptr fs:[00000030h]0_2_01272750
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B4755 mov eax, dword ptr fs:[00000030h]0_2_012B4755
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012307AF mov eax, dword ptr fs:[00000030h]0_2_012307AF
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E47A0 mov eax, dword ptr fs:[00000030h]0_2_012E47A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D678E mov eax, dword ptr fs:[00000030h]0_2_012D678E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012527ED mov eax, dword ptr fs:[00000030h]0_2_012527ED
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012527ED mov eax, dword ptr fs:[00000030h]0_2_012527ED
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012527ED mov eax, dword ptr fs:[00000030h]0_2_012527ED
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BE7E1 mov eax, dword ptr fs:[00000030h]0_2_012BE7E1
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012347FB mov eax, dword ptr fs:[00000030h]0_2_012347FB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012347FB mov eax, dword ptr fs:[00000030h]0_2_012347FB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123C7C0 mov eax, dword ptr fs:[00000030h]0_2_0123C7C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B07C3 mov eax, dword ptr fs:[00000030h]0_2_012B07C3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124E627 mov eax, dword ptr fs:[00000030h]0_2_0124E627
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01266620 mov eax, dword ptr fs:[00000030h]0_2_01266620
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01268620 mov eax, dword ptr fs:[00000030h]0_2_01268620
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123262C mov eax, dword ptr fs:[00000030h]0_2_0123262C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE609 mov eax, dword ptr fs:[00000030h]0_2_012AE609
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124260B mov eax, dword ptr fs:[00000030h]0_2_0124260B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124260B mov eax, dword ptr fs:[00000030h]0_2_0124260B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124260B mov eax, dword ptr fs:[00000030h]0_2_0124260B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124260B mov eax, dword ptr fs:[00000030h]0_2_0124260B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124260B mov eax, dword ptr fs:[00000030h]0_2_0124260B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124260B mov eax, dword ptr fs:[00000030h]0_2_0124260B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124260B mov eax, dword ptr fs:[00000030h]0_2_0124260B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01272619 mov eax, dword ptr fs:[00000030h]0_2_01272619
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F866E mov eax, dword ptr fs:[00000030h]0_2_012F866E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F866E mov eax, dword ptr fs:[00000030h]0_2_012F866E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A660 mov eax, dword ptr fs:[00000030h]0_2_0126A660
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A660 mov eax, dword ptr fs:[00000030h]0_2_0126A660
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01262674 mov eax, dword ptr fs:[00000030h]0_2_01262674
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0124C640 mov eax, dword ptr fs:[00000030h]0_2_0124C640
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126C6A6 mov eax, dword ptr fs:[00000030h]0_2_0126C6A6
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012666B0 mov eax, dword ptr fs:[00000030h]0_2_012666B0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01234690 mov eax, dword ptr fs:[00000030h]0_2_01234690
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01234690 mov eax, dword ptr fs:[00000030h]0_2_01234690
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE6F2 mov eax, dword ptr fs:[00000030h]0_2_012AE6F2
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE6F2 mov eax, dword ptr fs:[00000030h]0_2_012AE6F2
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE6F2 mov eax, dword ptr fs:[00000030h]0_2_012AE6F2
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE6F2 mov eax, dword ptr fs:[00000030h]0_2_012AE6F2
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B06F1 mov eax, dword ptr fs:[00000030h]0_2_012B06F1
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B06F1 mov eax, dword ptr fs:[00000030h]0_2_012B06F1
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0126A6C7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A6C7 mov eax, dword ptr fs:[00000030h]0_2_0126A6C7
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B892A mov eax, dword ptr fs:[00000030h]0_2_012B892A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C892B mov eax, dword ptr fs:[00000030h]0_2_012C892B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE908 mov eax, dword ptr fs:[00000030h]0_2_012AE908
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AE908 mov eax, dword ptr fs:[00000030h]0_2_012AE908
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BC912 mov eax, dword ptr fs:[00000030h]0_2_012BC912
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01228918 mov eax, dword ptr fs:[00000030h]0_2_01228918
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01228918 mov eax, dword ptr fs:[00000030h]0_2_01228918
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01256962 mov eax, dword ptr fs:[00000030h]0_2_01256962
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01256962 mov eax, dword ptr fs:[00000030h]0_2_01256962
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01256962 mov eax, dword ptr fs:[00000030h]0_2_01256962
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0127096E mov eax, dword ptr fs:[00000030h]0_2_0127096E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0127096E mov edx, dword ptr fs:[00000030h]0_2_0127096E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0127096E mov eax, dword ptr fs:[00000030h]0_2_0127096E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D4978 mov eax, dword ptr fs:[00000030h]0_2_012D4978
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D4978 mov eax, dword ptr fs:[00000030h]0_2_012D4978
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BC97C mov eax, dword ptr fs:[00000030h]0_2_012BC97C
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B0946 mov eax, dword ptr fs:[00000030h]0_2_012B0946
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304940 mov eax, dword ptr fs:[00000030h]0_2_01304940
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012429A0 mov eax, dword ptr fs:[00000030h]0_2_012429A0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012309AD mov eax, dword ptr fs:[00000030h]0_2_012309AD
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012309AD mov eax, dword ptr fs:[00000030h]0_2_012309AD
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B89B3 mov esi, dword ptr fs:[00000030h]0_2_012B89B3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B89B3 mov eax, dword ptr fs:[00000030h]0_2_012B89B3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012B89B3 mov eax, dword ptr fs:[00000030h]0_2_012B89B3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BE9E0 mov eax, dword ptr fs:[00000030h]0_2_012BE9E0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012629F9 mov eax, dword ptr fs:[00000030h]0_2_012629F9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012629F9 mov eax, dword ptr fs:[00000030h]0_2_012629F9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C69C0 mov eax, dword ptr fs:[00000030h]0_2_012C69C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A9D0 mov eax, dword ptr fs:[00000030h]0_2_0123A9D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A9D0 mov eax, dword ptr fs:[00000030h]0_2_0123A9D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A9D0 mov eax, dword ptr fs:[00000030h]0_2_0123A9D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A9D0 mov eax, dword ptr fs:[00000030h]0_2_0123A9D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A9D0 mov eax, dword ptr fs:[00000030h]0_2_0123A9D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123A9D0 mov eax, dword ptr fs:[00000030h]0_2_0123A9D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012649D0 mov eax, dword ptr fs:[00000030h]0_2_012649D0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FA9D3 mov eax, dword ptr fs:[00000030h]0_2_012FA9D3
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01252835 mov eax, dword ptr fs:[00000030h]0_2_01252835
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01252835 mov eax, dword ptr fs:[00000030h]0_2_01252835
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01252835 mov eax, dword ptr fs:[00000030h]0_2_01252835
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01252835 mov ecx, dword ptr fs:[00000030h]0_2_01252835
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01252835 mov eax, dword ptr fs:[00000030h]0_2_01252835
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01252835 mov eax, dword ptr fs:[00000030h]0_2_01252835
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126A830 mov eax, dword ptr fs:[00000030h]0_2_0126A830
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D483A mov eax, dword ptr fs:[00000030h]0_2_012D483A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D483A mov eax, dword ptr fs:[00000030h]0_2_012D483A
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BC810 mov eax, dword ptr fs:[00000030h]0_2_012BC810
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BE872 mov eax, dword ptr fs:[00000030h]0_2_012BE872
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BE872 mov eax, dword ptr fs:[00000030h]0_2_012BE872
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C6870 mov eax, dword ptr fs:[00000030h]0_2_012C6870
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C6870 mov eax, dword ptr fs:[00000030h]0_2_012C6870
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01242840 mov ecx, dword ptr fs:[00000030h]0_2_01242840
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01260854 mov eax, dword ptr fs:[00000030h]0_2_01260854
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01234859 mov eax, dword ptr fs:[00000030h]0_2_01234859
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01234859 mov eax, dword ptr fs:[00000030h]0_2_01234859
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01230887 mov eax, dword ptr fs:[00000030h]0_2_01230887
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BC89D mov eax, dword ptr fs:[00000030h]0_2_012BC89D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FA8E4 mov eax, dword ptr fs:[00000030h]0_2_012FA8E4
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126C8F9 mov eax, dword ptr fs:[00000030h]0_2_0126C8F9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126C8F9 mov eax, dword ptr fs:[00000030h]0_2_0126C8F9
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125E8C0 mov eax, dword ptr fs:[00000030h]0_2_0125E8C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_013008C0 mov eax, dword ptr fs:[00000030h]0_2_013008C0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125EB20 mov eax, dword ptr fs:[00000030h]0_2_0125EB20
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125EB20 mov eax, dword ptr fs:[00000030h]0_2_0125EB20
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F8B28 mov eax, dword ptr fs:[00000030h]0_2_012F8B28
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012F8B28 mov eax, dword ptr fs:[00000030h]0_2_012F8B28
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01304B00 mov eax, dword ptr fs:[00000030h]0_2_01304B00
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AEB1D mov eax, dword ptr fs:[00000030h]0_2_012AEB1D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AEB1D mov eax, dword ptr fs:[00000030h]0_2_012AEB1D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AEB1D mov eax, dword ptr fs:[00000030h]0_2_012AEB1D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AEB1D mov eax, dword ptr fs:[00000030h]0_2_012AEB1D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AEB1D mov eax, dword ptr fs:[00000030h]0_2_012AEB1D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AEB1D mov eax, dword ptr fs:[00000030h]0_2_012AEB1D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AEB1D mov eax, dword ptr fs:[00000030h]0_2_012AEB1D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AEB1D mov eax, dword ptr fs:[00000030h]0_2_012AEB1D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012AEB1D mov eax, dword ptr fs:[00000030h]0_2_012AEB1D
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0122CB7E mov eax, dword ptr fs:[00000030h]0_2_0122CB7E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E4B4B mov eax, dword ptr fs:[00000030h]0_2_012E4B4B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E4B4B mov eax, dword ptr fs:[00000030h]0_2_012E4B4B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01302B57 mov eax, dword ptr fs:[00000030h]0_2_01302B57
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01302B57 mov eax, dword ptr fs:[00000030h]0_2_01302B57
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01302B57 mov eax, dword ptr fs:[00000030h]0_2_01302B57
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01302B57 mov eax, dword ptr fs:[00000030h]0_2_01302B57
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C6B40 mov eax, dword ptr fs:[00000030h]0_2_012C6B40
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012C6B40 mov eax, dword ptr fs:[00000030h]0_2_012C6B40
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012FAB40 mov eax, dword ptr fs:[00000030h]0_2_012FAB40
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012D8B42 mov eax, dword ptr fs:[00000030h]0_2_012D8B42
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01228B50 mov eax, dword ptr fs:[00000030h]0_2_01228B50
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DEB50 mov eax, dword ptr fs:[00000030h]0_2_012DEB50
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240BBE mov eax, dword ptr fs:[00000030h]0_2_01240BBE
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240BBE mov eax, dword ptr fs:[00000030h]0_2_01240BBE
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E4BB0 mov eax, dword ptr fs:[00000030h]0_2_012E4BB0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012E4BB0 mov eax, dword ptr fs:[00000030h]0_2_012E4BB0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01238BF0 mov eax, dword ptr fs:[00000030h]0_2_01238BF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01238BF0 mov eax, dword ptr fs:[00000030h]0_2_01238BF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01238BF0 mov eax, dword ptr fs:[00000030h]0_2_01238BF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125EBFC mov eax, dword ptr fs:[00000030h]0_2_0125EBFC
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BCBF0 mov eax, dword ptr fs:[00000030h]0_2_012BCBF0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01250BCB mov eax, dword ptr fs:[00000030h]0_2_01250BCB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01250BCB mov eax, dword ptr fs:[00000030h]0_2_01250BCB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01250BCB mov eax, dword ptr fs:[00000030h]0_2_01250BCB
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01230BCD mov eax, dword ptr fs:[00000030h]0_2_01230BCD
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01230BCD mov eax, dword ptr fs:[00000030h]0_2_01230BCD
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01230BCD mov eax, dword ptr fs:[00000030h]0_2_01230BCD
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DEBD0 mov eax, dword ptr fs:[00000030h]0_2_012DEBD0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126CA24 mov eax, dword ptr fs:[00000030h]0_2_0126CA24
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0125EA2E mov eax, dword ptr fs:[00000030h]0_2_0125EA2E
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01254A35 mov eax, dword ptr fs:[00000030h]0_2_01254A35
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01254A35 mov eax, dword ptr fs:[00000030h]0_2_01254A35
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126CA38 mov eax, dword ptr fs:[00000030h]0_2_0126CA38
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012BCA11 mov eax, dword ptr fs:[00000030h]0_2_012BCA11
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126CA6F mov eax, dword ptr fs:[00000030h]0_2_0126CA6F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126CA6F mov eax, dword ptr fs:[00000030h]0_2_0126CA6F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0126CA6F mov eax, dword ptr fs:[00000030h]0_2_0126CA6F
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012DEA60 mov eax, dword ptr fs:[00000030h]0_2_012DEA60
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012ACA72 mov eax, dword ptr fs:[00000030h]0_2_012ACA72
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_012ACA72 mov eax, dword ptr fs:[00000030h]0_2_012ACA72
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236A50 mov eax, dword ptr fs:[00000030h]0_2_01236A50
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236A50 mov eax, dword ptr fs:[00000030h]0_2_01236A50
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236A50 mov eax, dword ptr fs:[00000030h]0_2_01236A50
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236A50 mov eax, dword ptr fs:[00000030h]0_2_01236A50
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236A50 mov eax, dword ptr fs:[00000030h]0_2_01236A50
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236A50 mov eax, dword ptr fs:[00000030h]0_2_01236A50
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01236A50 mov eax, dword ptr fs:[00000030h]0_2_01236A50
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240A5B mov eax, dword ptr fs:[00000030h]0_2_01240A5B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01240A5B mov eax, dword ptr fs:[00000030h]0_2_01240A5B
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01238AA0 mov eax, dword ptr fs:[00000030h]0_2_01238AA0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01238AA0 mov eax, dword ptr fs:[00000030h]0_2_01238AA0
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_01286AA4 mov eax, dword ptr fs:[00000030h]0_2_01286AA4
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123EA80 mov eax, dword ptr fs:[00000030h]0_2_0123EA80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123EA80 mov eax, dword ptr fs:[00000030h]0_2_0123EA80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123EA80 mov eax, dword ptr fs:[00000030h]0_2_0123EA80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123EA80 mov eax, dword ptr fs:[00000030h]0_2_0123EA80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123EA80 mov eax, dword ptr fs:[00000030h]0_2_0123EA80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123EA80 mov eax, dword ptr fs:[00000030h]0_2_0123EA80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123EA80 mov eax, dword ptr fs:[00000030h]0_2_0123EA80
      Source: C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exeCode function: 0_2_0123EA80 mov eax, dword ptr fs:[00000030h]0_2_0123EA80
      Source: Amcache.hve.2.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.2.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.2.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.2.drBinary or memory string: MsMpEng.exe

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0.2.173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe.420000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0.2.173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe.420000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		1
      Process Injection      		1
      Virtualization/Sandbox Evasion      		OS Credential Dumping31
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		2
      Software Packing      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      Process Injection      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS1
      System Information Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
      Obfuscated Files or Information      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe63%ReversingLabsWin32.Backdoor.FormBook
      173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe100%AviraTR/Crypt.ZPACK.Gen
      173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      bg.microsoft.map.fastly.net
      		199.232.210.172
      		truefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://upx.sf.netAmcache.hve.2.drfalse
          		high

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1566420
          Start date and time:2024-12-02 07:42:17 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 5m 50s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Run name:Run with higher sleep bypass
          Number of analysed new started processes analysed:7
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe
          Detection:MAL
          Classification:mal80.troj.winEXE@2/5@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 89%
          • Number of executed functions: 6
          • Number of non-executed functions: 333
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
          • Excluded IPs from analysis (whitelisted): 20.189.173.20
          • Excluded domains from analysis (whitelisted): login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing disassembly code.
          • VT rate limit hit for: 173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          bg.microsoft.map.fastly.netUolJwovI8c.exeGet hashmaliciousUnknownBrowse
          • 199.232.214.172
          file.exeGet hashmaliciousLummaC StealerBrowse
          • 199.232.210.172
          file.exeGet hashmaliciousCredential FlusherBrowse
          • 199.232.210.172
          9jCa1zq5XE.exeGet hashmaliciousAsyncRATBrowse
          • 199.232.214.172
          invoice-6483728493.pdf .jsGet hashmaliciousRHADAMANTHYSBrowse
          • 199.232.214.172
          invoice-6483728493.pdfGet hashmaliciousUnknownBrowse
          • 199.232.210.172
          file.exeGet hashmaliciousCredential FlusherBrowse
          • 199.232.210.172
          file.exeGet hashmaliciousRedLineBrowse
          • 199.232.214.172
          nhbjsekfkjtyhja.exeGet hashmaliciousRHADAMANTHYSBrowse
          • 199.232.214.172
          Setup.exeGet hashmaliciousLummaC StealerBrowse
          • 199.232.214.172

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_173312131497fead_ba69a7d52a93115f57a898d95d4ca7ea684882b7_6fe5e960_7c9ad5f7-fc3d-4a77-a2e1-790be261bdde\Report.wer

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.7189687450802432
          Encrypted:false
          SSDEEP:192:DQdoJcGRKh0BU/6+MjEzuiFKZ24IO8eZI1:UdorRZBU/AjEzuiFKY4IO831
          MD5:17B5420FC77917756AC07F8AEC486A2E
          SHA1:2DBF1C4887A9F0FE029A0DC90C0E7EADE8CEE804
          SHA-256:AFE0854F911EC0A3EBFCDD0804EE5F01E69CAFE3F857D5594383517FE4B2E398
          SHA-512:7700644BB8970B2A92E336076A70DAA195FE34EB76DCDF4E1477917A1E8BD88063D7BC1F12BF5B4FC527401EF8B196224BD6D4F54507495CACCDB07424027A69
          Malicious:false
          Reputation:low
          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.5.9.5.3.8.9.4.0.2.3.2.6.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.5.9.5.3.8.9.9.3.3.5.7.6.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.c.9.a.d.5.f.7.-.f.c.3.d.-.4.a.7.7.-.a.2.e.1.-.7.9.0.b.e.2.6.1.b.d.d.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.7.c.c.c.e.4.a.-.d.1.9.d.-.4.a.d.2.-.b.a.9.0.-.4.c.3.e.9.0.9.2.4.9.4.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.7.3.3.1.2.1.3.1.4.9.7.f.e.a.d.2.e.b.d.f.f.b.a.4.8.e.6.3.9.d.8.8.6.a.f.9.8.a.7.e.2.8.6.1.3.c.1.9.9.9.2.0.8.e.8.d.7.a.7.1.9.e.b.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.9.8.-.0.0.0.1.-.0.0.1.4.-.0.3.9.9.-.9.d.7.2.8.5.4.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.7.d.f.5.c.d.9.6.3.c.4.2.4.9.e.0.4.0.e.8.7.7.9.e.8.0.0.b.1.5.f.0.0.0.0.f.f.f.f.!.0.0.0.0.6.8.3.4.0.7.b.d.e.f.a.f.b.4.f.d.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WERABDD.tmp.dmp

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Mini DuMP crash report, 14 streams, Mon Dec 2 06:43:09 2024, 0x1205a4 type
          Category:dropped
          Size (bytes):25650
          Entropy (8bit):1.7485608285321261
          Encrypted:false
          SSDEEP:96:5I8nea5w6FzRTmzMkci7nYVj8gZughEK8ljAEtCQ6mPyESZWIEWIKc7RIxid0rsT:RnZ5hiztcOc8gZpEK8O5mqEoc2iuE
          MD5:59A805393527037F84D7A62D2C099886
          SHA1:D96552E99F95F4A75B604F19A970980B0D83C417
          SHA-256:35FC62F658F3B826ABEFFAC79DAFE4267EE1B60390EF57ABD73526C06382BEB3
          SHA-512:E14C111101DFF30283FEDA17D401E1247C5499DC45ABBAF5FBCB7AC2A7C2AB4CDA85D19219D2466332371A08C12D9A3C672C1F2D252EF081AEDC3EF5AAFBB96C
          Malicious:false
          Reputation:low
          Preview:MDMP..a..... ........VMg............4...............<.......d...<...........T.......8...........T...........p....Z......................................................................................................eJ......L.......GenuineIntel............T............VMg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAC1D.tmp.WERInternalMetadata.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):8660
          Entropy (8bit):3.703627645175796
          Encrypted:false
          SSDEEP:192:R6l7wVeJRrF6Uv6Y9jSU9q2gmfMhgpra89b3VsfbW9m:R6lXJv6c6Y5SU9q2gmf223ufbd
          MD5:7AE068A16C5008B307D7FEE402759527
          SHA1:54AE70EAFE2AAEA8DB1954E809EADAB896FCCDA0
          SHA-256:2F436287441D3D221EBFE1288BBD938193153F89BE688A6EBFC1E91D212B3429
          SHA-512:98A4D13E7D458B008BA14FBE6019E219F6497BBE4D8378AED48FE416917C80CF54837DC93A4A1E5BA6CB9A23146DD400A7FD0B3912019383D796245006DD00E8
          Malicious:false
          Reputation:low
          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.2.0.<./.P.i.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAC7C.tmp.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4987
          Entropy (8bit):4.58386495517185
          Encrypted:false
          SSDEEP:48:cvIwWl8zsZWNJg77aI9dKWpW8VYEYm8M4JVZgF7I+q8i8tVrErd:uIjfsI7Hr7VkJV3EtFErd
          MD5:772CC67459E6F66AE02BA28D38B158FD
          SHA1:5D80937C2DBCA6BE5D85543BF5AC22F1C96E14FD
          SHA-256:A6F1B60208ACC6D26D7E65D4C166AA130C5FD52A4AFFEEA5E0E7374C4E60F32A
          SHA-512:DEF0BA4246A7B5DDCFD1A9E407C1FEE4C61669BBB490B32A02C152528D462DAB2B9C879A67259665AFFC3B80D4E7AFD02A656FE56ADCA0A0C66716ED25048664
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="613305" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

          C:\Windows\appcompat\Programs\Amcache.hve

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):1835008
          Entropy (8bit):4.465960856916521
          Encrypted:false
          SSDEEP:6144:4IXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN9dwBCswSbp:tXD94+WlLZMM6YFHv+p
          MD5:0528C571B802CDB5DD80AAFD5C947620
          SHA1:915DA467893D46CD4DD7A20A8266C3B73840F51F
          SHA-256:A93D99533060D7628A5BE5AE4B473DE29A33F03E57E26A0A03FB2F94B79D55CA
          SHA-512:B847162324C6CF09FE21641F6B80F157160DC51FC741DFD43F36DAF1D2EF3D98B1E1846DB2E38087FDBD70CFEC178943FB6B96C2BAC565A342F61C62E77114E5
          Malicious:false
          Reputation:low
          Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..Os.D...............................................................................................................................................................................................................................................................................................................................................xXG........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):7.964604796482419
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.98%
          • DOS Executable Generic (2002/1) 0.02%
          File name:173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe
          File size:287'744 bytes
          MD5:031d9c09391de9e9530f989651b1a078
          SHA1:683407bdefafb4fdaffe8e8d176806467e3c094f
          SHA256:d3dd75c3a7d6e7107f34aee8090dfe4270b556b03331308c3aab5307a99c7c30
          SHA512:2950fcbed9059cff74204ff401babcb15cdae1d7a1fcf9fefe2295f959a62bdfa25b97fb5d68ffdbf39967a79994559ed0701986e38d12471e270833402d75ea
          SSDEEP:6144:ZzQUutyfjCvQ03idv0yV8ZU0PRQstn51KIM5TdVY+QMUTs5:9RfjCvF3yUX7ITzY+tUg
          TLSH:9654233D579E0A63C10B1F73950BA853682C5D2F2EC8C0B1AD7C7625E52669AA3307BC
          File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......Y.................R..........`........p....@................

          File Icon

          Icon Hash:90cececece8e8eb0

          Static PE Info

          General

          Entrypoint:0x401460
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Time Stamp:0x59168E97 [Sat May 13 04:41:59 2017 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:6
          OS Version Minor:0
          File Version Major:6
          File Version Minor:0
          Subsystem Version Major:6
          Subsystem Version Minor:0
          Import Hash:

          Entrypoint Preview

          Instruction
          push ebp
          mov ebp, esp
          sub esp, 00000428h
          push ebx
          push esi
          push edi
          push 00000408h
          lea eax, dword ptr [ebp-00000424h]
          push 00000000h
          push eax
          mov dword ptr [ebp-00000428h], 00000000h
          call 00007FC0CD086F8Ch
          add esp, 0Ch
          xor edi, edi
          xor ebx, ebx
          mov eax, 000000D2h
          mov dword ptr [ebp-14h], 00001672h
          mov dword ptr [ebp-0Ch], ebx
          mov dword ptr [ebp-1Ch], 00004BDFh
          mov dword ptr [ebp-04h], ebx
          mov dword ptr [ebp-08h], 00000045h
          mov dword ptr [ebp-10h], ebx
          mov dword ptr [ebp-18h], 00003218h
          mov ecx, 00002DA5h
          mov edx, 0000002Eh
          cmp eax, 2Eh
          cmovl eax, edx
          dec ecx
          jne 00007FC0CD085419h
          call 00007FC0CD087223h
          mov dword ptr [ebp-000003E0h], eax
          lea eax, dword ptr [ebp-00000228h]
          push eax
          push 000021D1h
          call 00007FC0CD08512Ch
          add esp, 08h
          lea esp, dword ptr [esp+00h]
          inc edi
          mov eax, edi
          and eax, 80000001h
          jns 00007FC0CD085427h
          dec eax
          or eax, FFFFFFFEh
          inc eax
          jne 00007FC0CD085423h
          inc edi
          cmp edi, 0000488Eh
          jl 00007FC0CD085408h
          lea eax, dword ptr [ebp-0000028Ch]
          push eax
          push 00002488h
          call 00007FC0CD0850FAh
          lea eax, dword ptr [ebp-0000028Ch]
          push 114FAA40h
          push eax

          Rich Headers

          Programming Language:
          • [C++] VS2012 build 50727
          • [ASM] VS2012 build 50727
          • [LNK] VS2012 build 50727

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x450d40x45200727d399253185ff3ece836ba5ede2b9bFalse0.9890017518083183data7.995097609998807IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

          Network Behavior

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Dec 2, 2024 07:43:03.744901896 CET1.1.1.1192.168.2.40xb6cdNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
          Dec 2, 2024 07:43:03.744901896 CET1.1.1.1192.168.2.40xb6cdNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:01:43:08
          Start date:02/12/2024
          Path:C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c2278190.dat-decoded.exe"
          Imagebase:0x420000
          File size:287'744 bytes
          MD5 hash:031D9C09391DE9E9530F989651B1A078
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
          Reputation:low
          Has exited:true

          General

          Target ID:2
          Start time:01:43:09
          Start date:02/12/2024
          Path:C:\Windows\SysWOW64\WerFault.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 228
          Imagebase:0xdb0000
          File size:483'680 bytes
          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:0.6%
            Dynamic/Decrypted Code Coverage:6.2%
            Signature Coverage:6.2%
            Total number of Nodes:65
            Total number of Limit Nodes:7
            execution_graph 93635 444be3 93640 444bfc 93635->93640 93636 444c88 93637 444c47 93643 44e593 93637->93643 93640->93636 93640->93637 93641 444c83 93640->93641 93642 44e593 RtlFreeHeap 93641->93642 93642->93636 93646 44c813 93643->93646 93645 444c53 93647 44c830 93646->93647 93648 44c841 RtlFreeHeap 93647->93648 93648->93645 93649 44ba83 93650 44baa0 93649->93650 93653 1272df0 LdrInitializeThunk 93650->93653 93651 44bac8 93653->93651 93690 444853 93691 44486f 93690->93691 93692 444897 93691->93692 93693 4448ab 93691->93693 93694 44c4a3 NtClose 93692->93694 93700 44c4a3 93693->93700 93696 4448a0 93694->93696 93697 4448b4 93703 44e6b3 RtlAllocateHeap 93697->93703 93699 4448bf 93701 44c4c0 93700->93701 93702 44c4d1 NtClose 93701->93702 93702->93697 93703->93699 93704 44f753 93705 44f763 93704->93705 93706 44f769 93704->93706 93709 44e673 93706->93709 93708 44f78f 93712 44c7c3 93709->93712 93711 44e68e 93711->93708 93713 44c7e0 93712->93713 93714 44c7f1 RtlAllocateHeap 93713->93714 93714->93711 93715 44f7b3 93716 44e593 RtlFreeHeap 93715->93716 93717 44f7c8 93716->93717 93654 421a0b 93656 4219eb 93654->93656 93655 421a00 93656->93655 93659 44fc23 93656->93659 93662 44e143 93659->93662 93661 421aa8 93663 44e169 93662->93663 93668 427413 93663->93668 93665 44e17f 93667 44e19e 93665->93667 93671 43af53 NtClose 93665->93671 93667->93661 93669 427420 93668->93669 93672 436293 93668->93672 93669->93665 93671->93667 93673 4362b0 93672->93673 93675 4362c9 93673->93675 93676 44cf13 93673->93676 93675->93669 93678 44cf2d 93676->93678 93677 44cf5c 93677->93675 93678->93677 93683 44bad3 93678->93683 93681 44e593 RtlFreeHeap 93682 44cfd5 93681->93682 93682->93675 93684 44baed 93683->93684 93687 1272c0a 93684->93687 93685 44bb19 93685->93681 93688 1272c11 93687->93688 93689 1272c1f LdrInitializeThunk 93687->93689 93688->93685 93689->93685

            Executed Functions

            Function 0044C4A3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 19 44c4a3-44c4df call 424773 call 44d703 NtClose
            APIs
            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0044C4DA
            Memory Dump Source
            • Source File: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
            • Associated: 00000000.00000002.2041179892.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_420000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: 0281abc325b70bf167454d393558beda0c7014649f4c41559f3eeee4f3c43d81
            • Instruction ID: 648120188f2984b02fbb9a97f0c3f7ad549718359d9eadae52b5fe6181412bf0
            • Opcode Fuzzy Hash: 0281abc325b70bf167454d393558beda0c7014649f4c41559f3eeee4f3c43d81
            • Instruction Fuzzy Hash: B8E046362002187BD620AA6AEC41F9B776CDFC6724F44441AFA18A7241CBB0BA0186B5
            Function 01272DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 28 1272df0-1272dfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: c93e9fcc2d0e25150b56611d6c3885e682d839fd56303cbf06a9a4ad94103cea
            • Instruction ID: c3fe6a5dde8f33b39987215d1251d0767d380ef1c0133389bb26b3812bc4c46f
            • Opcode Fuzzy Hash: c93e9fcc2d0e25150b56611d6c3885e682d839fd56303cbf06a9a4ad94103cea
            • Instruction Fuzzy Hash: 8090023121240413E11171584544707500A97D0341FD5C412A142455CDD6568A52A221
            Function 00421978 Relevance: .1, Instructions: 114COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 112 421978-421982 113 421984-42198c 112->113 114 42198e-421994 112->114 113->114 116 421995-42199d 114->116 117 4219fe 114->117 124 4219aa-4219ad 116->124 125 42199f-4219a4 116->125 118 421a00-421a01 117->118 119 421a67-421a73 117->119 120 421a60-421a65 119->120 121 421a75-421a9e call 421be0 call 421000 119->121 120->119 135 421aa3-421aa6 call 44fc23 121->135 129 421933-421954 124->129 130 4219ae-4219bf 124->130 127 4219a6-4219a7 125->127 128 421a0e-421a2c 125->128 127->124 131 4219eb-4219f8 128->131 132 421a2e-421a5b call 421120 128->132 130->131 131->117 132->120 137 421aa8-421ab0 135->137
            Memory Dump Source
            • Source File: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
            • Associated: 00000000.00000002.2041179892.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_420000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cdd526b5dd3f681b7d7ec9be85c010409b52b9b301012efbfe12f662172076ae
            • Instruction ID: 4bf967fb2f908fca385370b87c3971226400fcb32a5e2c75febfa501af1664d9
            • Opcode Fuzzy Hash: cdd526b5dd3f681b7d7ec9be85c010409b52b9b301012efbfe12f662172076ae
            • Instruction Fuzzy Hash: 2831BFB1B053655FDB159F74D8026EBBF74AF55304B9802DBE8448F963E1245C90C7C5
            Function 0044C813 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 0 44c813-44c857 call 424773 call 44d703 RtlFreeHeap
            APIs
            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0044C852
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
            • Associated: 00000000.00000002.2041179892.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_420000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID: 'cC
            • API String ID: 3298025750-1665573177
            • Opcode ID: bec87bca31af92aec9494093564906b61a46ba24f88768d571c812d6104144da
            • Instruction ID: f63a851ae49740e3eda796b02da0875c6ada4ec38c014e5bfe188cf9ec0f72ae
            • Opcode Fuzzy Hash: bec87bca31af92aec9494093564906b61a46ba24f88768d571c812d6104144da
            • Instruction Fuzzy Hash: FDE06D712042087BDA10EE59DC41F9B33ACEFC9710F404409F908A7241C770B91186B9
            Function 0044C7C3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 14 44c7c3-44c807 call 424773 call 44d703 RtlAllocateHeap
            APIs
            • RtlAllocateHeap.NTDLL(?,0043E40E,?,?,00000000,?,0043E40E,?,?,?), ref: 0044C802
            Memory Dump Source
            • Source File: 00000000.00000002.2041198261.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
            • Associated: 00000000.00000002.2041179892.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_420000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: 57b2a52395c9222767e05ed8cc01738bdf3033cd1b87f39c2aaa5050d618ec99
            • Instruction ID: 9fb10ff5d36ee7da777aecfca8fea64c10744dcea7a7d0bd84c6ff1583a70f1f
            • Opcode Fuzzy Hash: 57b2a52395c9222767e05ed8cc01738bdf3033cd1b87f39c2aaa5050d618ec99
            • Instruction Fuzzy Hash: 1EE09275354208BBD610EE59DC41FAB37ACEFC5714F00001AF908A7241D770B91087B9
            Function 01272C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 24 1272c0a-1272c0f 25 1272c11-1272c18 24->25 26 1272c1f-1272c26 LdrInitializeThunk 24->26
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 2bcc3d304edff51d60c67e0e285f9464aab8a8b5c6fc4f6c67d5558d10099f86
            • Instruction ID: b0f46de9d2c7e0de0c22d164b3c1b8301a577f23855f2a712fe77a874a679b9a
            • Opcode Fuzzy Hash: 2bcc3d304edff51d60c67e0e285f9464aab8a8b5c6fc4f6c67d5558d10099f86
            • Instruction Fuzzy Hash: D4B09B719125D5C5EA11F7644608717790577E0701F56C065D3030645F4738C1D1E375

            Non-executed Functions

            Function 012B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2160512332
            • Opcode ID: bb686e78dbd8974c2e909ed4a42a84c13fafc2d4988b6b4f2703cdd72f818971
            • Instruction ID: 5c242e666ce6f64e34655dbb380ae8348410a95b2683f5d9da51610d5a7e6b90
            • Opcode Fuzzy Hash: bb686e78dbd8974c2e909ed4a42a84c13fafc2d4988b6b4f2703cdd72f818971
            • Instruction Fuzzy Hash: 79928D71624742EFE725DE28C881BABBBE8BB84790F04491DFB94D7250D770E844CB92
            Function 012268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-3089669407
            • Opcode ID: 79ba59945342c9d7ba41379fdc650e2b8f9efb0887e87ad3ce43970f88223fcc
            • Instruction ID: 21dd7b5faf36c2eabaf68f92227d8008c98ead985d658fb477e2a27578be4ff0
            • Opcode Fuzzy Hash: 79ba59945342c9d7ba41379fdc650e2b8f9efb0887e87ad3ce43970f88223fcc
            • Instruction Fuzzy Hash: 328101B3D222197FCB22FA94DDC0EEE77BDAB18714B544525FA00F7114E620EE058BA0
            Function 012D5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
            Download Yara Rule
            Strings
            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 012D5A84
            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 012D5FE1
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 012D635D
            • @, xrefs: 012D61B0
            • @, xrefs: 012D63A0
            • @, xrefs: 012D6027
            • Control Panel\Desktop, xrefs: 012D615E
            • InstallLanguageFallback, xrefs: 012D6050
            • LanguageConfigurationPending, xrefs: 012D6221
            • LanguageConfiguration, xrefs: 012D6420
            • PreferredUILanguagesPending, xrefs: 012D61D2
            • @, xrefs: 012D6277
            • @, xrefs: 012D647A
            • PreferredUILanguages, xrefs: 012D63D1
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
            • API String ID: 0-1325123933
            • Opcode ID: 3f3180232e763a83ec79afe9389163953beddea643150bccc2f015310408d86a
            • Instruction ID: b478dcdeaa00053ae29f983f90838288a9a9924eed5cdc3022eab5e999bbbc14
            • Opcode Fuzzy Hash: 3f3180232e763a83ec79afe9389163953beddea643150bccc2f015310408d86a
            • Instruction Fuzzy Hash: AA7246715283429FD725DF28C880BABBBE9BF88700F44492DFA85D7250EB74D9458B92
            Function 01268620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
            Download Yara Rule
            Strings
            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012A54E2
            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012A54CE
            • Thread identifier, xrefs: 012A553A
            • Invalid debug info address of this critical section, xrefs: 012A54B6
            • double initialized or corrupted critical section, xrefs: 012A5508
            • Thread is in a state in which it cannot own a critical section, xrefs: 012A5543
            • Address of the debug info found in the active list., xrefs: 012A54AE, 012A54FA
            • Critical section debug info address, xrefs: 012A541F, 012A552E
            • 8, xrefs: 012A52E3
            • Critical section address., xrefs: 012A5502
            • corrupted critical section, xrefs: 012A54C2
            • Critical section address, xrefs: 012A5425, 012A54BC, 012A5534
            • undeleted critical section in freed memory, xrefs: 012A542B
            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012A540A, 012A5496, 012A5519
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
            • API String ID: 0-2368682639
            • Opcode ID: 4bd244a56b9ace447e3887fd218bc94e3c7f6504e78a88ca74caee8fed402ff9
            • Instruction ID: 8e74bf4f0934b0a14cffc7131ada19e57c465e12508c8bdff4c45cb26c528e82
            • Opcode Fuzzy Hash: 4bd244a56b9ace447e3887fd218bc94e3c7f6504e78a88ca74caee8fed402ff9
            • Instruction Fuzzy Hash: 7381AFB1A60359EFDB20CF99C885BAEBBF9FB58714F544119F604B7280D3B5A940CB60
            Function 012629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
            Download Yara Rule
            Strings
            • @, xrefs: 012A259B
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 012A22E4
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 012A2409
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 012A2506
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 012A2412
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 012A261F
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 012A24C0
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 012A25EB
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 012A2624
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 012A2498
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 012A2602
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: d5a81204e459e67104ba70be48b53ef8de952688bbc0a6eadda0444198c6ae92
            • Instruction ID: d35b5f72dee2aee6250340a76e35a281f57830a9a009e77da290b46181a7d0df
            • Opcode Fuzzy Hash: d5a81204e459e67104ba70be48b53ef8de952688bbc0a6eadda0444198c6ae92
            • Instruction Fuzzy Hash: 530271B1D20229DFDB21DB54CD81BEAB7B8AB54304F4141EAEB09A7281D7709EC4CF59
            Function 01260F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
            • API String ID: 0-360209818
            • Opcode ID: 0055e1e548ba3bc6ba441b35b94ab1edfb59c20d7cf321609db88898c45e6ed0
            • Instruction ID: 65953d835216d84e8ef299ea2e161a776aa82e61be62e8b413a979c08f7d33a1
            • Opcode Fuzzy Hash: 0055e1e548ba3bc6ba441b35b94ab1edfb59c20d7cf321609db88898c45e6ed0
            • Instruction Fuzzy Hash: AE6262B5E202258FEB24CF18C8417A9B7B6EFD5320F5481DAD649AB280D7725AE1CF50
            Function 012D8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
            • API String ID: 0-2515994595
            • Opcode ID: 1ca967bdb2520069d9045ad0720e6b7b9da469615d83e898441276cc6a8abd1c
            • Instruction ID: 17f6c2fc848001b6feba44feb3e359f69f37a8a66e86654ed17e6c572f646e20
            • Opcode Fuzzy Hash: 1ca967bdb2520069d9045ad0720e6b7b9da469615d83e898441276cc6a8abd1c
            • Instruction Fuzzy Hash: 3551A1715243469BD32ADF28C844BBBBBECEF98350F144A1DEA95C3291E770D604C792
            Function 012E12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
            • API String ID: 0-3591852110
            • Opcode ID: f7060b44c678993c740a21455b0ad6e03c6012600233c83ad54ab1401fc6df50
            • Instruction ID: 3822dba8214267b69a3926d6993b7ce567636adfe625d1517a2cb1dc024dd1d4
            • Opcode Fuzzy Hash: f7060b44c678993c740a21455b0ad6e03c6012600233c83ad54ab1401fc6df50
            • Instruction Fuzzy Hash: B612E370620642EFD725DF29C449BBABBF1FF09714F88846DE5868B682D774E890CB50
            Function 0124AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
            • API String ID: 0-3197712848
            • Opcode ID: 5c0269c12a4dad56392338235cf5033f7f50b04a19b8623547bec736ab04d873
            • Instruction ID: f5ba6f588b0a11fe2fa6fc8f8c02d003f581d0a62819ed51c03cdb3bfad28020
            • Opcode Fuzzy Hash: 5c0269c12a4dad56392338235cf5033f7f50b04a19b8623547bec736ab04d873
            • Instruction Fuzzy Hash: 33121271A283468BD739DF28C441BBAB7E4FF95704F09092DFA868B281E774D944CB52
            Function 0122D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
            • API String ID: 0-3532704233
            • Opcode ID: 73a05fe7799c317d433a3b5a4676ed220315cd4097e1c2a51a27508d81878efa
            • Instruction ID: c02358438f25c09f3afa703485c31446364554cf3925c5f755b09660bc05d9d5
            • Opcode Fuzzy Hash: 73a05fe7799c317d433a3b5a4676ed220315cd4097e1c2a51a27508d81878efa
            • Instruction Fuzzy Hash: CEB1AD71529366AFC721DF68D480B6FBBE8AB84714F01492EFA89D7240D770D944CB92
            Function 012E0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
            • API String ID: 0-1357697941
            • Opcode ID: 5f35806eab56ad1fa3d968779b1da78c4c31245e0d6a3b3c888574822afba30b
            • Instruction ID: 80b662a6d1b60c61913f6134597e35160c1ca2675665de6863020de05d7151e5
            • Opcode Fuzzy Hash: 5f35806eab56ad1fa3d968779b1da78c4c31245e0d6a3b3c888574822afba30b
            • Instruction Fuzzy Hash: F9F10531720256EFDB25CF68C049BBABBF5FF09300F484469E6859B642C7B4A946CF50
            Function 012E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
            • API String ID: 0-1700792311
            • Opcode ID: a2d13ed5727593d6df2699630c9f3a6a9f2ecd0663ae6e85d9a1272172bd78d9
            • Instruction ID: 059cbd58e5def696ab05e924e27dae38734d78905fb17e174315a06be9ed2c1b
            • Opcode Fuzzy Hash: a2d13ed5727593d6df2699630c9f3a6a9f2ecd0663ae6e85d9a1272172bd78d9
            • Instruction Fuzzy Hash: 32D10031620282EFDB22EF68C449AAEBBF1FF49700F488049F5559B652C7B4D942CF18
            Function 012B89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
            Download Yara Rule
            Strings
            • VerifierFlags, xrefs: 012B8C50
            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 012B8A67
            • VerifierDebug, xrefs: 012B8CA5
            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 012B8A3D
            • HandleTraces, xrefs: 012B8C8F
            • AVRF: -*- final list of providers -*- , xrefs: 012B8B8F
            • VerifierDlls, xrefs: 012B8CBD
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
            • API String ID: 0-3223716464
            • Opcode ID: d5f698023a964017e8893b833badb0b4b95020928b6232a5204dd2b7eedbf137
            • Instruction ID: 5b3c1c41e945ff9191a4cd7b55f66ba457ec0f0f29935cb0496118df6c1dc36e
            • Opcode Fuzzy Hash: d5f698023a964017e8893b833badb0b4b95020928b6232a5204dd2b7eedbf137
            • Instruction Fuzzy Hash: 739146B2661352AFD732EF2888C1BEA77ECAB54B94F04045DFB48AB281D7709D00C795
            Function 0123EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
            • API String ID: 0-1109411897
            • Opcode ID: e3266b7b26699d50b4e21e1509e8bb46af3608b742dc2f067d7c7946c0cb6996
            • Instruction ID: f958499edefbd99d202ec3459770e3f5d6facfe7c4b190fe3d4b897de06ac5cc
            • Opcode Fuzzy Hash: e3266b7b26699d50b4e21e1509e8bb46af3608b742dc2f067d7c7946c0cb6996
            • Instruction Fuzzy Hash: A8A24BB0E2566A8FDF64DF18CD887ADBBB5AF85304F1442E9D909A7250DB709E85CF00
            Function 0122F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-523794902
            • Opcode ID: 3557200c4d1c18f151673d2b17dc21771f958f792402bab82a8b2c94c0f937ff
            • Instruction ID: 91f20c9388f6809090b319570ef06ab41b5e2deaf44ef441e3456de817d5febc
            • Opcode Fuzzy Hash: 3557200c4d1c18f151673d2b17dc21771f958f792402bab82a8b2c94c0f937ff
            • Instruction Fuzzy Hash: 80421071229392EFD715EF28C580A6EBBE5FF85304F044A6DEA858B392D770D841CB52
            Function 0123ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
            • API String ID: 0-4098886588
            • Opcode ID: 1a1e604c2c46025fd4bc22dc975c60b82a28272d5c58db209c9c8a100048ba63
            • Instruction ID: 19d69771377ed6fc1156b93be9e64079225b474e8b4298198b1430e5af53223b
            • Opcode Fuzzy Hash: 1a1e604c2c46025fd4bc22dc975c60b82a28272d5c58db209c9c8a100048ba63
            • Instruction Fuzzy Hash: 7732B3B1E2026A8BDF22CF18CC94BEEBBB5BF85340F1441E9D949A7251D7719E818F44
            Function 0124B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
            • API String ID: 0-122214566
            • Opcode ID: c066cf0e8330cd69e5ee9881953048e1971f69fcd3d600f8c5a51ccbf3a64724
            • Instruction ID: 1b0820f719d83775e7a8491dcf38fdb92b5e59211c88df1bb0a0108d59e552ed
            • Opcode Fuzzy Hash: c066cf0e8330cd69e5ee9881953048e1971f69fcd3d600f8c5a51ccbf3a64724
            • Instruction Fuzzy Hash: 2DC14A31A302169BDF2D9F6DC891BBEBFA5EF46310F184169EE029B281D7B4C944C391
            Function 012663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
            • API String ID: 0-792281065
            • Opcode ID: 88fd3c45644fa3659b305b2effc5cb8bacde1d6f861c919d3525bf89171098dc
            • Instruction ID: 1de9c49e5dc44e1fffbc86e1a99505c916f0fe00817a7c8398616fb5ce5d82f2
            • Opcode Fuzzy Hash: 88fd3c45644fa3659b305b2effc5cb8bacde1d6f861c919d3525bf89171098dc
            • Instruction Fuzzy Hash: D9911470A30356DBEB35EF58E845BBA7BA9FF50B14F58012DEA006B2C5D7B49841C790
            Function 0122645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
            Download Yara Rule
            Strings
            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01289A2A
            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 012899ED
            • LdrpInitShimEngine, xrefs: 012899F4, 01289A07, 01289A30
            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01289A01
            • apphelp.dll, xrefs: 01226496
            • minkernel\ntdll\ldrinit.c, xrefs: 01289A11, 01289A3A
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-204845295
            • Opcode ID: 224adbdf579cfde05e43649ddff6df365811ea60b78a81d7c6ef11faaacee379
            • Instruction ID: d0078f610f77b47ed5486955d92e2ddcbb9007ec3e54d581d29a9bdb85aa439d
            • Opcode Fuzzy Hash: 224adbdf579cfde05e43649ddff6df365811ea60b78a81d7c6ef11faaacee379
            • Instruction Fuzzy Hash: 6D51D272269305AFDB30EF24D881BABB7E8FB84748F10091DFA8597190D670E944CB92
            Function 01262674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 012A21BF
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 012A2178
            • RtlGetAssemblyStorageRoot, xrefs: 012A2160, 012A219A, 012A21BA
            • SXS: %s() passed the empty activation context, xrefs: 012A2165
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 012A219F
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 012A2180
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: 4f629ff3e87a36eff24f95d158d81a9e99a86d35db2cc74b590e06fe7b7e3008
            • Instruction ID: 6302e2e06328af908d4fbb6dd1b4e65d83515188ed0a7cfff7df3a804fda30d2
            • Opcode Fuzzy Hash: 4f629ff3e87a36eff24f95d158d81a9e99a86d35db2cc74b590e06fe7b7e3008
            • Instruction Fuzzy Hash: 1A310736BB0216F7E726CA998C81F6A7AACDBA4B90F054059FB0467185D270AA40C7A1
            Function 0126C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • Loading import redirection DLL: '%wZ', xrefs: 012A8170
            • LdrpInitializeImportRedirection, xrefs: 012A8177, 012A81EB
            • LdrpInitializeProcess, xrefs: 0126C6C4
            • minkernel\ntdll\ldrredirect.c, xrefs: 012A8181, 012A81F5
            • Unable to build import redirection Table, Status = 0x%x, xrefs: 012A81E5
            • minkernel\ntdll\ldrinit.c, xrefs: 0126C6C3
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-475462383
            • Opcode ID: e1f05669cdedf341beeddf8ce95f6c52be0d6c4aa2121a9f28a9c709d8b3e650
            • Instruction ID: 322855090c1f17585ebeb15f3d3aa28b87c6b313afbda987eea1cec126acb37c
            • Opcode Fuzzy Hash: e1f05669cdedf341beeddf8ce95f6c52be0d6c4aa2121a9f28a9c709d8b3e650
            • Instruction Fuzzy Hash: 1031E271664342AFD320FF29D986E2A77E9AF94B20F04055CF9856B2D1E620ED04C7A2
            Function 01249950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
            • API String ID: 0-3393094623
            • Opcode ID: 21215def3109054388e443993b4ace476e9bd4080ae83b290f02c7c4e050e605
            • Instruction ID: 7f3bb7374d5b9552d929c5bdbdb4fe07a88abff62648bfd9fa7a3db8eb09d5ca
            • Opcode Fuzzy Hash: 21215def3109054388e443993b4ace476e9bd4080ae83b290f02c7c4e050e605
            • Instruction Fuzzy Hash: F9027E71528342CFDB29CF68C08576BBBE5BF8D718F44491EEA8987251E770D884CB92
            Function 0127096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 01272DF0: LdrInitializeThunk.NTDLL ref: 01272DFA
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01270BA3
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01270BB6
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01270D60
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01270D74
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
            • String ID:
            • API String ID: 1404860816-0
            • Opcode ID: 3ed99279aa06ec927e3602a15799a095260bde4562866f655531121a2804a73b
            • Instruction ID: 12051ba8a70d5dd3c23734b73c208dddb8f36c18070ea88c1e23db1c13c8940a
            • Opcode Fuzzy Hash: 3ed99279aa06ec927e3602a15799a095260bde4562866f655531121a2804a73b
            • Instruction Fuzzy Hash: 62426D71910716DFDB21CF28C881BAAB7F5FF05314F1445AAEA89DB241E770AA84CF60
            Function 012B4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
            • API String ID: 0-2518169356
            • Opcode ID: 80dbb1e342aff6e2ae2aabbcdf506a15a69d446ef54de2c99fadb9a61c4a9dd7
            • Instruction ID: 333ef7769d19f4cc3e77dfdd78a75044442c6e8a5dc8de6435bee5adeab4d546
            • Opcode Fuzzy Hash: 80dbb1e342aff6e2ae2aabbcdf506a15a69d446ef54de2c99fadb9a61c4a9dd7
            • Instruction Fuzzy Hash: 8891CF7292061ADBCB21CF6CC8C1AEEB7B0EF48350F194169E911EB351D375D901CB91
            Function 012470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
            • API String ID: 0-3178619729
            • Opcode ID: 3b8470f755ec759b1ee77cfb4a55f9efbb0a6e96608746bfb6c2a89881e3d690
            • Instruction ID: 038fbb04ff60b800416bb31e85b1036fba89acc60a8a598c2765e698987ea942
            • Opcode Fuzzy Hash: 3b8470f755ec759b1ee77cfb4a55f9efbb0a6e96608746bfb6c2a89881e3d690
            • Instruction Fuzzy Hash: 6313C170A20656CFEB29CF68C4807A9FBF1FF49304F1481A9DA59AB381D774A945CF90
            Function 0124A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
            Download Yara Rule
            Strings
            • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01297D56
            • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01297D39
            • SsHd, xrefs: 0124A885
            • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01297D03
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
            • API String ID: 0-2905229100
            • Opcode ID: 966e8f7f2f3ff7e2fd526b780cce1968eb844ce9189d5e60222f2daa0ad212fe
            • Instruction ID: e04632c3221c7821ea00effcc599f59ce986bb94c34312b795372d99f359690a
            • Opcode Fuzzy Hash: 966e8f7f2f3ff7e2fd526b780cce1968eb844ce9189d5e60222f2daa0ad212fe
            • Instruction Fuzzy Hash: EAD1A239A60216DBDF29CF9CC8C16ADBBB5FF58310F194059EA46AB345D3719841CBA0
            Function 0123A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
            • API String ID: 0-379654539
            • Opcode ID: 37359d00bad6e2d784e977418438cb2e0a59e88c1c03a49d12321db2810e3284
            • Instruction ID: 466fbf41054c77aa4d6a0bd6fccda889ac3296121a88372cf9bfe6fac62f99b8
            • Opcode Fuzzy Hash: 37359d00bad6e2d784e977418438cb2e0a59e88c1c03a49d12321db2810e3284
            • Instruction Fuzzy Hash: 9AC176B4528382DFDB25CF58C044B6AB7E4FF84704F04496AFA96CB291E774C949CB62
            Function 01268402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
            Download Yara Rule
            Strings
            • LdrpInitializeProcess, xrefs: 01268422
            • @, xrefs: 01268591
            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0126855E
            • minkernel\ntdll\ldrinit.c, xrefs: 01268421
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1918872054
            • Opcode ID: f7b18a3b14be5dc26ed86a5438b6a3eceba38e69b5cd318446f3053af90b323f
            • Instruction ID: 476cb68316770c5bc3329bd81e6c0452960ed10bab0f3230cd1dd823ba01cfa4
            • Opcode Fuzzy Hash: f7b18a3b14be5dc26ed86a5438b6a3eceba38e69b5cd318446f3053af90b323f
            • Instruction Fuzzy Hash: E7917B71568346AFD722EF65C841FBBBAECFB84744F40092EFA8492191E734D944CB62
            Function 01240C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
            Download Yara Rule
            Strings
            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 012955AE
            • HEAP: , xrefs: 012954E0, 012955A1
            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 012954ED
            • HEAP[%wZ]: , xrefs: 012954D1, 01295592
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
            • API String ID: 0-1657114761
            • Opcode ID: 304c070f28707463513a500b98aba3a91c0624ef914a7e85898c255040d2ecdb
            • Instruction ID: 3a78f1172886338a9cb4101dce68bf0ab9dc2187d7eaf17e0302981cd2926709
            • Opcode Fuzzy Hash: 304c070f28707463513a500b98aba3a91c0624ef914a7e85898c255040d2ecdb
            • Instruction Fuzzy Hash: 84A1E170720346DFDB29DF28C441BFABBE1EF54700F14856DE6868B682D770A884CB99
            Function 0126273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
            Download Yara Rule
            Strings
            • SXS: %s() passed the empty activation context, xrefs: 012A21DE
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 012A22B6
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 012A21D9, 012A22B1
            • .Local, xrefs: 012628D8
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: b5d43605b262c89628cf0ddc1a4ec839d94ed8c0e8f385aeeb20e0d6c41d9959
            • Instruction ID: 3c934a759be275823dca0a4324ea6a055a3e7052d26c9da95b9d63629f59de82
            • Opcode Fuzzy Hash: b5d43605b262c89628cf0ddc1a4ec839d94ed8c0e8f385aeeb20e0d6c41d9959
            • Instruction Fuzzy Hash: D7A1C43192122ADFDB25CF58CC84BA9B7B5BF58354F2441E9DA48A7291D7709EC0CF90
            Function 012364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
            Download Yara Rule
            Strings
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01290FE5
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0129106B
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01291028
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 012910AE
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: 4c2a8a9bc6d5fd30755388e40b1e1a4fdd54d316d4ee20088b30dbb2735017a3
            • Instruction ID: 67dd60f5ee9905291c5fd44784da90800ab9f6de3fa18a44d8989ef5bc9c94a0
            • Opcode Fuzzy Hash: 4c2a8a9bc6d5fd30755388e40b1e1a4fdd54d316d4ee20088b30dbb2735017a3
            • Instruction Fuzzy Hash: 5D71C4B1524346AFCB21DF18C885BAB7FACAF94764F400468F9488B186D774D689CBD2
            Function 0125245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
            Download Yara Rule
            Strings
            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0129A992
            • minkernel\ntdll\ldrinit.c, xrefs: 0129A9A2
            • apphelp.dll, xrefs: 01252462
            • LdrpDynamicShimModule, xrefs: 0129A998
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-176724104
            • Opcode ID: 2d6e92f6b045655c62ab91af2c26d2688c84c0157e9880ef35c4334ab55f63dd
            • Instruction ID: 165da8f0230f9543a78828588a40e121c5cb85269a112b15e9092dfa98c54b7a
            • Opcode Fuzzy Hash: 2d6e92f6b045655c62ab91af2c26d2688c84c0157e9880ef35c4334ab55f63dd
            • Instruction Fuzzy Hash: 69310975A20302EBEF31EF5DD886A7A7BB9FB84B14F26001DEE11A7255C7B49941C780
            Function 012429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
            Download Yara Rule
            Strings
            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0124327D
            • HEAP: , xrefs: 01243264
            • HEAP[%wZ]: , xrefs: 01243255
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
            • API String ID: 0-617086771
            • Opcode ID: 30719014c83362f662e231460d121895bb1d0130617de5f3455863ed4b2cb96a
            • Instruction ID: 5f68f66ba288d28e3f015404ff18cd396b614868c431999f37e1b20cfe05f779
            • Opcode Fuzzy Hash: 30719014c83362f662e231460d121895bb1d0130617de5f3455863ed4b2cb96a
            • Instruction Fuzzy Hash: 3692DE70A2425ADFDB29CF69D4447AEBBF1FF08300F188099E989AB391D774A941CF50
            Function 012C02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: """"$MitigationAuditOptions$MitigationOptions
            • API String ID: 0-1670051934
            • Opcode ID: 31b4edb72cc583e31c784d29cd855ff51d1ee58d210a86f6c9fda47a991af4cd
            • Instruction ID: 9bbd53ec8c35204b4d5a957d6210bea0addb50c8c0c3eeb0cc0d1b81ffb01558
            • Opcode Fuzzy Hash: 31b4edb72cc583e31c784d29cd855ff51d1ee58d210a86f6c9fda47a991af4cd
            • Instruction Fuzzy Hash: 7E228D76A24702CFD728CF2DC85162ABBE1BBD4B10F248A2EF39A87650D771E504CB45
            Function 01240770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: 9bbb455578e8fa51fcdf8af6ba50591cf3a73fb07e235e9c0c697d105fda9a69
            • Instruction ID: e7a2437dc08ac7c931246a24d6d201b0250db58b45500e2c96fefd4145da9ade
            • Opcode Fuzzy Hash: 9bbb455578e8fa51fcdf8af6ba50591cf3a73fb07e235e9c0c697d105fda9a69
            • Instruction Fuzzy Hash: E9F1BF74B20606DFEB2ACF68C884BAAB7B5FF44700F1441A9E6069B341D774E981CF94
            Function 01231460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
            Download Yara Rule
            Strings
            • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01231728
            • HEAP: , xrefs: 01231596
            • HEAP[%wZ]: , xrefs: 01231712
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
            • API String ID: 0-3178619729
            • Opcode ID: a5310a4d99f9c1298c71dc71f0bcf1cac732cf48735fdebbd49d5fa8df28734a
            • Instruction ID: 546aa7d06a437d9b11115635605249e2601e203e28962aee7e76ca47d287a43e
            • Opcode Fuzzy Hash: a5310a4d99f9c1298c71dc71f0bcf1cac732cf48735fdebbd49d5fa8df28734a
            • Instruction Fuzzy Hash: 71E104B0A242429FDB29DF6CC451BBABBF5EF84300F18855DE696CB286D774E850CB50
            Function 01256962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: $@
            • API String ID: 0-1077428164
            • Opcode ID: 9ad97230139b4ca593c716aeb3005e27a8c43f74a7a5d04fa17825d7cbebb30d
            • Instruction ID: a6b4672dfa90bc7fe8cea3ae8a9dd42787114db55a9f822ac40db40b9f0b89b7
            • Opcode Fuzzy Hash: 9ad97230139b4ca593c716aeb3005e27a8c43f74a7a5d04fa17825d7cbebb30d
            • Instruction Fuzzy Hash: E0C291716283429FDB65CF28C881BABBBE5BF88754F44892DEE89C7241D774D804CB52
            Function 0122A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: e6e98b349c95273f770ab631d58b8b90839d8f5bacb2779b141bf49545424d4d
            • Instruction ID: 6174f193e48c76bb772be2cdbae68c48cb620d8d2ab7b119e30fe20e5d52c2ec
            • Opcode Fuzzy Hash: e6e98b349c95273f770ab631d58b8b90839d8f5bacb2779b141bf49545424d4d
            • Instruction Fuzzy Hash: 98A1607192162A9BDB31EF68CC88BEAB7B8EF44710F1001E9DA09A7250D7759EC5CF50
            Function 01250BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
            Download Yara Rule
            Strings
            • LdrpCheckModule, xrefs: 0129A117
            • Failed to allocated memory for shimmed module list, xrefs: 0129A10F
            • minkernel\ntdll\ldrinit.c, xrefs: 0129A121
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
            • API String ID: 0-161242083
            • Opcode ID: d301fd2f6dcb86878c66ecdf7da29d7e8b2bc73e9a9d7e483ae890b041099f56
            • Instruction ID: 67efca49227a3b6cca7b22c5b71f14fc7a75f6330bb06098397facc911e8f0d2
            • Opcode Fuzzy Hash: d301fd2f6dcb86878c66ecdf7da29d7e8b2bc73e9a9d7e483ae890b041099f56
            • Instruction Fuzzy Hash: 4871ACB0A20206DFDF25EF6CC985BBEB7F8FB44704F14442DEA02A7251E674AA41CB54
            Function 01240A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-1334570610
            • Opcode ID: 1b684b896a6bf6df042c41ff19e36e7b57860d4b67f9f7a35dfed1ed225afe44
            • Instruction ID: 4bc5946310f901696e0c84814adf97bdd7ea886ac066628e88b8369c89abe6cc
            • Opcode Fuzzy Hash: 1b684b896a6bf6df042c41ff19e36e7b57860d4b67f9f7a35dfed1ed225afe44
            • Instruction Fuzzy Hash: 7C617170720302DFDB29DF28C441BAABBE5FF45704F14856EE6558B292D7B0E881CB99
            Function 012DDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
            Download Yara Rule
            Strings
            • Heap block at %p modified at %p past requested size of %Ix, xrefs: 012DDC32
            • HEAP: , xrefs: 012DDC1F
            • HEAP[%wZ]: , xrefs: 012DDC12
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
            • API String ID: 0-3815128232
            • Opcode ID: bf771fe9d658ab8515f1b08a11f47edce6aa0009c7d2c2f8d9483648860fa08c
            • Instruction ID: e9cf575909a05ed06e0e4c0c5ad4e2a4d57e7e2203197260bd08ada6bc557666
            • Opcode Fuzzy Hash: bf771fe9d658ab8515f1b08a11f47edce6aa0009c7d2c2f8d9483648860fa08c
            • Instruction Fuzzy Hash: CB5157352349198EE334DEADC8457727BE1EF45348F14884EE6C28B5C5E2B6E803DB21
            Function 0126C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
            Download Yara Rule
            Strings
            • Failed to reallocate the system dirs string !, xrefs: 012A82D7
            • LdrpInitializePerUserWindowsDirectory, xrefs: 012A82DE
            • minkernel\ntdll\ldrinit.c, xrefs: 012A82E8
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1783798831
            • Opcode ID: 96e711dd21f165c84a158a8a0ce99188b9d391b062e434ba5f3525ec643346c6
            • Instruction ID: a848e2c42045e48c3641b46f6a922e2cc984129c3385d94c9b6e590a0d691b80
            • Opcode Fuzzy Hash: 96e711dd21f165c84a158a8a0ce99188b9d391b062e434ba5f3525ec643346c6
            • Instruction Fuzzy Hash: EC41CEB1564316ABC736FF68D841B6B77ECAF48750F00492EFA8897290E774E8508B91
            Function 012EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
            Download Yara Rule
            Strings
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 012EC1C5
            • @, xrefs: 012EC1F1
            • PreferredUILanguages, xrefs: 012EC212
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
            • API String ID: 0-2968386058
            • Opcode ID: b89090de243aa9563e8954c44e1b9e22364867fc72a06cef4e7b469f4edd8813
            • Instruction ID: 18d3c2d608f8707ef765997fb10d9dc34bc65ee02be66112089ac3e0a32fee1e
            • Opcode Fuzzy Hash: b89090de243aa9563e8954c44e1b9e22364867fc72a06cef4e7b469f4edd8813
            • Instruction Fuzzy Hash: 11418372E2021AEFDF11DBE8C895FEEBBF8AB14710F40406AE609B7240D7749A54CB50
            Function 012C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
            • API String ID: 0-1373925480
            • Opcode ID: 2a118d7dff9080b42afc8f4fec5e233d2d3936acb0cb7fee263c86cad9d44dc2
            • Instruction ID: 17412420ed6218e9de80e7dcd66794bb51c01cf077d2653d075ef1161d07058e
            • Opcode Fuzzy Hash: 2a118d7dff9080b42afc8f4fec5e233d2d3936acb0cb7fee263c86cad9d44dc2
            • Instruction Fuzzy Hash: 77413531A20299CBEB26EB98C851BAEBBB5FFA5740F14015DDB41EB381D7748900CB11
            Function 012B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            • LdrpCheckRedirection, xrefs: 012B488F
            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 012B4888
            • minkernel\ntdll\ldrredirect.c, xrefs: 012B4899
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-3154609507
            • Opcode ID: e7899ba73a08c8c66563c6326c57d67767224f79cb330b2882c12e1bdb5f91f6
            • Instruction ID: 06507363c47856f8f3ed7ae68946ec87eeaaf249d75166fb0260f28f49aacaa7
            • Opcode Fuzzy Hash: e7899ba73a08c8c66563c6326c57d67767224f79cb330b2882c12e1bdb5f91f6
            • Instruction Fuzzy Hash: C741D472A202D29FCB21EF1CD8C1AA67BE4AF49790F05055DEE8A97253D330E800CB91
            Function 012B07C3 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: $h4;$3+4$3+4(
            • API String ID: 0-3389537135
            • Opcode ID: 12249cdcf76a8e2cd41b8f5f90e383c5eaa4afcec752f1371a1993dd3c45aded
            • Instruction ID: 0e62a6a0ea7798ebe62c8379e0209707fa3e8274502b4d3bddbf63f045c262d3
            • Opcode Fuzzy Hash: 12249cdcf76a8e2cd41b8f5f90e383c5eaa4afcec752f1371a1993dd3c45aded
            • Instruction Fuzzy Hash: 384180715243419FD721DF29C845BABBBE8FF88754F104A2EF998C7251D7709904CB92
            Function 01240BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: 0351c70d95687c316a31ffef1ebe9fc22da4b11bd4cc06ef41164c1b2bea9958
            • Instruction ID: 3e0b55d5fc5b0a4762bb8ce01c9a46a08ccf059afec070fcf906250584b6b86d
            • Opcode Fuzzy Hash: 0351c70d95687c316a31ffef1ebe9fc22da4b11bd4cc06ef41164c1b2bea9958
            • Instruction Fuzzy Hash: CC11AF313751429FDB6EDE18C442BBAB3A5EF40615F18812EF606CB251EB74D880CB59
            Function 012B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
            Download Yara Rule
            Strings
            • Process initialization failed with status 0x%08lx, xrefs: 012B20F3
            • minkernel\ntdll\ldrinit.c, xrefs: 012B2104
            • LdrpInitializationFailure, xrefs: 012B20FA
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2986994758
            • Opcode ID: 8b954d804e9502c5f34d2fc96010c177e2e6ae4546d9127a20d36bae16ea2578
            • Instruction ID: a8ba3cb8f1d3472182576c11008f3f4272e167e51f378b996c27b76d964178a0
            • Opcode Fuzzy Hash: 8b954d804e9502c5f34d2fc96010c177e2e6ae4546d9127a20d36bae16ea2578
            • Instruction Fuzzy Hash: 13F0C835670309EBE734EA4CDC42FEA37ACEB54B54F110059FB0077686D2B0A540C651
            Function 012403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: #%u
            • API String ID: 48624451-232158463
            • Opcode ID: 0065dab922fff9f9e8fc0fecfcd54c9c9aa20bb9a4785f9afd53b3c0a81b2564
            • Instruction ID: 11ea9e1d82a03113376f60048ea6a598f5424a9639e28396f0f76d6f38a15f09
            • Opcode Fuzzy Hash: 0065dab922fff9f9e8fc0fecfcd54c9c9aa20bb9a4785f9afd53b3c0a81b2564
            • Instruction Fuzzy Hash: D7715A71A2014A9FDB05EFA8C990BAEB7F8FF18344F144065EA05EB251EA34ED41CB64
            Function 012452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: @$@
            • API String ID: 0-149943524
            • Opcode ID: e56b2bd664a52cd4408c9588b5dfeb6dab1f935fdfa75d3d7528dd3924585448
            • Instruction ID: 853f10f68c3e923e52a1d3cd0476495549fb95d6460bbfd8b32ae967948eeca3
            • Opcode Fuzzy Hash: e56b2bd664a52cd4408c9588b5dfeb6dab1f935fdfa75d3d7528dd3924585448
            • Instruction Fuzzy Hash: 2C325A705283528FDB29CF19C484B3ABBE1EF84744F14492EFAD59B290E774D984CB92
            Function 0123A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
            Download Yara Rule
            Strings
            • LdrResSearchResource Enter, xrefs: 0123AA13
            • LdrResSearchResource Exit, xrefs: 0123AA25
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
            • API String ID: 0-4066393604
            • Opcode ID: add98a2a36b6f89ef529f59b0972581dfb0e5cc518def8b753602e1a2b62e216
            • Instruction ID: 695164af373c953d7227860d5791b1caf7dd00a15235796e103b48dc3f06d8f9
            • Opcode Fuzzy Hash: add98a2a36b6f89ef529f59b0972581dfb0e5cc518def8b753602e1a2b62e216
            • Instruction Fuzzy Hash: 28E194B1A2020AEBEF25CE9DC980BAEBBBABF54710F104535EA41E7251E7749941CB50
            Function 012FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction ID: 346e5e027823e2000925cd581edaf00155673869b2eb0a53f3ae9520c5680834
            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction Fuzzy Hash: 3CC19B312243469BEB25CE28C845B6BFBE5EF94318F084A3CF79A8B290D774D545CB91
            Function 01230CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
            Download Yara Rule
            Strings
            • ResIdCount less than 2., xrefs: 0128EEC9
            • Failed to retrieve service checksum., xrefs: 0128EE56
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
            • API String ID: 0-863616075
            • Opcode ID: 061ca6341df8b45b035ca91a4d92fc4a1270c88319812c91b83014b71729dda8
            • Instruction ID: 4a689d4c0ff2029f83dbd81ef4ce0c54ac986368f72569fd3e1f9c410cf377ad
            • Opcode Fuzzy Hash: 061ca6341df8b45b035ca91a4d92fc4a1270c88319812c91b83014b71729dda8
            • Instruction Fuzzy Hash: 2AE1E3B19187459FE324CF15C441BABBBE4FBC8315F008A2EE69987380DB719909CF56
            Function 012AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: 906eca0418918180a7a6cdfa6481802154c3fd5ec84a6e51d8f8e08809d05efc
            • Instruction ID: c9d8291eba2254a2b183a02b237107a5061a26f7e72d98411d505eaf1eadaaa8
            • Opcode Fuzzy Hash: 906eca0418918180a7a6cdfa6481802154c3fd5ec84a6e51d8f8e08809d05efc
            • Instruction Fuzzy Hash: 94615CB1E203099FDB15DFA8C880BAEBBB9FB54700F55402DE649EB291D731A901CB50
            Function 012D43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: @$MUI
            • API String ID: 0-17815947
            • Opcode ID: b026bb2cfcc0cbad8a59dda31f54c2b7b70e3d3ca9af0a2b26e65a47e411dcd6
            • Instruction ID: 3f1634e5052e9541f522fa56e5aee0145415d4a7bad3a074574283c05db50ff4
            • Opcode Fuzzy Hash: b026bb2cfcc0cbad8a59dda31f54c2b7b70e3d3ca9af0a2b26e65a47e411dcd6
            • Instruction Fuzzy Hash: 2C5129B1D1025EAFDF11EFA9CC80AEEBBB8EB54754F100529EA11B7690D6309D45CB60
            Function 012304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
            Download Yara Rule
            Strings
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0123063D
            • kLsE, xrefs: 01230540
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
            • API String ID: 0-2547482624
            • Opcode ID: 53cd28d4cc40daf7490fcd73532804ea98d173a53f71d23144b299dd9062150f
            • Instruction ID: 054cad9c1f91e8f336d1779d65da859d8a0ba3aab7cd9287b256beab7784c317
            • Opcode Fuzzy Hash: 53cd28d4cc40daf7490fcd73532804ea98d173a53f71d23144b299dd9062150f
            • Instruction Fuzzy Hash: AF519CB15247428FD725EF69C5406A7BBE4AFC4304F10483EFAAA87281E770D545CFAA
            Function 0123A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
            Download Yara Rule
            Strings
            • RtlpResUltimateFallbackInfo Exit, xrefs: 0123A309
            • RtlpResUltimateFallbackInfo Enter, xrefs: 0123A2FB
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: e9a7f0931d564088029bf6e0b808fe01eb6e536cc30cc652c4486a664b897767
            • Instruction ID: b1f08dc7f4831801e0ad9b189067b92305849ddc25e8450c697c0fa1b7e22e32
            • Opcode Fuzzy Hash: e9a7f0931d564088029bf6e0b808fe01eb6e536cc30cc652c4486a664b897767
            • Instruction Fuzzy Hash: EA41D1B1A24656DBDB15CF5DC890BAEBBF4FF84700F2440A9EA45DB2A1E3B5D900CB50
            Function 0126A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Cleanup Group$Threadpool!
            • API String ID: 2994545307-4008356553
            • Opcode ID: 081f7546710cacbb2cc1014f99723b412a345107f1a3ee21b5f0f7a96043ea58
            • Instruction ID: c466a24a28079f54036279da6bd9b5a8639db2fcb2bc790f24746c11f95e046f
            • Opcode Fuzzy Hash: 081f7546710cacbb2cc1014f99723b412a345107f1a3ee21b5f0f7a96043ea58
            • Instruction Fuzzy Hash: 0101DCB2260744AFD322DF24CD4AB2677ECEB94B25F008939E658C71D0E374E844CB86
            Function 0123C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: 7ac87e05c6766cfe8574ba112a33a956be1ad2f844c28429a0df65250fd48b85
            • Instruction ID: 29a4b48f9536fe10913b1458d0e4870bf631998598610a05bcd4b336371d1910
            • Opcode Fuzzy Hash: 7ac87e05c6766cfe8574ba112a33a956be1ad2f844c28429a0df65250fd48b85
            • Instruction Fuzzy Hash: 50827CB5E202198BEB25CFA9C8807EDBBB5FF88710F14816ADA19BB251D7709D41CF50
            Function 01282F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: P`vRbv
            • API String ID: 0-2392986850
            • Opcode ID: 3a719dbf6bf41850801db526e3d609278074d7a0fee790c8e94d9a9578caab0f
            • Instruction ID: 1f6f154f9cd8833936bf80d7c0ee141db8d95c69d35488a6d63bf4085b246d83
            • Opcode Fuzzy Hash: 3a719dbf6bf41850801db526e3d609278074d7a0fee790c8e94d9a9578caab0f
            • Instruction Fuzzy Hash: B442F371D2625BAEEF29FBACD8456BDBBB0FF04B14F14801AD641AB2C0D674C981CB54
            Function 012DCD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: @
            • API String ID: 0-2766056989
            • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
            • Instruction ID: 77af848c6fceec41c6a97b6e5d77b3761b89b0ee85026c46a652a067ff9801e8
            • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
            • Instruction Fuzzy Hash: F7622770D012188FCB98DF9AC4D4AADB7B2FF8C311F608199E9816BB45C7356A16CF60
            Function 01252E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: 0
            • API String ID: 0-4108050209
            • Opcode ID: 3b711abc35833a545448ba7d2dad683841255168f68c5301f87f0f19ddf9cb58
            • Instruction ID: ca6a5fd8aea683b32c2e1638db743fce17a16299ceb6d5d0d555ba60d2a25ae3
            • Opcode Fuzzy Hash: 3b711abc35833a545448ba7d2dad683841255168f68c5301f87f0f19ddf9cb58
            • Instruction Fuzzy Hash: F0F18171624746DFDBA5CF28C4C0A6ABBE1BF88790F04982DEE4987341DB34D945CB52
            Function 01232FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: PATH
            • API String ID: 0-1036084923
            • Opcode ID: 92f8dd4c6047c98b8269a2918147da43d807938f1de4823918759a6395c8eff4
            • Instruction ID: 4911bb5bd4044370c8c8e7646d517da539cfd57cc96d92da481338d9b135af70
            • Opcode Fuzzy Hash: 92f8dd4c6047c98b8269a2918147da43d807938f1de4823918759a6395c8eff4
            • Instruction Fuzzy Hash: 3BF1B0B1E20219DBDB25DF98D881ABEBBB5FF88710F444029EA41EB350D7749E41CB91
            Function 012BEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: __aullrem
            • String ID:
            • API String ID: 3758378126-0
            • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
            • Instruction ID: 6fbd858e25c524a46b348bb2961cf690fad2bdc33e791dc1b7a20957ad80befc
            • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
            • Instruction Fuzzy Hash: C241A072F2012A9BDF18DFB9C8805BEF7F2FF88310B188639D615E7294D675A9118780
            Function 012E1AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: .
            • API String ID: 0-248832578
            • Opcode ID: 36bedd9f5df5400dbfeeb0adff6e1772f37a49152f71a14fb3ebba1c7bf10c29
            • Instruction ID: 7bf5dd3beb4ed86d054a084771d67f9b1213fa310c42f8d4ecce4b9404ceeb8b
            • Opcode Fuzzy Hash: 36bedd9f5df5400dbfeeb0adff6e1772f37a49152f71a14fb3ebba1c7bf10c29
            • Instruction Fuzzy Hash: 92E1CD74D102698BCF25DFA9C4446BDBBF1FF04700F98812AE985EB291E7749CA2CB40
            Function 01230100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: ff87b6da7c4cf00aa997449f54c84a77960d01279dc111488f8e201d20c31397
            • Instruction ID: 1674b515372b526a74c82b24fd11b763e01082a74657ed8efe18ec7da0ae2834
            • Opcode Fuzzy Hash: ff87b6da7c4cf00aa997449f54c84a77960d01279dc111488f8e201d20c31397
            • Instruction Fuzzy Hash: D3A14BB1A3426A6BDF259A288841BFE7BA49FD4704F054099FF86672C1D6B4C940CB78
            Function 012E4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 770463eddc2f22521b040b68b840fd307d371a22679267f4aeed2881f71338dc
            • Instruction ID: c7f6c4576df443b00d85f8c994bc6eff5083bb4b40467c6cebadd3ef291996cb
            • Opcode Fuzzy Hash: 770463eddc2f22521b040b68b840fd307d371a22679267f4aeed2881f71338dc
            • Instruction Fuzzy Hash: 1CA109316303E56ADF39EE28884DBFD2BE49F56714F840498AF85DB281C7B4D944CEA0
            Function 012B6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 55a2e0c63ef31badc9cd2f4cfde8b7e6ae1beb43b62af930de7999aab7a440d8
            • Instruction ID: 2347217fa3e925a189c400903d77e3af743ffe333b3d7748196d1a6d9d905fe2
            • Opcode Fuzzy Hash: 55a2e0c63ef31badc9cd2f4cfde8b7e6ae1beb43b62af930de7999aab7a440d8
            • Instruction Fuzzy Hash: A1916272A5121AAFEB25DF95CC85FEE7BB8EF14790F100055F700AB191D674AD00CB64
            Function 012DE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: c2af8c5bd63fc577b9277475f91cd2991be2e5a0ae6512585b196fc829454a70
            • Instruction ID: bcee7b4d58bffe26a90c0ed33bf0424ae44c63ef36cecc7d0a094f782bd638d3
            • Opcode Fuzzy Hash: c2af8c5bd63fc577b9277475f91cd2991be2e5a0ae6512585b196fc829454a70
            • Instruction Fuzzy Hash: 0991B131A2064ABFDB26AFA5DC84FBFBB79EF55740F110029F601AB250DB749901CB90
            Function 0126A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: GlobalTags
            • API String ID: 0-1106856819
            • Opcode ID: 2139f51acba2cde4268660e2257c9d8df92a19b3dc9a1e942d29728ef1d27d02
            • Instruction ID: 0a84917c6a6e9f8f06dd81c5c1fe0f38e02034d1135570999a1256fb5d024bb7
            • Opcode Fuzzy Hash: 2139f51acba2cde4268660e2257c9d8df92a19b3dc9a1e942d29728ef1d27d02
            • Instruction Fuzzy Hash: BC718FB5E2020ACFDF28CF9CD9916ADBBB5FF48700F58812EEA05A7240E7708845CB50
            Function 012D4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: .mui
            • API String ID: 0-1199573805
            • Opcode ID: 7e2525b2865ab8da9c950e3c829d12c138a8edcc3ad8a2d8201292e8d62d772b
            • Instruction ID: 122667f0480d8eac2e95a79bf53431027834eb5b500c7894b43b9ab2c5ffd383
            • Opcode Fuzzy Hash: 7e2525b2865ab8da9c950e3c829d12c138a8edcc3ad8a2d8201292e8d62d772b
            • Instruction Fuzzy Hash: 9151B172D2026A9BDF11EF99D840ABEBBB4BF14A10F05412AEA11BB650D7749C01CFE5
            Function 0124E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: EXT-
            • API String ID: 0-1948896318
            • Opcode ID: edff46dba87e71208d3c5781585cd6e5d42ae1def027ffeea45212a57096e0fa
            • Instruction ID: 1cb312c0d5247f38eead9945c923c6b33877dcbb1e46479c2ee2bfe47148b551
            • Opcode Fuzzy Hash: edff46dba87e71208d3c5781585cd6e5d42ae1def027ffeea45212a57096e0fa
            • Instruction Fuzzy Hash: 5F41B4725283029BE719DB79C880B6BB7D8BF98724F450D2DFA84D7180E778D904C796
            Function 012AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: cf9947124051fa5d7294c9b10e9df5f9158352b00955df33c2f477f508b88b74
            • Instruction ID: ed2c551c0164e976c83db4bd40613c3b39172cab8dfffed0350de14091b20ba2
            • Opcode Fuzzy Hash: cf9947124051fa5d7294c9b10e9df5f9158352b00955df33c2f477f508b88b74
            • Instruction Fuzzy Hash: 924143B1D1022DAFDB21DA50CC84FEEB77CAB44724F4045E5EB08AB140DB709E998FA4
            Function 012C6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: 2905585d22ba068696115cfce7c0eaa95255e1805d6c029e0e6aad98d6337f27
            • Instruction ID: dc8cc0ee0351689e7cc93d9112fe6fec2c57c908455d0a704a47e0e357dc1b36
            • Opcode Fuzzy Hash: 2905585d22ba068696115cfce7c0eaa95255e1805d6c029e0e6aad98d6337f27
            • Instruction Fuzzy Hash: 48312831A2074A9BEB22DF69C844BFE7BA8DF04B04F14412CEB41AB382D775D905CB50
            Function 012ACA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: 547a160d1cf70f6a17f509a31e4f656fb6028caf563fe8b7a5cc7cb074a3fadf
            • Instruction ID: 9fdc660f713478c6d06af6334571e8e5c8582eea0eddac9dab81ce71f2838194
            • Opcode Fuzzy Hash: 547a160d1cf70f6a17f509a31e4f656fb6028caf563fe8b7a5cc7cb074a3fadf
            • Instruction Fuzzy Hash: E031453692051AAFEB15DB58C841EBFFB74EF80720F014429EA01A7250E7319E10DBE0
            Function 012B892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
            Download Yara Rule
            Strings
            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 012B895E
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
            • API String ID: 0-702105204
            • Opcode ID: b41e9e42b9f34e12f81c2b01cc9c1f9975a8cea308248dfdccd4fdc1ff384d55
            • Instruction ID: 81ece34174124112cd2d92fc6b2c22203b4e27ad28e843881a4f31768c47142d
            • Opcode Fuzzy Hash: b41e9e42b9f34e12f81c2b01cc9c1f9975a8cea308248dfdccd4fdc1ff384d55
            • Instruction Fuzzy Hash: 8201D471230B269BEB306E5598C4BFA7B69EF867D4F04041CE74906691CB30A880C792
            Function 0126E8F0 Relevance: 1.0, Instructions: 985COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0573ff0a26a675a87ae5154e5009231a62430c6d9afc6099f3e89b7003407b67
            • Instruction ID: 746b6e2980bc8278283ebdb301a736c97152b6db82988d71f948c2a1d486d172
            • Opcode Fuzzy Hash: 0573ff0a26a675a87ae5154e5009231a62430c6d9afc6099f3e89b7003407b67
            • Instruction Fuzzy Hash: 92822472F102188BCB58CFADDC916DDB7F2EF88314B19812DE416EB349DA34AC568B45
            Function 0127516C Relevance: .8, Instructions: 785COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4c982c341fc85eb9b2cdbded59e08d5ccc609ec90a0abce94b32e84f6d99a221
            • Instruction ID: 3cb3c85b4cad4aba9367f5fa739c75f44e321dc8bc809e49d95385b4eb588eec
            • Opcode Fuzzy Hash: 4c982c341fc85eb9b2cdbded59e08d5ccc609ec90a0abce94b32e84f6d99a221
            • Instruction Fuzzy Hash: 6362DD3281868BAFCF25CF08E4914AFFB62FE51314B49C65CD99A27609D371BA44CBD1
            Function 012D2000 Relevance: .8, Instructions: 757COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f615104bc9b6e0fc126dc611382b16aef24de0a1fa291f9bb134b9fdf19d980e
            • Instruction ID: 3dddd128fa9cf2b69d755709dad0af162d2cc4a506ad6e5cecd5399a023ca71e
            • Opcode Fuzzy Hash: f615104bc9b6e0fc126dc611382b16aef24de0a1fa291f9bb134b9fdf19d980e
            • Instruction Fuzzy Hash: 0142B031628342DFE725CF68C891A6BBBE5AF88300F58492DFA92D7250D771D845CB52
            Function 0128739A Relevance: .7, Instructions: 705COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 86d3a98d9b0b43963eb131524479076ab17f207493fb34fb3e854ff623be8a62
            • Instruction ID: 729b52b7ce17828e4e8ea17ce4684ed35b53d1ce8eaeef6b6d60c24448cadeae
            • Opcode Fuzzy Hash: 86d3a98d9b0b43963eb131524479076ab17f207493fb34fb3e854ff623be8a62
            • Instruction Fuzzy Hash: 6442B371A216168FDB19DF5DC4806BEFBB2FF88314B24816DDA52AB381D734E841CB90
            Function 01285AA0 Relevance: .7, Instructions: 652COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
            • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
            • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
            • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
            Function 0125B2C0 Relevance: .6, Instructions: 629COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4efc6008f0caaf23ba2a31ca7d94af3745dfefdd428fbfbe0c1587d6ace2f9a9
            • Instruction ID: 15a7d62b57aa8084c4a1d3bf3697b2246c0bf903374dcf4c53f9c49447c6f332
            • Opcode Fuzzy Hash: 4efc6008f0caaf23ba2a31ca7d94af3745dfefdd428fbfbe0c1587d6ace2f9a9
            • Instruction Fuzzy Hash: B8329D71E2021A9BDF24DF68D895ABEBBB2FF54714F180029ED05AB391E7359901CB90
            Function 012C8158 Relevance: .6, Instructions: 617COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c0e354380eebdb3ce730166f2ae7110102b6a97cdc3d916ef189b390f33092e4
            • Instruction ID: 8c7fb1a71833f453ce1f7f36d173c14633fd9f6a220b5c431d9551470c7f20d1
            • Opcode Fuzzy Hash: c0e354380eebdb3ce730166f2ae7110102b6a97cdc3d916ef189b390f33092e4
            • Instruction Fuzzy Hash: F6425D75A202199FEB24CF69C881BADBBF5BF48700F14C19DEA49EB241D7349985CF50
            Function 01242840 Relevance: .6, Instructions: 605COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4d3a4936f05092685f1116be36e5c048b55e935546eb0be71c9e392e48ebc913
            • Instruction ID: 52c63cbeebc0b58ae407ff33e9fcc27a1e7f2357fa0c3276b97fdc8194bda4f7
            • Opcode Fuzzy Hash: 4d3a4936f05092685f1116be36e5c048b55e935546eb0be71c9e392e48ebc913
            • Instruction Fuzzy Hash: 9B32BB70A206568FEF29CF6DC8447BEBBF2BF84304F24411DE6869B684D775A845CB90
            Function 012DA118 Relevance: .6, Instructions: 591COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: aaea2d26f1947235ad2a8202ce1034c3eef7d3d7811df999b606da2c662a7812
            • Instruction ID: cc2b7576589d0ab79e5a513e8d07485a1eac3b518bf27bf60905406bacc09b82
            • Opcode Fuzzy Hash: aaea2d26f1947235ad2a8202ce1034c3eef7d3d7811df999b606da2c662a7812
            • Instruction Fuzzy Hash: 5322CF706346628FEB29CF2DC095B76BBF1EF44300F18845ADA968F286D7B5D452CB60
            Function 012F16CC Relevance: .6, Instructions: 571COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6157526feac9c8d61010a34234579c16891add633d9aad0d9104c9ff5dd33b22
            • Instruction ID: b036bd183190643ebeb474affc3030891778bef2c70f13c66de74e479ec506b6
            • Opcode Fuzzy Hash: 6157526feac9c8d61010a34234579c16891add633d9aad0d9104c9ff5dd33b22
            • Instruction Fuzzy Hash: D522DF30A20216CFDB19CF59C490ABAF7B2BF88314F64416DDB559B385EB30E952CB90
            Function 0125FB80 Relevance: .6, Instructions: 559COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 06af746baacd5c56414703490205ebb7f79e81a24345d4bcefb0b6206380666d
            • Instruction ID: 16674db032c7f737ab5f2bb298a1b86b09dc5d158d7c878963528ebbd943a3a3
            • Opcode Fuzzy Hash: 06af746baacd5c56414703490205ebb7f79e81a24345d4bcefb0b6206380666d
            • Instruction Fuzzy Hash: F122D57092020ADFDF15DFA8C880BBEBBB5FF48310F548169EA15AB245E734DA45CB94
            Function 01258DBF Relevance: .6, Instructions: 554COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 323adc96130f32c7d5745e0d3a3611c0bf3ca208ff54c38962a5f35431ffeb9e
            • Instruction ID: e60a71d7f25a995e488da1a3eac75c3609171b585fb2ca5f17302c41b778398b
            • Opcode Fuzzy Hash: 323adc96130f32c7d5745e0d3a3611c0bf3ca208ff54c38962a5f35431ffeb9e
            • Instruction Fuzzy Hash: 2A226B70E2021ADBCF55CFA9C4809BEBBF6FF48304B54805AEA45AB201E774D981DB64
            Function 01236A50 Relevance: .5, Instructions: 548COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2597092fb8e90559f1a0ab910e2eb6893f53d855092c2c7416dad5abf359091e
            • Instruction ID: 9f15d942316b88da157572d601a898918f491640d699d87e308edf3b609611e3
            • Opcode Fuzzy Hash: 2597092fb8e90559f1a0ab910e2eb6893f53d855092c2c7416dad5abf359091e
            • Instruction Fuzzy Hash: A732CEB0A20206DFDB25CF6DC480BAABBF5FF88310F14456AEA55AB391D770E951CB50
            Function 012F2446 Relevance: .5, Instructions: 485COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a37232b09ff04e70ebcdd16d1f53bead725beb7002e5e2d7bd49db256cd03976
            • Instruction ID: 419f771e4c7c43b204d6a59ad67c657e926c1a6d6d03f2263e74a49e2520570e
            • Opcode Fuzzy Hash: a37232b09ff04e70ebcdd16d1f53bead725beb7002e5e2d7bd49db256cd03976
            • Instruction Fuzzy Hash: 4302C074624652CBEB28CF2EC451275FBF1AF46300F5481AEEB96DB282D734D842DB60
            Function 01285630 Relevance: .5, Instructions: 458COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
            • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
            • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
            • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
            Function 012F41A2 Relevance: .5, Instructions: 452COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 995fc43c8cb9f9bf242179efba1ba4dc3f6d5865bf7de41d539562df1489847f
            • Instruction ID: 88b9048d54f14dbc9090ddedde4798d7b608d97654d27ae619e5dc42e088335b
            • Opcode Fuzzy Hash: 995fc43c8cb9f9bf242179efba1ba4dc3f6d5865bf7de41d539562df1489847f
            • Instruction Fuzzy Hash: 27027A71E102868FCB05DF58D4906AEFBB2FF58314F28817DD655AB355D3B0AA42CB50
            Function 0130B16B Relevance: .4, Instructions: 450COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b2d891758efe2a28ee6a423ac81b1bf523c4d14caca3b202fd68ee92d65feb21
            • Instruction ID: 06307f1e0cc9f07121d280d1983b13282cd7e27ce48466cd49f60d9f39b976ef
            • Opcode Fuzzy Hash: b2d891758efe2a28ee6a423ac81b1bf523c4d14caca3b202fd68ee92d65feb21
            • Instruction Fuzzy Hash: B8F10676E002158BCB19CF6DC9A067EFBF5EF9821471A416DD896EB3C5E634EA00CB50
            Function 0130A9A6 Relevance: .4, Instructions: 425COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b2a989c97a0ded654b652e2cb69302a0c4ad34de65df9877feb3d8b15b414486
            • Instruction ID: b8aa734121ee826192af3ffe44b2857ed7e862ce20b0bcb5d0c587a6fc17071d
            • Opcode Fuzzy Hash: b2a989c97a0ded654b652e2cb69302a0c4ad34de65df9877feb3d8b15b414486
            • Instruction Fuzzy Hash: 71F1C472E006269BCB1ACE68D5B05BDFBF5AF54214B194269D856EB3C0D734EE40CB90
            Function 01254A35 Relevance: .4, Instructions: 423COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction ID: d82c3a9a27850ea9a57c9e25b2ab3c064fa3cd28db005fc066ad8642e5a42960
            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction Fuzzy Hash: 34F17D71E2124A9BDF55DF99D480BAEFBF5BF48714F048129EE05AB240E774E881CB50
            Function 012E2F30 Relevance: .4, Instructions: 412COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 80ec30979091ee07ffe46ade4abc84bcd864a0afe335be769d3da3190174d0e4
            • Instruction ID: eee62cc370088024559703f08d882bbcf81113d048c41a51c09d0e989bc53042
            • Opcode Fuzzy Hash: 80ec30979091ee07ffe46ade4abc84bcd864a0afe335be769d3da3190174d0e4
            • Instruction Fuzzy Hash: 2BE12471A20286DFDB24CFACC4497FEBBF1BF44311F88841ED586AB281D675A985CB50
            Function 012C892B Relevance: .4, Instructions: 386COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 58c68dea28498cde863ab9bad6e6db5766cbf1b0c20bcd22dbc33ddfa587f701
            • Instruction ID: 6b00f8d6f1feb17518cb342e4f163c071b0dfc1889963e5b8efd1173d6122b0b
            • Opcode Fuzzy Hash: 58c68dea28498cde863ab9bad6e6db5766cbf1b0c20bcd22dbc33ddfa587f701
            • Instruction Fuzzy Hash: DAD1F371A2061A9BDF19CF68C841AFEB7F1AF88B04F18C26DDA55E7241E735E901CB50
            Function 012365D0 Relevance: .4, Instructions: 383COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 38dc6de8439f81f555dd80bfcb632d5648b2751dff4352834bef7c6e458107a0
            • Instruction ID: 45071660d79976352047a413300b38c29e4ff67a063b1239715cfdc352820f0f
            • Opcode Fuzzy Hash: 38dc6de8439f81f555dd80bfcb632d5648b2751dff4352834bef7c6e458107a0
            • Instruction Fuzzy Hash: 06E18DB1618342DFC715CF28C090A6ABBE4FFC9314F05896DEA9587351DB71EA05CB92
            Function 01228397 Relevance: .4, Instructions: 380COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cb0a4134191dde27d518ef41552a8aeabf8c71cc99a69648c47ef8aa4c5939d8
            • Instruction ID: e7ec48e702d02e2c0915643575b3099b9e4602452cba069b6e40e4a77462e9ec
            • Opcode Fuzzy Hash: cb0a4134191dde27d518ef41552a8aeabf8c71cc99a69648c47ef8aa4c5939d8
            • Instruction Fuzzy Hash: 3DD1D271A20227AFDB18DF68C891ABE77E5FF54308F04422DEA15DB281E774E954CB60
            Function 0125C6E0 Relevance: .4, Instructions: 367COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 25f8d9bc62755a01f5e09c50da837da196e4f2cf5d79d984dbfd3434af890b2b
            • Instruction ID: 3d46195a8a1a3c4373723f39d6a8f9c0ba9fc89a69551da92ab1984aa881568b
            • Opcode Fuzzy Hash: 25f8d9bc62755a01f5e09c50da837da196e4f2cf5d79d984dbfd3434af890b2b
            • Instruction Fuzzy Hash: B0D18F71E2431A8BEF69CE9CC5C53BDBBB9FB44310F14402ADE42AB295E7B48951CB40
            Function 012438E0 Relevance: .3, Instructions: 349COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5b699a70f25bf44470c999e936b933d2f13d01698223b35319ed0cb66137a0fc
            • Instruction ID: 8541ec7254a30e1a9e4ee3e4fdffa07e462a41d5a62943c4bc763090ba8d5f7e
            • Opcode Fuzzy Hash: 5b699a70f25bf44470c999e936b933d2f13d01698223b35319ed0cb66137a0fc
            • Instruction Fuzzy Hash: 89E1BD75A10216CFDB28CF59C891BAABBF1FF58310F148159E955EB391E730EA41CBA0
            Function 013095C3 Relevance: .3, Instructions: 326COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee34f27a2544183daf5a846cf8d3f0b653cc4daa8daaac90d8b782f9b48c559c
            • Instruction ID: 5ad72c28734e1e62b0e7992889e0525aebc6ba9cda14e670fe9063b93ce983c2
            • Opcode Fuzzy Hash: ee34f27a2544183daf5a846cf8d3f0b653cc4daa8daaac90d8b782f9b48c559c
            • Instruction Fuzzy Hash: A5B19BB1910125AFFB2ACB24CC55FBB76ECEB04754F044299B91DE62C1DB70AF808B60
            Function 012B8243 Relevance: .3, Instructions: 322COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction ID: 63e84e173a2d75d2d966c5d67354b9daec6a1ebfe623907b6fcf3b83f9b658b1
            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction Fuzzy Hash: 18B19574A106069FDB24DF98C980EFBBBBDFF84344F10445EAA4697791DA34E945CB10
            Function 01240535 Relevance: .3, Instructions: 300COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction ID: a21bf65402d2f8e74fb55a71091ebbbab497fc658030d9263b03f5d2cecc72a7
            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction Fuzzy Hash: C6B1D331624646AFDB2ADB68C950BBEBBF6FF48200F140159E7529B281D770E981CB94
            Function 012383C0 Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0c52a3d12b0ba47d9208d5d11aaa16c1c465351856bff7e8640b47624776ff19
            • Instruction ID: 9f3c59bb2e63f8e21549754357652e26d951b3d62f261336bf10a80ebfea1f79
            • Opcode Fuzzy Hash: 0c52a3d12b0ba47d9208d5d11aaa16c1c465351856bff7e8640b47624776ff19
            • Instruction Fuzzy Hash: 0EC15AB41283428FDB64CF19C484BABB7E5FF88304F44496DEA898B291D774E945CF92
            Function 0122C427 Relevance: .3, Instructions: 280COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7973fd406f412b80f92f305aed40cd2ae1c08b8f408d59cd56055b8c6ffb88ce
            • Instruction ID: b70464577ba860335623489bff55cde6b3afe874ab44951a79c539d2eb9c8647
            • Opcode Fuzzy Hash: 7973fd406f412b80f92f305aed40cd2ae1c08b8f408d59cd56055b8c6ffb88ce
            • Instruction Fuzzy Hash: 58B17370A202669BDB74DF58D890BBDB3B5EF44700F0485EAD50AE7281EB70DD96CB21
            Function 0125E5E7 Relevance: .3, Instructions: 278COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dabec14fc04eb7c164a17e0f18e744cbafa06476ffca123fbc64eff87e840718
            • Instruction ID: 664f54f0977668b8ab2180f8f7d2a40e6fe3fb6c1fc0f03bee4aaed6c0ec0493
            • Opcode Fuzzy Hash: dabec14fc04eb7c164a17e0f18e744cbafa06476ffca123fbc64eff87e840718
            • Instruction Fuzzy Hash: 5DA11231E30256AFEF61DF9CC984BAEBFA4AB04750F064125EF50AB281D7749E40CB91
            Function 01270185 Relevance: .3, Instructions: 276COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbabc282a7abb154aeae9ec39a596336ca6f810ff352abd0cb010d2fcca04b34
            • Instruction ID: bd3145027c5d1e36834bc952f7f1346a8857548dc7e703b02387337626dfa2e7
            • Opcode Fuzzy Hash: dbabc282a7abb154aeae9ec39a596336ca6f810ff352abd0cb010d2fcca04b34
            • Instruction Fuzzy Hash: 8EA1DF70A20616DFDB25DF69C8A1BABB7E4FF45318F004029EB0597281DB74E849CB54
            Function 01304500 Relevance: .3, Instructions: 275COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 71946796a6a7dca2b5c0c8faaaba26d91ecfeba9750542efdd4a55573f616030
            • Instruction ID: 84e264a489680ad04521fd10db7efffe8cc906cebaa4dcb7d0670f473b7947fd
            • Opcode Fuzzy Hash: 71946796a6a7dca2b5c0c8faaaba26d91ecfeba9750542efdd4a55573f616030
            • Instruction Fuzzy Hash: ABA1D172614612DFC726DF18C990B6ABBE9FF48718F05092CF6459B691D335EE00CB91
            Function 01302B57 Relevance: .3, Instructions: 266COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction ID: f2d1aa7346d262d51e369285a1357d7d5e6406d8c1773c58fd5ca5919594eaf4
            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction Fuzzy Hash: 47B12971E0061ADFDF2ACFA9C894AAEB7F5BF48314F148169E914A7790D730AD41CB90
            Function 012B60E0 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6cb36b479a2df0c7e071d23582671b7122d6aed0fae493233f14d7e1444f9a51
            • Instruction ID: 345cff8f86da688b6cf43b2ca940350e32c87e39c1ecf19cfa24433a23c5b7a2
            • Opcode Fuzzy Hash: 6cb36b479a2df0c7e071d23582671b7122d6aed0fae493233f14d7e1444f9a51
            • Instruction Fuzzy Hash: ED91A171D21216AFDB15CFA8D8C4BFEBBB9AB48750F144169EB10AB341D774D9008BA0
            Function 0124E3F0 Relevance: .3, Instructions: 261COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2c3ddc0e751f627f578d399048aaef2cc74199e6171b92dc848d7b38078ec3e7
            • Instruction ID: 96a75f1b360623bdb3906f2a25fc5b08a665cf5816b02625100b71895264ec91
            • Opcode Fuzzy Hash: 2c3ddc0e751f627f578d399048aaef2cc74199e6171b92dc848d7b38078ec3e7
            • Instruction Fuzzy Hash: 88914771A20222CBFF28EB2DD441B7D7BA1FF94724F064069EE059B340E638D841CB91
            Function 01264750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
            • Instruction ID: d7253e5d6215d9b6496e79012a6623c33de3a1384ca4d8b816dfdaeec50dabc8
            • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
            • Instruction Fuzzy Hash: 0C814D21A342D6CFDB169E9CCCC127DBF69FF52300B58467AD6828B281C264DCC5C791
            Function 0127DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
            • Instruction ID: 372710b078c8aa2b190442ab8315df0bb17b8203cd530d5f38769f9040de12e6
            • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
            • Instruction Fuzzy Hash: F0913E72620A0A8FE725CF6DC886667BFE0FF55324B148A1CD6E6DB6A0D375E511CB00
            Function 012FF7B0 Relevance: .2, Instructions: 242COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1b7e9ef2438721ff40758b512bcda9b64a46677102f4f91bc6d614b33fa7d0dc
            • Instruction ID: 030f8b8afe6dc95b73cb86278640a147a9d810f626821e3a8fd7b5ad9336dc34
            • Opcode Fuzzy Hash: 1b7e9ef2438721ff40758b512bcda9b64a46677102f4f91bc6d614b33fa7d0dc
            • Instruction Fuzzy Hash: 6891A073A2021AABEB15CF28CA8076AFBE5AF44310F05857CEB55DB291D774E905CB90
            Function 012FF43F Relevance: .2, Instructions: 241COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e719e5813e82feded7167d9361d00c4fd4f3c6ed33fc67b668956bfca927e7a0
            • Instruction ID: 9185379dee1cd961c8f7cdfbfe87ded4073417420d4c3a01800c9651ead6c0e3
            • Opcode Fuzzy Hash: e719e5813e82feded7167d9361d00c4fd4f3c6ed33fc67b668956bfca927e7a0
            • Instruction Fuzzy Hash: 5E91E032A101158BDB19CF79C8906BEBBF1EF88310F19827DEA15DB386DA34DA05CB50
            Function 012F81CC Relevance: .2, Instructions: 232COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 63cac2fee246957d9acca322a5f0209a33df69e7e81084e813b319a617f0426b
            • Instruction ID: e72706304caa2c57942e9d36807aeb4747eb6e08ab2b1e4503402ee7ac17ea8d
            • Opcode Fuzzy Hash: 63cac2fee246957d9acca322a5f0209a33df69e7e81084e813b319a617f0426b
            • Instruction Fuzzy Hash: 20818376E2051A9BCB14CF6DC8805BEF7F5FF88224B18423EDA21E7290D774A951CB90
            Function 01240E59 Relevance: .2, Instructions: 231COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7c0c910784f865aa5c384fb1f1f805bb46047a972159bba8b2c9cb2976c5ac2
            • Instruction ID: 9efe6797d621b5f7c5ca139dab7946a90e2b3ef8ed21d6c8436df247a9541a9f
            • Opcode Fuzzy Hash: e7c0c910784f865aa5c384fb1f1f805bb46047a972159bba8b2c9cb2976c5ac2
            • Instruction Fuzzy Hash: 2B81B831B2051ADFDB29CF5DC8809AEBBB2FFC5210B258265EA149B345D770E991CB90
            Function 012EE4F6 Relevance: .2, Instructions: 224COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5d3a5fd2e3458a6b93001155575b1f24ba7c0790c47c83d15fa7106c9471d77c
            • Instruction ID: e799c52dd2f49c9b19a0905be154b950f7524addf3ee654747e957010d141091
            • Opcode Fuzzy Hash: 5d3a5fd2e3458a6b93001155575b1f24ba7c0790c47c83d15fa7106c9471d77c
            • Instruction Fuzzy Hash: 8281AF72A102169FCB28CF98C4956ADFBF1EF98310F5A816AD916EB385D7309D41CB90
            Function 012FAB40 Relevance: .2, Instructions: 222COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction ID: f1a39afbfaecf74960a8f3ddf9f453755d12c8d6a788b7f97e0e6c14886e96d5
            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction Fuzzy Hash: 13817131A2020A9FDF19CF98C491AAEFBB6BF94310F14857DDA1A9B385D774D901CB50
            Function 0126E284 Relevance: .2, Instructions: 212COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a530bbf8fd99ef0cdc7e7087d247e2f72f60bf52f6f2e634f805479565a7ecaa
            • Instruction ID: 17942d36317e213d4700767dc166c32758b83759b6e670eb35f132b3e4163bd5
            • Opcode Fuzzy Hash: a530bbf8fd99ef0cdc7e7087d247e2f72f60bf52f6f2e634f805479565a7ecaa
            • Instruction Fuzzy Hash: 4D81B275A1060AEFDB21CFA9C880BEEBBFAFF48344F114429E655A7290D730AC55CB50
            Function 0125B950 Relevance: .2, Instructions: 209COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b4f4ded6277b1467f66dbb111d76b7fdf29a175ffb39578dd67c3b7d36357bb3
            • Instruction ID: 4a00de7a9897e16aacc00a636fdd87c57c8f0da2206431376846e09f85aac3e1
            • Opcode Fuzzy Hash: b4f4ded6277b1467f66dbb111d76b7fdf29a175ffb39578dd67c3b7d36357bb3
            • Instruction Fuzzy Hash: DC7107303342528EEBA4CE2DC9C173677E3AB84705F15855DEE968B1C5D775E802CB60
            Function 0124C640 Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4720a84b6d5d6b6670c58ca0ecd1d2e2e394c64ca62cc338bec0b7a57f839b83
            • Instruction ID: 56ad14913bf87919c14fc971fc67e50bf42553be879756d4d08639bf3ee34dd2
            • Opcode Fuzzy Hash: 4720a84b6d5d6b6670c58ca0ecd1d2e2e394c64ca62cc338bec0b7a57f839b83
            • Instruction Fuzzy Hash: FB71C0B5D2526A9FCB29CF6CC4917BEBBB4FF59710F18411AE941AB350D7709810CBA0
            Function 012E47A0 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 942ba0f1e9796a4988bf5f16100e6e62818c1b4fb76e1b008cb6be0d8b1d30b0
            • Instruction ID: 5665386bb406c8185a3f99ea16c967957cc2bcc3ec2c920623ffda245b821327
            • Opcode Fuzzy Hash: 942ba0f1e9796a4988bf5f16100e6e62818c1b4fb76e1b008cb6be0d8b1d30b0
            • Instruction Fuzzy Hash: C47171B0A20289EFDB20FF59D959AAABBF8EF90310F50415EEA10E7358C7359940CB54
            Function 012EDAC6 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 498adad9a8d1c1aff44e8a45b7b5e338476458a19291cc483254e92082fb7543
            • Instruction ID: 0b733feb5b7cb9e14787ad63fcfcb893df7e48226a7725321b95aa6926063c29
            • Opcode Fuzzy Hash: 498adad9a8d1c1aff44e8a45b7b5e338476458a19291cc483254e92082fb7543
            • Instruction Fuzzy Hash: 3381BE70D1024A9FDB25CFAAC448ABABBF0FF49340F80845DE595AB286D3B5E841DF50
            Function 0124260B Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a879d2eb5e22355dbc738cd8b287d0f13f26ed6363e9754440219d299681df1e
            • Instruction ID: 8691d18b1b728ca9ae512b3922ff8158e6c8da5ddb14572ddb04adc174599476
            • Opcode Fuzzy Hash: a879d2eb5e22355dbc738cd8b287d0f13f26ed6363e9754440219d299681df1e
            • Instruction Fuzzy Hash: F571CE31624642CFD31ADF2DD484B2AB7E5FF88310F0485AAF9988B352DB74D845CB91
            Function 012F70E9 Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5ff9c36fc771d4581436ef2c5109b94fcd1f4030beb263fa4eb5ffdd9fbfac5a
            • Instruction ID: 5e1133ca91cc4cf7f42f462bbb064b3db1ef0dac037c2ce32848def06e7a2a2c
            • Opcode Fuzzy Hash: 5ff9c36fc771d4581436ef2c5109b94fcd1f4030beb263fa4eb5ffdd9fbfac5a
            • Instruction Fuzzy Hash: 4261B475E2021B9BDB15AFA9C8819BFF77AEF54210F10443EEB12A7240DB74D9458B90
            Function 012EF0CC Relevance: .2, Instructions: 199COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 942f853db0e35910b57d69996bdba2a40264955cc63bad56f778fd666702ce4a
            • Instruction ID: 32f03b44332884a42cab1877cbd133a78a665b0f1be16e7db69b0f2cffaa3d91
            • Opcode Fuzzy Hash: 942f853db0e35910b57d69996bdba2a40264955cc63bad56f778fd666702ce4a
            • Instruction Fuzzy Hash: 1671B079A21727DFDB24CF5AC28427AB7F1FF45704BA5446EDA429B240D374E940CB50
            Function 012B035C Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction ID: c116bc3dfb69903200da4d64ef6e05755897f841578dd517429e4cf808e637b8
            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction Fuzzy Hash: 66718D71E2061AEFCB15DFA9C984EEEBBB8FF48340F144569E505A7250DB34EA01CB94
            Function 012C62A0 Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c1e83fee876fa2ccaa85f6265975b517aa24dcdb83b2c2a2faeca0d865e7564
            • Instruction ID: c933b92666838660c3b2f8dedf7b5a5f3e58055cf365e3dbfccd194c5b78ee99
            • Opcode Fuzzy Hash: 9c1e83fee876fa2ccaa85f6265975b517aa24dcdb83b2c2a2faeca0d865e7564
            • Instruction Fuzzy Hash: AC71D032260A02EFE7369F18C845F66BBA6EF44B20F14462CE355872A1D775E944CB50
            Function 01238AA0 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fd08e68c8a3ea175ace8ed573afadee8dd9df6738ac086c92474579ee9d938a0
            • Instruction ID: 926a90acabd3bfa5f753bb76bedcb1f42deae9b728eda79f6934b17533709168
            • Opcode Fuzzy Hash: fd08e68c8a3ea175ace8ed573afadee8dd9df6738ac086c92474579ee9d938a0
            • Instruction Fuzzy Hash: 3981B1B1A24356DFDB28CF5CD584B6D7BB6BF88310F15426DEA00AB281E7749D40CB94
            Function 012F7A46 Relevance: .2, Instructions: 193COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d97dd493c77183d9af6c88f0a3ee0a0e09f3fde6eb1e7b64fb1de2d5e8304a61
            • Instruction ID: 971f74314b78ee99ab76cccbd9cb30aa4de34039f2d7832e25a53be9f09ca43d
            • Opcode Fuzzy Hash: d97dd493c77183d9af6c88f0a3ee0a0e09f3fde6eb1e7b64fb1de2d5e8304a61
            • Instruction Fuzzy Hash: 3C510975A2012A5BCB19DF69C880ABAFBE2EB98310F14417DEB55D7385EA74C902C790
            Function 01308324 Relevance: .2, Instructions: 192COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 28ec43005db6a17f6e5a1ddc947f689a3a238fba4bf178247ecad443bf471c8d
            • Instruction ID: ec8bd840af3a3e2a10ce3d0528404b76c7399b2f769c8c79baa29fcd0d36d50a
            • Opcode Fuzzy Hash: 28ec43005db6a17f6e5a1ddc947f689a3a238fba4bf178247ecad443bf471c8d
            • Instruction Fuzzy Hash: AC711971E1061AEFDB16DF94CC51FEEBBB8FB04354F104169E610A6290E774AA05CB90
            Function 012F132D Relevance: .2, Instructions: 188COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7c85128051cf18ff3e1c1ff565083b35738ef22df0df63100846aa2dcd4d5268
            • Instruction ID: 965a404afc198f89f58c5f2c2a94b75d4052cac3e7749aed7074d88f5c39d998
            • Opcode Fuzzy Hash: 7c85128051cf18ff3e1c1ff565083b35738ef22df0df63100846aa2dcd4d5268
            • Instruction Fuzzy Hash: 12815B75A10246DFCB09CF98C490AAEBBF1FF88310F1581ADD959AB345D734EA51CB90
            Function 012EA250 Relevance: .2, Instructions: 184COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d535a6f354983c0b2cbffdde088e70d68a18aeceb9a3556b787e1e227d5f22ac
            • Instruction ID: 090ea8dc9816caff6d8c9a267f0c46210131ab53f788c636d4607c7432da4466
            • Opcode Fuzzy Hash: d535a6f354983c0b2cbffdde088e70d68a18aeceb9a3556b787e1e227d5f22ac
            • Instruction Fuzzy Hash: C051D372524712AFD722DE68C848E6BBBE8EFC5750F414929FA44DB150D770ED04CBA2
            Function 012FCE93 Relevance: .2, Instructions: 172COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
            • Instruction ID: 41012323826753fcd047b7c6f732868fbaf06da56d68924ed61f7972602a25d1
            • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
            • Instruction Fuzzy Hash: DF51573262420B8BD705CE2D8850F7BFBD6AFD1250F09863EEB56C7242DA30D8198791
            Function 012D8350 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f432337158538b2c0c5af8f85a9bc27b96c3be22b6a64f89c0553cb8e209eea3
            • Instruction ID: 7816be6c84c3a99207cebccfac86c5ec54789c630acfc3161ab16f781835e2ee
            • Opcode Fuzzy Hash: f432337158538b2c0c5af8f85a9bc27b96c3be22b6a64f89c0553cb8e209eea3
            • Instruction Fuzzy Hash: C751C070910705DFD721DF5AC880AABFBF8FF54710F10461EE296976A1D7B0A545CB50
            Function 0126E443 Relevance: .2, Instructions: 158COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 664b0d4da8edffa2932006b7ba018d02a260b19f3f7d1523e91831b2f46bf339
            • Instruction ID: 60cdac2795ba3a6f395dff11b8fa4312c77a41c9b8262ab42b50dcbc72963862
            • Opcode Fuzzy Hash: 664b0d4da8edffa2932006b7ba018d02a260b19f3f7d1523e91831b2f46bf339
            • Instruction Fuzzy Hash: 7D515C75220A16DFCB26EFA9C980F6AB7FDFF14744F510429E641972A0E734E980CB50
            Function 012D4180 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e69f6c027eda712f7060d1500864b63e80c9ce79610513f7822790fee60737d8
            • Instruction ID: 60aca2ea59f328e5c5194fad55511efc67efe8507ae090f8ddbe84e1c57835e3
            • Opcode Fuzzy Hash: e69f6c027eda712f7060d1500864b63e80c9ce79610513f7822790fee60737d8
            • Instruction Fuzzy Hash: CA518B716283828FD794EF2DC881A6BB7E5BFC8208F54492DF689C7650DB30D905CB56
            Function 012545B1 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction ID: e665a1f5a5b4560c554e39c278f25128ed38f202c43eb87128fca42979a8e695
            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction Fuzzy Hash: CF517271E1025A9FDF59EF98C480BFEBBB5AF45754F044069EA01AB240E774ED84CBA0
            Function 012B3A6C Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 84836fd169bec0458acb5cee2798cb643cb5bfd0fcc04822857919280e30f2d0
            • Instruction ID: 7a94e0db98bf8af1ea0b58cb7351f8a1e039dbb20a8b225c1a7431e1b29f5a91
            • Opcode Fuzzy Hash: 84836fd169bec0458acb5cee2798cb643cb5bfd0fcc04822857919280e30f2d0
            • Instruction Fuzzy Hash: 1551BE36E5012E4BEF24CA58D4A1BEFB3F2FB45314F440819EA45BF3C4D276694AD650
            Function 012AD800 Relevance: .2, Instructions: 155COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 238ed5f40e1f928b057ea70347033d23b2186e0b03ba72d61e4ab7171fb37e54
            • Instruction ID: a976b8d5d5f056d2e5e897d5a2f69943b42b628b4f9270463f158fe7e5e83f43
            • Opcode Fuzzy Hash: 238ed5f40e1f928b057ea70347033d23b2186e0b03ba72d61e4ab7171fb37e54
            • Instruction Fuzzy Hash: A951F070A2021BEFDB14DFA8C480ABEBBB5FF45700B844169EA45DBA80E774D951CB91
            Function 012BE9E0 Relevance: .2, Instructions: 154COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction ID: a1d09b5d57ed63d885e854f3bfbc31704d4f40888ca04e3bbb1a8806117e8206
            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction Fuzzy Hash: 3551C971D2021AEFDF219F94C8D1BEEBB79BF00394F164655D61267191E7709D40C7A0
            Function 012F7571 Relevance: .2, Instructions: 153COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: de1a01e02e962fadb1c168f14dcde46734b9648f0694d4ab457a8e3278784dfd
            • Instruction ID: f81686fbb5d78dabd0676b36b41693a5987e1d699a12e5a6d21c059be3a4f501
            • Opcode Fuzzy Hash: de1a01e02e962fadb1c168f14dcde46734b9648f0694d4ab457a8e3278784dfd
            • Instruction Fuzzy Hash: 4951BE31A2012A9FDB259F68D844A7EFBB9FF48340F14413DEB15A7290DB70AD11CB80
            Function 012F8B28 Relevance: .2, Instructions: 152COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 22fca5dc853e5708819b18781b56d411e1f0fdeab75dcc88faad33596baa2805
            • Instruction ID: 8e6aff9f48efed6327c99a9b0408331117c0f8900c43afe95413fc00a188b0a3
            • Opcode Fuzzy Hash: 22fca5dc853e5708819b18781b56d411e1f0fdeab75dcc88faad33596baa2805
            • Instruction Fuzzy Hash: 9E41C2707216169BD629DB2DC895B7BFB9AEF90620F04823DEB55CB280EB74D801C791
            Function 012BCBF0 Relevance: .1, Instructions: 148COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8656b0151eee079e31bdae272f037cbd89881843647a1dd08e4f549ae7a90844
            • Instruction ID: 12e87ff54547f14bcf2f4665abbadcfee7007557455fdb5a7fa12219ddb3e01a
            • Opcode Fuzzy Hash: 8656b0151eee079e31bdae272f037cbd89881843647a1dd08e4f549ae7a90844
            • Instruction Fuzzy Hash: E45190B5A20216DFCB30DFA9C9C09AEBBB9FF58394F114519EA45A7304D770AD11CB90
            Function 012B5BF0 Relevance: .1, Instructions: 145COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f22f4244c2dae700d13c5e837f776a2a099e9976ab8f565fe67ed05cda6a386d
            • Instruction ID: 77e7b36846213f436c00d3242a7bbec0564ff963a061f50ffe0a7fe22e3810c8
            • Opcode Fuzzy Hash: f22f4244c2dae700d13c5e837f776a2a099e9976ab8f565fe67ed05cda6a386d
            • Instruction Fuzzy Hash: 9F412B71B702579BCB2AFFB9A8C36FD76A19F54B54F00062EE902EB340DA7489014791
            Function 0126A430 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6f98728633faed07d80ef6f3bb57b243e6e0ca6c1e037e38d81b0ce85e13cb0b
            • Instruction ID: 96c74dcb3c3119885866a5192726241081dad245af321a7685f1bfd93b4d08a6
            • Opcode Fuzzy Hash: 6f98728633faed07d80ef6f3bb57b243e6e0ca6c1e037e38d81b0ce85e13cb0b
            • Instruction Fuzzy Hash: 41412971660326DFCB39FF68A881B3A376CEB59708F04102CEE06AB281D7B1D890C750
            Function 012FA9D3 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction ID: ed766727a0325bf7a5ad1a5faabdc9183d2d3d5bf207a6f0cf11465887257fd5
            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction Fuzzy Hash: 9641C6716247169FD729CF28C984A6AF7A9FF90210F05463DEB5687240EB31ED1CC790
            Function 012601F8 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 917163cc40c82af41b459975e897508d9a835c418e35aace08aecf99eefb6c42
            • Instruction ID: f073997115ddc37ed49dbfaa6c89016bc0b53e57ce04cf70e8d63cfe208ad21b
            • Opcode Fuzzy Hash: 917163cc40c82af41b459975e897508d9a835c418e35aace08aecf99eefb6c42
            • Instruction Fuzzy Hash: E941BF36921216DBDB14DF98C440AEEBBB8FF88710F14816AF915F7280D7749C81DBA8
            Function 0125EBFC Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ade7e66ee8399c7a76313928f504d54099c58a0e4a42be2bd991b7fcaeb247ee
            • Instruction ID: 790d58d093dc4c45ee25b72dbe1e02b6f9323472dcb8cdd0dfd0072f48b5b144
            • Opcode Fuzzy Hash: ade7e66ee8399c7a76313928f504d54099c58a0e4a42be2bd991b7fcaeb247ee
            • Instruction Fuzzy Hash: 6341D6B1224302DFDB65DF28D984A2BBBE9FF88324F01482DEA57C7611DB71E9448B50
            Function 01272750 Relevance: .1, Instructions: 137COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction ID: b3a9aa4ea50d0858fb22d48f19bf065921a0e621376468aa307a6f329ce320c9
            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction Fuzzy Hash: 82515B75A10216CFDB15CF9CC580AAEF7B2FF84710F6481A9DA15A7351D770AE42CB90
            Function 01236154 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b5d78da39702aff54d036b8dbf5cbc1b1b632d861413b399713fb9a7b630bd75
            • Instruction ID: 19904f21fd9950e18c78382ffaf79cb5175454d32de694026ad3b1e1903e66b4
            • Opcode Fuzzy Hash: b5d78da39702aff54d036b8dbf5cbc1b1b632d861413b399713fb9a7b630bd75
            • Instruction Fuzzy Hash: 9E5127B0920257EBDB39DB68CC05BB8BBB9FF51314F0442A9E625972C1D7749A81CF84
            Function 01230BCD Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8c8a68dc7debb20dac1750b99435c2facebc1ea36b1f0d7f06cb989775a5531d
            • Instruction ID: 0668930c8ed711189c1155102c3c797f4a1e6307a0bf658d0be12f1f9c314eff
            • Opcode Fuzzy Hash: 8c8a68dc7debb20dac1750b99435c2facebc1ea36b1f0d7f06cb989775a5531d
            • Instruction Fuzzy Hash: FF419571A21229DFDB21EF68C940BEE77B8EF45750F0104A5EA08AB241D7749E84CFA5
            Function 012F866E Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction ID: 0e8698689ba178d82689dd9a60ec18efe80b7cd08c37ae6c5fd37103a9317a07
            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction Fuzzy Hash: 35418176B20206AFDB19DB99CC85ABFFBBAAF88600F14407DEB04A7341D670DD418760
            Function 012FF0E0 Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e3bd1e55fe9ae8cc9ebcd074626960e0c06f18e812871e7b6c6a2b185a5f4ef
            • Instruction ID: f3e209236fe9ee571d31651132be62cab0aac1047c3d581c07398397cc86e8a8
            • Opcode Fuzzy Hash: 1e3bd1e55fe9ae8cc9ebcd074626960e0c06f18e812871e7b6c6a2b185a5f4ef
            • Instruction Fuzzy Hash: 4B41F3752143418BD719CF29D86487ABBE1FF84215F05466DF9958B382CB30D909CB61
            Function 01230887 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 056fd34cadc5138b67f0aba5f2ead4aca4e14f65f2ea59ef37cfb0e1e090bb47
            • Instruction ID: bb01f837a49ea56c6e2a2c6b69ae2d4be9b4581ab062d8f8bd8668910aead320
            • Opcode Fuzzy Hash: 056fd34cadc5138b67f0aba5f2ead4aca4e14f65f2ea59ef37cfb0e1e090bb47
            • Instruction Fuzzy Hash: 5541C4F0620702DFE325DF29D480A26B7F9FF88714B104A6DE65787A50E770E845CBA8
            Function 012DD5B0 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bcbf0be1d12fe1ba9159d43b5d89b4e6414b50e10e9e92c317080c55f76bf9bd
            • Instruction ID: d01a3a261fb566e39fa31235966382aa5ac8c490a7ff979391a382aa11ca815b
            • Opcode Fuzzy Hash: bcbf0be1d12fe1ba9159d43b5d89b4e6414b50e10e9e92c317080c55f76bf9bd
            • Instruction Fuzzy Hash: F8412630A286999FCB14CF6CD4816BAFFF1EF49300F058489D6C58B285C734A456DBE0
            Function 0125A470 Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e23bfdcb15710f46b620122a370b88e2cd50cbd3cf296dd995607da1f4aaf442
            • Instruction ID: b9eea05be7bf7ec1d597d1de4252c59b7b741b908e5f7c8a3699b588b4d1e9d4
            • Opcode Fuzzy Hash: e23bfdcb15710f46b620122a370b88e2cd50cbd3cf296dd995607da1f4aaf442
            • Instruction Fuzzy Hash: 2D411F32924206DFDF25EF6CE496BAD7BB4FF48324F140259DA11AB281DB709900CBA0
            Function 01238BF0 Relevance: .1, Instructions: 124COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 13241f0655923ea8bef716bd2da84ce189d82a442520cb23ef7de84b7c34b0eb
            • Instruction ID: d5c4199f4677115235dbee3a108ad56f489053f5fecd69c82b3e1355274f4c6a
            • Opcode Fuzzy Hash: 13241f0655923ea8bef716bd2da84ce189d82a442520cb23ef7de84b7c34b0eb
            • Instruction Fuzzy Hash: C64118B1A20206EBDB38EF58C844A6ABBB5FFD4704F14822EE9015F655D775D842CF90
            Function 01228918 Relevance: .1, Instructions: 123COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3492db05e62a02caf691a401083dbd007ce82576a272008ea588f3bee790e0cb
            • Instruction ID: 2e8672f298df24ab3902e6e49e8060b76585b4642b39186626e79d1f553f270d
            • Opcode Fuzzy Hash: 3492db05e62a02caf691a401083dbd007ce82576a272008ea588f3bee790e0cb
            • Instruction Fuzzy Hash: 5B4171325283569ED311EF64C841A6FB7E8AF84B54F40092EFA80D7250E770DE048B93
            Function 0122A020 Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction ID: 33e9b10b3440738bc7e3bbaf6448e5bb9d8dbe939f51ea1fe6c1ee9afc2f9204
            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction Fuzzy Hash: 4A416E31A30223FBDB21EE1884407BEB771EB60751F15806EFB418BA80D63B9E40C790
            Function 012309AD Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cdd26cfb784e7576b0208610c46543f69977778f87f95ed6d5f07ab3d82dc35a
            • Instruction ID: eac1ca31eca62f2a275665d323f917b10328ecae2dba3095fe37079110c7d41a
            • Opcode Fuzzy Hash: cdd26cfb784e7576b0208610c46543f69977778f87f95ed6d5f07ab3d82dc35a
            • Instruction Fuzzy Hash: D6416CB1620702DFD725DF19D840B26BBF4FF94714F20856AE6498B251E770E9428BA4
            Function 01260710 Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction ID: 3926df890d7c9a49b16f3fe37bb8744421c0ed7e802021202845e0d1244c1af4
            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction Fuzzy Hash: 57416F71A10705EFDB29CF98C980AAABBF8FF18700B10496DE656D7290D330EA84DF54
            Function 0123262C Relevance: .1, Instructions: 119COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 674ec2db1c4aa470cd31065e5949ef040e5c2e78f9a8177146c1f16d6542d2d1
            • Instruction ID: 925b793c43c4936fdeaa5b5ed43d430e0825e0f0ffe1454a5371dc262614a2e6
            • Opcode Fuzzy Hash: 674ec2db1c4aa470cd31065e5949ef040e5c2e78f9a8177146c1f16d6542d2d1
            • Instruction Fuzzy Hash: 0541CDF0921712DFCB26EF28C901A69B7B5FF84314F1082ADCA169B2A1EB709941CF51
            Function 0126C8F9 Relevance: .1, Instructions: 116COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f84a76cb1dad4d6a4e59caf6ec9e6acb933dc81b647f5be670bfc6f463e88035
            • Instruction ID: 2391ee3754e89d033f97db2b0fb6e0de70def0ba7d2be495d8d308a11f846cae
            • Opcode Fuzzy Hash: f84a76cb1dad4d6a4e59caf6ec9e6acb933dc81b647f5be670bfc6f463e88035
            • Instruction Fuzzy Hash: 2E318BB1A21346DFDB12DF98C4407A9BBF4FB09724F2081AED119EB291D3769942CF90
            Function 012FEEDB Relevance: .1, Instructions: 113COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6d9582283f9286fafbee54c9398edf77910f02cc8a504f0b7506e942a5f8f29
            • Instruction ID: 665eaeb2519faa93485c770ddeb164f60a93abcd724bfc2d5b6cb358986ebd7f
            • Opcode Fuzzy Hash: c6d9582283f9286fafbee54c9398edf77910f02cc8a504f0b7506e942a5f8f29
            • Instruction Fuzzy Hash: 7041B333A1402A8BCB28DF68D49157AF7F5FF48304B6742BDDA05AB295DB34AD05CB90
            Function 012FFA49 Relevance: .1, Instructions: 113COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9f6abaac975543302ff430e9ac78e0b73c4a69bb1447061d32b3a822d36d147e
            • Instruction ID: e3774c3cf6e4431d641cd6931925857dbed588b2ca63ded0455eb8340d443bff
            • Opcode Fuzzy Hash: 9f6abaac975543302ff430e9ac78e0b73c4a69bb1447061d32b3a822d36d147e
            • Instruction Fuzzy Hash: 0A31E5337201079BD718CF29C944AA6FB9AEF99350F08857CEB18CB285E6B4D949C794
            Function 012280A0 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 47c17528afbcec6a7d88d23a66624a166767170fc296574abcf03e3f743dfed1
            • Instruction ID: d9c747608dae897c4629a406fb78523eb7ed4e5b8aecccb7a8164bd894ca33bf
            • Opcode Fuzzy Hash: 47c17528afbcec6a7d88d23a66624a166767170fc296574abcf03e3f743dfed1
            • Instruction Fuzzy Hash: E041EF71A25626BFDB11DF18C880AACB7F1FF54760F248229D915A72C0DB74ED418B90
            Function 012B05A7 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2bbb143f9d8918c2c348afd5a86e324777980a8fc4c78ab9b2c1aba5f876ce26
            • Instruction ID: 34289415cd1424532b421450acfc8ea67b659a0b80521e6285e1184374f7aeeb
            • Opcode Fuzzy Hash: 2bbb143f9d8918c2c348afd5a86e324777980a8fc4c78ab9b2c1aba5f876ce26
            • Instruction Fuzzy Hash: 8041B2726147429FD321DF68D880ABBB7B5FFC8740F140619FA9497690E730E904C7AA
            Function 01234859 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 818ef0045143c6af486e756331af7ccf8a34972cd346e7e76e579f10008a3a41
            • Instruction ID: 2c4a1c930675a3f3cad6e527c61d85341bef6a3b490a59ea6a9240a40735fd24
            • Opcode Fuzzy Hash: 818ef0045143c6af486e756331af7ccf8a34972cd346e7e76e579f10008a3a41
            • Instruction Fuzzy Hash: 2A41B3B02203428FD725EF2CD884B3ABBE9EFC0364F1444ADEA458B291DB70D941CB91
            Function 01228B50 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 41407a519425869014a5e7082380bdc4f8241353b4db8e6fbdf25ade5857099e
            • Instruction ID: 5ee535a04cd3818c2e2dc1e4b58fbd3485e27339d50f0ade57b8e3eb8da1959f
            • Opcode Fuzzy Hash: 41407a519425869014a5e7082380bdc4f8241353b4db8e6fbdf25ade5857099e
            • Instruction Fuzzy Hash: 4041A371E21625EFCB19DF69C9809ADB7F1FF98320B10852ED566E72A0DB34E901CB40
            Function 012FFB76 Relevance: .1, Instructions: 109COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2d4e6851cb109685737b52a7ae9997d92a4a9040299873b7fe03e6f6ebc38505
            • Instruction ID: c0f4c48f1145cdae71e346f6737954994da1223a962bb25eaa656c2dec3d58d2
            • Opcode Fuzzy Hash: 2d4e6851cb109685737b52a7ae9997d92a4a9040299873b7fe03e6f6ebc38505
            • Instruction Fuzzy Hash: 5231907262011AABD714DF29DD45AABFBA5EF88350F058538FB098B245E674E901C790
            Function 012402E1 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction ID: 9853ea2de3d0e7041e4cd319ccd6228ecfa6e11129812b310c0bab852b3c3860
            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction Fuzzy Hash: 86312831A24685AFDB26DB6CCC40BEBBFE8EF14350F048165F955D7352C2B49884CBA4
            Function 012DE3DB Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a091c9e0464471ce61ca1bfc61b67239faef3a387e64f76db989a188a1226c64
            • Instruction ID: 74171273149f31ea1192861b2602ff6ea27976ebe452e6d3f0e7bffa4ca65974
            • Opcode Fuzzy Hash: a091c9e0464471ce61ca1bfc61b67239faef3a387e64f76db989a188a1226c64
            • Instruction Fuzzy Hash: 4C31B935760716ABD736AF55CC81F7F76A9EB58B50F010028FA04AF291DAB4DC00C7A0
            Function 012E4B4B Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5708c07adf20fc6a902abbcc6adc137d79a8e9f3b787ace4280706f521bef8ae
            • Instruction ID: 2b9705dc34c2993abe8481c0cc09cf8f85966abae3f1f41a3009f667ffe1672b
            • Opcode Fuzzy Hash: 5708c07adf20fc6a902abbcc6adc137d79a8e9f3b787ace4280706f521bef8ae
            • Instruction Fuzzy Hash: CF3101726242518FC735EF19D885E26B7E9FF84360F49406EEA95CB211D730A850CB80
            Function 01234260 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e52fabe1bcbe7c15753580cc9f3add7d0fa48e76c7fca1ca7b706dafd43dbf0
            • Instruction ID: 4304ecbd87a38e7b4a4bc2f01c6b38e4db337cd17179c153078edcf1d76cc6cc
            • Opcode Fuzzy Hash: 1e52fabe1bcbe7c15753580cc9f3add7d0fa48e76c7fca1ca7b706dafd43dbf0
            • Instruction Fuzzy Hash: F541AE71620B46DFDB22DF28C881FA67BE9AF85314F1044ADFA998B250C774E800CB54
            Function 012E4BB0 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0a309d34646c59bf57ef48b4562987747c0f60ad502984d2f088f58f72f934e4
            • Instruction ID: f3fba90743f10f26f1336ac14141cc95642e61e9d696ede7519e1112eced229e
            • Opcode Fuzzy Hash: 0a309d34646c59bf57ef48b4562987747c0f60ad502984d2f088f58f72f934e4
            • Instruction Fuzzy Hash: E631CB716242428FD724EF29D885A2AB7E9FB84720F45496DFA59CB390E730EC10CB91
            Function 012AEB1D Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be4f13860571dfe38183d9ca1bbb22ac3cbea06c110120ef6b746b6cd1e81178
            • Instruction ID: ce3defeb62d9cdd51a5d38873b4d8c1214464cab154265e855d53c69e34eea29
            • Opcode Fuzzy Hash: be4f13860571dfe38183d9ca1bbb22ac3cbea06c110120ef6b746b6cd1e81178
            • Instruction Fuzzy Hash: 9B312531361683DBF326975CCD4CB657BD8BF00B80F5E04A0AB828B6D1EB28D842C231
            Function 012F61C3 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 691e5fa6b53c8e119b3b672052d16f5a9756a7b4eaac8ee689ccd9a42937a1fa
            • Instruction ID: 4eaf2037b431f204505c9762dfc1c9caeedf8cbf1b010f6e91f95ddf5d2be640
            • Opcode Fuzzy Hash: 691e5fa6b53c8e119b3b672052d16f5a9756a7b4eaac8ee689ccd9a42937a1fa
            • Instruction Fuzzy Hash: 5D31927AA10156EBDB15DFA8CC40FAEF7B5FB44B40F454169EA00AB244D770AD41CB94
            Function 012D483A Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbd8c64e807dac4dce7406dfdfc04aa63350723f962bdd5122e9a061f6c264d5
            • Instruction ID: b46ffb39f55700589a09c6779474a4d0c0143b2e0d7a5acc92412267e6b4f1eb
            • Opcode Fuzzy Hash: dbd8c64e807dac4dce7406dfdfc04aa63350723f962bdd5122e9a061f6c264d5
            • Instruction Fuzzy Hash: E9319676A5016DABCF21EF55DC84BDEBBF9AB98310F1000A5F908A7250CA30DE91CF90
            Function 0125EB20 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8f0580535a435d0758421d545abe254e6787c5aba06827015afdcfdd8f131617
            • Instruction ID: 8bcb96b80a2d3298973b3765f81acbd6bd5569a6e507b6ff448b2204c35c9079
            • Opcode Fuzzy Hash: 8f0580535a435d0758421d545abe254e6787c5aba06827015afdcfdd8f131617
            • Instruction Fuzzy Hash: EB31B572E20219AFDB71DFA9C980AAEFBF9FF44750F014426E915D7250E2709F008BA0
            Function 012F6BD7 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2ef8b56bc34c85e4b0e09cefc6c997265612286b69995face48decdb65dfebca
            • Instruction ID: b4b656e973a0e2613b2e8739b6652b7e0665525c12042fc4f04a43f2c92170b0
            • Opcode Fuzzy Hash: 2ef8b56bc34c85e4b0e09cefc6c997265612286b69995face48decdb65dfebca
            • Instruction Fuzzy Hash: F0318D71A102059BCB24DF29D8C5A5B7BF8FF88300F418469EA08DF249D270E955CBA4
            Function 012F60B8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd53d8a856d04562ea7e61be6c00b1385a1d06b364780d671f8494eb5d39d6f
            • Instruction ID: c281e23667575b67f021d62a202485cd3e8f2f28ea197d675b1ec2b3f4d91a0b
            • Opcode Fuzzy Hash: 8cd53d8a856d04562ea7e61be6c00b1385a1d06b364780d671f8494eb5d39d6f
            • Instruction Fuzzy Hash: 2B31C071B20616ABDB26AFA9C850B7BBBB9EB44354F14007DE605EB342DA70DC008B90
            Function 012307AF Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 66bffcb2313a627a6f3c05e89e71a868fb6e9d862e12890b67c533a4e61cdcf8
            • Instruction ID: e024d70b181a3ed4642d549a9f817b20156f7ab6a1f2bf18816e3712bb389ee6
            • Opcode Fuzzy Hash: 66bffcb2313a627a6f3c05e89e71a868fb6e9d862e12890b67c533a4e61cdcf8
            • Instruction Fuzzy Hash: 8531C5B2A25712DBC712EE688880A7FBBA5AFD4650F024529FD5597310DA30DC1187F9
            Function 01238550 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 649b5a1e28a0b9e9591c77d2688ec145180a71f9a836f77c8b36334c71f51316
            • Instruction ID: 35acbe5111028a947ed31c78757767cdfa550b480436c08094f5348c0da3ae80
            • Opcode Fuzzy Hash: 649b5a1e28a0b9e9591c77d2688ec145180a71f9a836f77c8b36334c71f51316
            • Instruction Fuzzy Hash: D3318BB1629302DFE721CF1DC840B2ABBE5AF98700F054A6DFA849B291D775E844CB91
            Function 0126A6C7 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction ID: 8ff55b9c5a1ded527c2f24f67040c2faea869e3718126aae2ce10a60be1e0bbe
            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction Fuzzy Hash: 6F314E72B10701AFD765CF69DD41B57BBFCAB08750F04052DA69AD3690E630E840CB60
            Function 012DEBD0 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 333fe60348eb6b3d00cfb7e4f2d2d4c9c565e2bc66eb52bd736b806ad5a227bc
            • Instruction ID: 3d367cf86d4247467878dda6fb480b9495440b967761c263df8e3becc3d7a8f0
            • Opcode Fuzzy Hash: 333fe60348eb6b3d00cfb7e4f2d2d4c9c565e2bc66eb52bd736b806ad5a227bc
            • Instruction Fuzzy Hash: BA31CAB1515312CFCB25EF1AC54092ABBF1FF89218F0649AEF9889B311D331E944CB92
            Function 0125438F Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8e3b72933b65dff87e2399e9046dce26bb345dadff7f34ad38233ac263b129ce
            • Instruction ID: 06b81c7b048d356c46e7488f23fb7d57cdb6af2258ca2f80648015d9df07a2d7
            • Opcode Fuzzy Hash: 8e3b72933b65dff87e2399e9046dce26bb345dadff7f34ad38233ac263b129ce
            • Instruction Fuzzy Hash: 9D31D571B602869FD764FFA8C8C1A6BBBF9EF90704F004429D945D3254E770E981CB90
            Function 0122CB7E Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction ID: 2116ff4811163375606ca41d6a55f080fd372eda1a45cb2c413121eba23a8bf8
            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction Fuzzy Hash: 21210936E6126BAAD710EBB98841BBFBBB5AF14740F058036DE15E7340E670D90087A0
            Function 0122C156 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1f20bdc9d52a1136e5d31a238f6fd1ff89de6b8ed07b2eb721708dd1d22e7b6a
            • Instruction ID: 59e36a18bde3a446dd874d488bbfda786d45fa2a433f25b9c9e029e25b19d283
            • Opcode Fuzzy Hash: 1f20bdc9d52a1136e5d31a238f6fd1ff89de6b8ed07b2eb721708dd1d22e7b6a
            • Instruction Fuzzy Hash: 4C319DB15112158BD739BF5CDC41B7977B4EF40314F448169EE499B3C2DA34D885CB90
            Function 012EC3CD Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction ID: 592c93a889d8dd6c73c61818404c4acad668b3addf437ff2d434ca7cc88dd846
            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction Fuzzy Hash: 0621303E610656B7CB15ABE58C14ABBBBF4EF50710F80801AFE9587691E634D960C360
            Function 0122E420 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: af33c5b5bcfc0b70d6c62f9c6cf3f72863faffbb79a67088c3fe9b79a27bc543
            • Instruction ID: e401ac5e6f1830310243885fba609ecb67d851fc49932d56fa84f4701f0897d7
            • Opcode Fuzzy Hash: af33c5b5bcfc0b70d6c62f9c6cf3f72863faffbb79a67088c3fe9b79a27bc543
            • Instruction Fuzzy Hash: 7631D631A2153DABDB35DF18DC41FEE77B9EB15740F0200A5E645A7290D6B49E80DFA0
            Function 01264588 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction ID: a784b86508cacfff0db5dce4dfce74f7f34851999d214727c4b6a9cec8a10bb7
            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction Fuzzy Hash: D121A331A10649EFCB15DF58C980A9EBBB9FF48314F108065EF559F281D670EE85CB90
            Function 012644B0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 61c227df2cf31a7e3c278676ca4efe48042b046d895f73d15eefa340f6ebcbe6
            • Instruction ID: 9956f08c9d918d4cc65a930c715acfe9e828d58ebe1f5cae90adece162c87b35
            • Opcode Fuzzy Hash: 61c227df2cf31a7e3c278676ca4efe48042b046d895f73d15eefa340f6ebcbe6
            • Instruction Fuzzy Hash: 5A21D5726247969BC721EF18D881F6B77E8FF98760F004519FE949B681D730E940CBA2
            Function 0122E388 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction ID: fb973cbc75e313f9c1cc536e0968164b7c284810c76a03271c401e6294007077
            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction Fuzzy Hash: AB31CB31620615EFE725DF68C984F6AB7F9FF45314F1144A8E6528B290E770EE01CB50
            Function 013003E6 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d30a9ba13f17f5851113202f4ef70fefb698daef2a11b6cf72c55378d5b011b6
            • Instruction ID: 221920c821b15a658e9878ca5fef9cb51e5cffee2d2b978560516708c46ce66a
            • Opcode Fuzzy Hash: d30a9ba13f17f5851113202f4ef70fefb698daef2a11b6cf72c55378d5b011b6
            • Instruction Fuzzy Hash: 80316171A00119AFCB19DFA9D8A4B9FBBF9FB88358F014129F905E3240DB306D04CBA4
            Function 012AE609 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3bb7cc97ba38fcd6bc34466849fd151459d423e48ca5bfcce102f892c0768b98
            • Instruction ID: 544a1a57453f38ccbd62b99e56b1f624803229407854e89322bce916522d38a1
            • Opcode Fuzzy Hash: 3bb7cc97ba38fcd6bc34466849fd151459d423e48ca5bfcce102f892c0768b98
            • Instruction Fuzzy Hash: 1331D175620206DFCB14DF1CC8849AEB7B6FF84704B564859E9099B391E770EA41CF90
            Function 01300591 Relevance: .1, Instructions: 84COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 976de1c52793c69a5ecfc0cf9114c25801fc1f52a4f2f3e13e958dbcf9a0d7dc
            • Instruction ID: 4fd40b34df9ad387d1b9a8bd88ee02d8761b4c7c5d69c38394abf58fedd56737
            • Opcode Fuzzy Hash: 976de1c52793c69a5ecfc0cf9114c25801fc1f52a4f2f3e13e958dbcf9a0d7dc
            • Instruction Fuzzy Hash: 9921CE326142098FD72ECE2DCCA07A6B7E6EBC4358F654438EA55CB285D731F855C750
            Function 012B06F1 Relevance: .1, Instructions: 79COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4a45917f9f2d67f329ba7eea013b1636a8a9a1cdbdd4b032ab9475202b0311a
            • Instruction ID: 4b6b2b5113130a5a5618a1823b5c905be25b54beba61db93c3ec6e82f2fede2f
            • Opcode Fuzzy Hash: a4a45917f9f2d67f329ba7eea013b1636a8a9a1cdbdd4b032ab9475202b0311a
            • Instruction Fuzzy Hash: E8219E7191012A9BCB25DF59C881ABFB7F8FF48740F500069F541A7240D738AD42DBA5
            Function 012B019F Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dd30aa5574c150951a619afa306bd449d0b3b97ee05ac4cbb845a99249bfbe46
            • Instruction ID: 691573dfb93dc08b5d5462e77320029df8915244defd4830cbbcdfde6f803e42
            • Opcode Fuzzy Hash: dd30aa5574c150951a619afa306bd449d0b3b97ee05ac4cbb845a99249bfbe46
            • Instruction Fuzzy Hash: 6B218B71620655EBD716DB68C880B6AB7B8FF48780F140069FA44DB7A1D634ED40CB68
            Function 012B0283 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c080bae682f9d847db680d2020cfe23bb496ba4d7ce0e2f1e6bccd45b2cc089a
            • Instruction ID: b186f823a65be403d03c37a3368b8ae94c410321c37ee8d9be6803d9b3a0c9db
            • Opcode Fuzzy Hash: c080bae682f9d847db680d2020cfe23bb496ba4d7ce0e2f1e6bccd45b2cc089a
            • Instruction Fuzzy Hash: 1721B3729253469BD712EF69C888BABBBECBF90380F084456BE90C7251D734D948C7A5
            Function 01252835 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c39f2ceeaef32fdb64de832a2253667723e3fc225176cbc3cfcc8dfbf17829c3
            • Instruction ID: fd81cb4db78d0735b507caa68511a3d3191efd6100139e3cef63556ecfee1280
            • Opcode Fuzzy Hash: c39f2ceeaef32fdb64de832a2253667723e3fc225176cbc3cfcc8dfbf17829c3
            • Instruction Fuzzy Hash: 4F21D731735682DBE726976C8C48B253B95BF41764F290364FF609B6E2D778C8018260
            Function 013001AA Relevance: .1, Instructions: 71COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bde83928d1194338b70748d328279b6d1a97c41da9b31c805706d2c1fd2c560d
            • Instruction ID: b5cab852e50236efb3011cc77f0657cf80f754440a04e1475d80e36fb4faae09
            • Opcode Fuzzy Hash: bde83928d1194338b70748d328279b6d1a97c41da9b31c805706d2c1fd2c560d
            • Instruction Fuzzy Hash: B521E4652042504FD71ACF1A88B44B6BFE5EFC6129F0A82E6E884CB743C5349A0AC7A0
            Function 0126A30B Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5054d5a25d7b44641208c39a5909b17589c3876d30c009c42ae85079bf1de623
            • Instruction ID: c7b263d8a9872933e904083eb819c702cac933e6cc2f1e5edfe97030e79e01bb
            • Opcode Fuzzy Hash: 5054d5a25d7b44641208c39a5909b17589c3876d30c009c42ae85079bf1de623
            • Instruction Fuzzy Hash: 4C21AC75221A11DFC729EF29C801B56B7F5BF18B04F148468E649CB761E371E842CB94
            Function 012EA49A Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 902c68aad1a09741ee61e8650c7c296f3420aa65420a8272472ff6a80f356b0e
            • Instruction ID: 1543565b987c2dcdfc5480f195ad275c1c2909c9a2c8978b503884c0d33e8d76
            • Opcode Fuzzy Hash: 902c68aad1a09741ee61e8650c7c296f3420aa65420a8272472ff6a80f356b0e
            • Instruction Fuzzy Hash: A01129727A0B11BFE7225659BC09F777AD9DBD4B60F910428B708CB284EBB0DC058795
            Function 012B0946 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2d4631432abdf1d6a7e8ff9644a37309c10d96f2502b4952c975b6fcdbd99ebb
            • Instruction ID: 32226b7ac6ff61c5625864f315f24c1194a75fd697072119eee2f3f11df1e56b
            • Opcode Fuzzy Hash: 2d4631432abdf1d6a7e8ff9644a37309c10d96f2502b4952c975b6fcdbd99ebb
            • Instruction Fuzzy Hash: 2121E4B1E10219ABDB20DFAAD9819EEFBF8FF98B10F10012EE505A7254D6749941CF64
            Function 012C80A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction ID: 58fee684780698f73325ae680317433619720274013db39f65c898fdedcef560
            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction Fuzzy Hash: 92218C72A1020AEFDF129F98CC40BAEBBF9EF98710F208419FA44A7251D7B4D9508B50
            Function 012FEE26 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3ac7b838afca23d579dd83a031992bba14aac0168926fd91a1c5f5b455c74738
            • Instruction ID: 63f9d4866afca68f8163445e589d2e337b3184bb3b90f1a4bccc22006ac0dd11
            • Opcode Fuzzy Hash: 3ac7b838afca23d579dd83a031992bba14aac0168926fd91a1c5f5b455c74738
            • Instruction Fuzzy Hash: F221A5336104119BD729CF3CD80546AF7E6EFDC32475A427ED612DB268D670BD118A84
            Function 01260124 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction ID: 285e772435931032d59cb145ffb1315f27b603452a6176d5a9693b9f7d3f4e9c
            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction Fuzzy Hash: 2911D072610606EFD7229A44C841FAABBBCEB80754F100069F6008B180D675ED84EB54
            Function 01238770 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 156fe3acbca4eeafd094181661bf63d6eaaae862ef68ad55140111ecf12cd727
            • Instruction ID: 4a409aba0424688a3f1a21470eaf768c9499e28227ae9392424229abe86dfc0f
            • Opcode Fuzzy Hash: 156fe3acbca4eeafd094181661bf63d6eaaae862ef68ad55140111ecf12cd727
            • Instruction Fuzzy Hash: 6411B6B6720616DBDB16CF5DC480966BBE6AFC6B50B14416DFF08DF304D6B1E9018790
            Function 012380E9 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c57e93618123cb7cbd1afcf85c032a57aea936721a8b5dc399813c417f2c0d5d
            • Instruction ID: 576487600ba218dba73d3a740a9b5385198c6d65451e661166680248989e0b87
            • Opcode Fuzzy Hash: c57e93618123cb7cbd1afcf85c032a57aea936721a8b5dc399813c417f2c0d5d
            • Instruction Fuzzy Hash: 2A216F75A10206DFCB14CF98C581A6EBBF5FB88314F24426DE645AB311C771AD06CBD0
            Function 0126674D Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 68fb3b52ff896d4e5d491be6492f8afff30dc38b4bd7928e64423991462d40da
            • Instruction ID: 94aa43bc977e67f8b7d14ddb621dd0789dc310315665217f6ff69dea42b482f4
            • Opcode Fuzzy Hash: 68fb3b52ff896d4e5d491be6492f8afff30dc38b4bd7928e64423991462d40da
            • Instruction Fuzzy Hash: 63218C75620A01EFD7359F68C881B66B7E8FF44350F44882DE59AC7290DA75AC80CBA0
            Function 012C6870 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1d98815fbcc87241e7c64f88c4a014dc7260aa2570e0d89c8f97dba0fb06ac70
            • Instruction ID: 53a02642da954ff04a99329dc627d310f24ad77de9d3398e084630bddca36554
            • Opcode Fuzzy Hash: 1d98815fbcc87241e7c64f88c4a014dc7260aa2570e0d89c8f97dba0fb06ac70
            • Instruction Fuzzy Hash: 01119132260515EBC722DB99C940FEA77A8EF99B60F114129F7059B361DA70E905C7E0
            Function 0125E8C0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d906b8845158b6e804ed1e226a787fdbf32b01cfed82199e2d338d098254840a
            • Instruction ID: e5b4a473787f4ca2f4c06b306bdec051014751fd062d3069cd05efcbd39f97f5
            • Opcode Fuzzy Hash: d906b8845158b6e804ed1e226a787fdbf32b01cfed82199e2d338d098254840a
            • Instruction Fuzzy Hash: 45114C763201219BCF1DDB2DCD81A7BB666DFD5374B254539DD22CB281E9308801C390
            Function 012666B0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 00d1f6baf0ed3a31f389e44d82c22e17b281745b851fdf77f1281bb85bf1b654
            • Instruction ID: b9056bdf3322b4851fae9410751596681e6f1c927e998079db0b425f7eef6716
            • Opcode Fuzzy Hash: 00d1f6baf0ed3a31f389e44d82c22e17b281745b851fdf77f1281bb85bf1b654
            • Instruction Fuzzy Hash: 4111EFB2A20242DFCB2ADF59D480A1ABBECEF94200F054079EA059B350E638DD40CB90
            Function 012FA8E4 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction ID: e188536f418a3bd6780c4285492557c195fca658521927f0fb863099e6e5d877
            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction Fuzzy Hash: F1110436A1091AEFDB19CB58CC05BADFBF5FF84210F058279E94597340E671AD41CB80
            Function 012BE7E1 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction ID: 82a19c062daadaad4249d80acb0ccad28cf46c846f04d4dfc19d4d044ee5b05a
            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction Fuzzy Hash: 2F11E371620A02EFEB219F49C880BE67BE6EF45794F068428EA089B171D770DC40CB90
            Function 012527ED Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 13b276ce3fb9dd49f2801ea63e49d062f65c32915f1028e35aa46e095c0ec9e8
            • Instruction ID: a71fb5d25cda720034af5baf5f76ac92b187a5a5193bb6f8572fcf4462f6921b
            • Opcode Fuzzy Hash: 13b276ce3fb9dd49f2801ea63e49d062f65c32915f1028e35aa46e095c0ec9e8
            • Instruction Fuzzy Hash: 9501D671635686EBE716A6AED889F776B9CFF80394F190065FE008B691D964DC00C2B1
            Function 01234690 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 12185461c02a07ad44a46f23369128bdc46c07564132afe0076ea21e1e49727d
            • Instruction ID: d81223299ae1c7a1453871b4fde37ac9e07363ab641c92ecf1cd8e1403ad0eea
            • Opcode Fuzzy Hash: 12185461c02a07ad44a46f23369128bdc46c07564132afe0076ea21e1e49727d
            • Instruction Fuzzy Hash: 4D11C2B6260686AFDB3AEF59D840F567BA9EBC5764F004159FA448B651C370E840CF60
            Function 01304B00 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 592c3aff31856a5b8b138434be23eb2cfdf5406f9558e71b2b5a9cc58245e198
            • Instruction ID: 56ccaf6db50a1b586462d79ed5934da60733d6a7f4b0c6970494683b7b616f34
            • Opcode Fuzzy Hash: 592c3aff31856a5b8b138434be23eb2cfdf5406f9558e71b2b5a9cc58245e198
            • Instruction Fuzzy Hash: 5F11C636200A159FD723DA69D850F67B7E5FFC4715F154419EBC2876D0DA30E902C790
            Function 01266620 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0e9940da340f0ac72aa920f3eb420ce230e3cebb9da2a32205dd3b98ee616bb2
            • Instruction ID: a64a6f14739734ccffe7a9f3a8c404d8af7817652accb10d4b614636ddf0d031
            • Opcode Fuzzy Hash: 0e9940da340f0ac72aa920f3eb420ce230e3cebb9da2a32205dd3b98ee616bb2
            • Instruction Fuzzy Hash: 4E11C272A10616AFDB21EF59E980B6EFBBCEF84750F500059EA05A7240D734AD818B90
            Function 0125EA2E Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 168c00eadda6860cb9e85ea75e32a14cb8d78be144bef34ce1612ee580286a6e
            • Instruction ID: 471b443e970a07af753e2776d860b3dd806f201187de3bae8e8b6351d80cc07d
            • Opcode Fuzzy Hash: 168c00eadda6860cb9e85ea75e32a14cb8d78be144bef34ce1612ee580286a6e
            • Instruction Fuzzy Hash: 2C01F17152011A9FC725EF28D484F66FBF9FB81328F22816EE5048B261D770EE46CB90
            Function 0125E53E Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction ID: b7ccca5ad0338bc7b98a2c1f05eb28f01696833ca21c4ce1d22e766fb221319a
            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction Fuzzy Hash: 3911E5722356C3DBEB63972CDA84B257F94BB01758F1A00A0DF41CB642F378C942C250
            Function 012BE75D Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction ID: 83847294259f9fc6ca8146595dd3523f7ee411b0752b97813bcc2b8cbe99a199
            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction Fuzzy Hash: 0101F972620106AFF7295F58CC81FEA7BA9EF817D0F068424EB059B2A0D775DD40EB90
            Function 0122A250 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction ID: 9d021e97131da2645d207c92b01737f4d72596b8bdfb80c3efadd1742c522077
            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction Fuzzy Hash: AC01D671525B32ABCB318F19DC40A3A7BA5FF567607018A2DFE958BE81D731D400CB60
            Function 01304940 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7774f86f4f055ee6ba31c101741a31868b9442a8989ae54a018236720eef0b22
            • Instruction ID: b1e8d56809604b7825fef1119cb63b4c2b231a0e33fbaa9a173d0a40bff1fe31
            • Opcode Fuzzy Hash: 7774f86f4f055ee6ba31c101741a31868b9442a8989ae54a018236720eef0b22
            • Instruction Fuzzy Hash: F9012672451511AFC333DF1CD810E22B7E8EB81378B164235EA689B1D2D730D901C7C0
            Function 012AE1D0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fa12e0b3c1ec67becec50f8bc947bf61cbe9790b7880d380f8e318d5c63b9908
            • Instruction ID: 4728ab02bc46aa721fd1542c3b76f24039b5870fff6c4058c854ab723fed605f
            • Opcode Fuzzy Hash: fa12e0b3c1ec67becec50f8bc947bf61cbe9790b7880d380f8e318d5c63b9908
            • Instruction Fuzzy Hash: FD11AD72261241EFDB16EF19CD81F26BBB8FF98B54F200065EE059B6A1C235ED01CA90
            Function 01236259 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cad67a69389031379df16ea4090c92e3e85039bb3d6f1373200e07141229b9b0
            • Instruction ID: cdc9cfc33068680974300da371d71d17b7c219c6cf931f25d81f6c8b274219d4
            • Opcode Fuzzy Hash: cad67a69389031379df16ea4090c92e3e85039bb3d6f1373200e07141229b9b0
            • Instruction Fuzzy Hash: D1115A71551229ABEB35EB64CC42FF9B278FF54710F504194E318A61E0EB709E91CF88
            Function 012B6050 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: efc7e6be7e81ff481454aab56711e780dc05bc892d4011d51e1691bde1b4ad9b
            • Instruction ID: ad6b661a8d86a61ab74b8806b1489db2fdcf57027190f884141213ee1bd2dfcf
            • Opcode Fuzzy Hash: efc7e6be7e81ff481454aab56711e780dc05bc892d4011d51e1691bde1b4ad9b
            • Instruction Fuzzy Hash: 6D111772900019ABCB25DB95CC84DEFBB7CEF48354F044166E906A7211EA34AA55CBA0
            Function 0123208A Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction ID: 5755aa5998c70f2f4621d7b988f04fcc226acd5c05ca3e428c928473dd229c80
            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction Fuzzy Hash: DE014C72221112CBDF15AE1DD880B66B767FFE4700F1540A5EE018F286EAB1CC85C390
            Function 012C6500 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f37ec0866eb00d167c3bc1a58de364579571494b79e93f55e129ef3714f64d6c
            • Instruction ID: 5434cd977b42c261943ad797388c27b632c216a8cdf3226d335f6ce68e341bfc
            • Opcode Fuzzy Hash: f37ec0866eb00d167c3bc1a58de364579571494b79e93f55e129ef3714f64d6c
            • Instruction Fuzzy Hash: 0911C8326541469FD711CF58D800BA5B7B9FF6A754F18825DEA44CB315D732EC41CBA0
            Function 012BC810 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 959d88c03b1844ada5d4325a53e376c1b7de098563a95b3213d56dad250fb202
            • Instruction ID: 7923e1d5ded1b6b7fca7b08c6885271b42dea05e29b8ec41f8e6c28609dbc2fd
            • Opcode Fuzzy Hash: 959d88c03b1844ada5d4325a53e376c1b7de098563a95b3213d56dad250fb202
            • Instruction Fuzzy Hash: C111E8B1A1025ADBCB04DFA9D581AAEBBF8FF58350F10406AE905E7351D674EA018BA4
            Function 012DEA60 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d82bdf6bb497d7135bf08528f62ba17ec99c73d181576fe008357288c7caf32a
            • Instruction ID: ceb1beffbd0b0be590f24325394ed9e0f8e5ead7e2a219d051b8ed319a315c8b
            • Opcode Fuzzy Hash: d82bdf6bb497d7135bf08528f62ba17ec99c73d181576fe008357288c7caf32a
            • Instruction Fuzzy Hash: 0701B175160223DBCB3AAB1AD44093ABBA9FF51650B46442EF6555F211CB319C41CBD2
            Function 0122C020 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction ID: 9f705c662afd3c5197b14645a71f02b0d842f7d14390cb4690fedcdd0ad051a0
            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction Fuzzy Hash: 2E016D3212070AAFEB22E669D400F7B77E9FFC1240F00441AE6468B580DE78E505C760
            Function 012720F0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 41700ffb60892020630b0cde446818c791b893523e2c876bc570db1fe80511de
            • Instruction ID: 72fe2720639b97f82b569edebb6a073c4e90104707ff29e95c4bb1ed1e55fa3a
            • Opcode Fuzzy Hash: 41700ffb60892020630b0cde446818c791b893523e2c876bc570db1fe80511de
            • Instruction Fuzzy Hash: 4B116D35A1024DEBDF15EF64D851FAF7BB5FF44340F004059EA019B251D635AE11CB90
            Function 0126E5CF Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b1a434788e587ec7b924e3d4ed03956b0c467ddb42bd23648a764665aa3dc01
            • Instruction ID: d73e24a2b0a3565aba6b2fd20655324065de85bc518d5db58c94cf7ada3e1ac3
            • Opcode Fuzzy Hash: 9b1a434788e587ec7b924e3d4ed03956b0c467ddb42bd23648a764665aa3dc01
            • Instruction Fuzzy Hash: 7C01F7B1221522FFC719BB3ADD80E23BBACFF546547000525F60583650DB64EC41C6E0
            Function 012C69C0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7a153248f339046d3dba9111cfa674a81648cf129cb71a815e2ddaca350e514f
            • Instruction ID: 172df19828cb1af8c7f5d39d374b6b1a3a017bde32e39d9e6e62ef5df5525ab0
            • Opcode Fuzzy Hash: 7a153248f339046d3dba9111cfa674a81648cf129cb71a815e2ddaca350e514f
            • Instruction Fuzzy Hash: 5C01FC32234212DBD324EF6DC849977FBA8FF54A60F21422DEA5987280E7309901C7D1
            Function 012BC460 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b5ee0ad9fea985457b9874c43290db89ec6f4ef8c59f9e3a62a3e80f4acc2c8e
            • Instruction ID: 9bf4c452ebd1ab4cada907f3d203350d4034d912ef672c591e31469c77da4955
            • Opcode Fuzzy Hash: b5ee0ad9fea985457b9874c43290db89ec6f4ef8c59f9e3a62a3e80f4acc2c8e
            • Instruction Fuzzy Hash: 1C115B75A10249EBDB15EF68C880EEEBBB5FB48340F004059F90197340DA38EE21CB90
            Function 012BC97C Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 685ca1d5ae8922818a00cc0ee7fc0d0aff43e833256e006cc1075ba2159d24b1
            • Instruction ID: 3fac1564c083d255703be985660abfb0199364e8c4921550642df653eeb0dde6
            • Opcode Fuzzy Hash: 685ca1d5ae8922818a00cc0ee7fc0d0aff43e833256e006cc1075ba2159d24b1
            • Instruction Fuzzy Hash: 371179B16283099FC700DF69C4429ABBBE8FF98350F00451EFA98D7390E630E900CB92
            Function 012BCA11 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 217cdbc8b9e0b9cca24325d5c36bf01203b032ef4ddfa83fd60ef2547dc41804
            • Instruction ID: a4a395ccdb8394d12555261f730eed6b657e16857add266b7b928b0b3b4ae8d2
            • Opcode Fuzzy Hash: 217cdbc8b9e0b9cca24325d5c36bf01203b032ef4ddfa83fd60ef2547dc41804
            • Instruction Fuzzy Hash: E7117C716143059FC710DF69C44195BBBE4FF99350F00451EF958D7350E630E900CB92
            Function 0124E016 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction ID: f038f33530575fe66bc51d4be68fb5fbd62a14a0e84f0736e9c4bd980b3afc37
            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction Fuzzy Hash: E901BC322215819FE72A971DC948F367BE8FF84744F0A00A1FA15DB692C66CDC80C221
            Function 0122826B Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1acc48666eda8011c2e19385f07ce670f8e8adda7a954510fb5ea735c4c34f6
            • Instruction ID: 2a3144e08e45c948e9fd20147fd5feed3706926f1be969e03584d525c6ddb017
            • Opcode Fuzzy Hash: c1acc48666eda8011c2e19385f07ce670f8e8adda7a954510fb5ea735c4c34f6
            • Instruction Fuzzy Hash: 3C01DF31631555EBD724EB69E850ABEB7E8EF81250B154229DB02A7684EE30DD01C690
            Function 012DEB50 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 913f794f821a29e9ae276e54d8e21a467e67a55802bcd94485b502a99688f468
            • Instruction ID: 9f9e5d63684676e80e438ea06cd367533a3ecceaacf2525f6a3bd54c0f98b917
            • Opcode Fuzzy Hash: 913f794f821a29e9ae276e54d8e21a467e67a55802bcd94485b502a99688f468
            • Instruction Fuzzy Hash: F201F7712507119FD3356F19D801F12BAA8EF55B50F01042DF7059F390D6B1A8418B54
            Function 01232582 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cce2f0f8172220e5fa9753af126d7b96277df9fb9e1a9ce5c88675aa12d9f8ec
            • Instruction ID: 7216348f6a211d4a3ebf9f48426cf6c78875e5ad1de21dc7d43105da69122904
            • Opcode Fuzzy Hash: cce2f0f8172220e5fa9753af126d7b96277df9fb9e1a9ce5c88675aa12d9f8ec
            • Instruction Fuzzy Hash: 64F0F472761A21B7C735DB5A9D40F17BAA9EBC4A90F04402AE70597640DA30EE01CBA0
            Function 0125C073 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction ID: 995ddaba171f3682998a84d2733a67c39ff8d76552875e4b515a7252835dc465
            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction Fuzzy Hash: 6BF0C2B2600A11ABD334CF4DDC40E67FBEEDBD1A90F048128AA45C7220EA31DD04CB90
            Function 0122C310 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction ID: 7285ba44fec459e83fbec06e90346fe0a929d708a6589e3917c9584e3d2b27d0
            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction Fuzzy Hash: AFF0FC33265633BBD7325B594840B7FA5958FD5AA4F190436E3099B240CAB48D1257D0
            Function 0130634F Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8780c319bc93d50fe4d3098d0d7fb684fc4bdb0eae8c14328eed2894d8a25c7f
            • Instruction ID: 3b6cc1b3f1c3af4db111014db56072305d38f6cb5b09d54c71d5b2f326999e90
            • Opcode Fuzzy Hash: 8780c319bc93d50fe4d3098d0d7fb684fc4bdb0eae8c14328eed2894d8a25c7f
            • Instruction Fuzzy Hash: E8014471A1024DEFDB04DFA9D9519AEB7F8FF58304F10405AF904E7390D6749A019BA5
            Function 0130625D Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8bd1c5963617a46434d095d73fba205fb72702f070a9098b91fd3313be719e2c
            • Instruction ID: 34837c34dab4af6818c6f82740f6138799775e9822ac0dfc74572fb362121759
            • Opcode Fuzzy Hash: 8bd1c5963617a46434d095d73fba205fb72702f070a9098b91fd3313be719e2c
            • Instruction Fuzzy Hash: 1F018471A1020EEFCB04EFA9D4519AEB7F8FF58304F10401AF900E7391D6749900CBA0
            Function 013062D6 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a861fd3d9d67ee614c841a47a6654162ba9c35bd5e70a5ebf9c089170eed5e86
            • Instruction ID: 8a7c42919ed73bc73ccb3d63e7ae0e4ee73d8445414f43d5aee551c9ac1c3fdf
            • Opcode Fuzzy Hash: a861fd3d9d67ee614c841a47a6654162ba9c35bd5e70a5ebf9c089170eed5e86
            • Instruction Fuzzy Hash: F80144B1A1020EEFDB04DFA9D4519AEB7F8FF58304F50405AF915E7390D6749D018BA5
            Function 0126CA6F Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction ID: aa19156562d241faa90eef810cebabec7d10d6feb24dd45a2ef23ae1bee847fd
            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction Fuzzy Hash: E101D1322306869BE326AA1DC805B69BB9CFF41750F0840A5FB848F6A1D6B8CC50C250
            Function 013061E5 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5008c166feb3f9be0ea0d0b1ccc181bbbae8db9d2cfee90e99bd06c2db958343
            • Instruction ID: 421475f4f4e9f489ae0e58db2d1f4152b70fb9b054a980cb56923b686e557566
            • Opcode Fuzzy Hash: 5008c166feb3f9be0ea0d0b1ccc181bbbae8db9d2cfee90e99bd06c2db958343
            • Instruction Fuzzy Hash: 08018F71A10259DBDB04EFA9D851AEEBBF8BF58314F14005AE500AB280D774EA01CB99
            Function 012B63C0 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction ID: a95e78502309be7d3ae86f458471df662bf840607c2ac01f6c9dc30f78bfc7c5
            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction Fuzzy Hash: EAF0F97221001DBFEF019F95DD80DFF7B7EEB592D8B104125FA11A2160D635DD21ABA0
            Function 012BA4B0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1ea2895d3081d00189eaae6ebc582889cca1588a2bcc9dd9115c2c43bb9ee65
            • Instruction ID: 03198a996a6c7827226785a563a34c54a761fab5069d428de09b19685499b57e
            • Opcode Fuzzy Hash: f1ea2895d3081d00189eaae6ebc582889cca1588a2bcc9dd9115c2c43bb9ee65
            • Instruction Fuzzy Hash: EC018936510219ABCF229E84D840EDA7F6AFB4C794F058105FE1866220C336DA70EB81
            Function 0122C0F0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 00b4d43acb4ecb3b315e3a63fd7313180924a14a6504f293612c9712119b3885
            • Instruction ID: 421c92e3419e2843d7909383ef1ddf1727f71a82d94e101cc2d1c70ced7391d1
            • Opcode Fuzzy Hash: 00b4d43acb4ecb3b315e3a63fd7313180924a14a6504f293612c9712119b3885
            • Instruction Fuzzy Hash: DFF024712342627BF7119619AC03F7A3696EBC0650F35802AEB058F2D2E9B1EC118394
            Function 0126656A Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 595ceb775369bdcadc05dee98ecfd0c22bc43456e23091d3aaa91592897a4f92
            • Instruction ID: 603cf50acd2f8632dd14149a426edb20eb9ddd933f360727dbe828b055c3ee19
            • Opcode Fuzzy Hash: 595ceb775369bdcadc05dee98ecfd0c22bc43456e23091d3aaa91592897a4f92
            • Instruction Fuzzy Hash: 4501A4702206C2DBE332AB2CDD49B7537ACBB40B44F980194FB018BAD6D7A8D4418210
            Function 012D437C Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction ID: b74dd49668b3c384f9d2554312c9973d35b23429bbdb7fa2fbcd207888939c14
            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction Fuzzy Hash: 47F0E932371E9347E7B5BB2DC420B3AA6959F90900B25052C9741CBE80DF70D8408780
            Function 012BE872 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction ID: 2d22b8959fe4c8f46077206bb7bf6213d0bc3d31e2f96cb99de3b929c52c7830
            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction Fuzzy Hash: 21F05E32731A229BE3219A4EDCC0F96B7A8AFD5BA0F1A0065A7149B270C760EC0187D0
            Function 012BC89D Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1aa56853d09232e06ffc84d5c340c24af220fa09e43fdd7b6cf59cd537e0442d
            • Instruction ID: 2fc70784e746f4f92fee184dd2c5c3de28616678d394c21726708e5b0a1eb788
            • Opcode Fuzzy Hash: 1aa56853d09232e06ffc84d5c340c24af220fa09e43fdd7b6cf59cd537e0442d
            • Instruction Fuzzy Hash: 3DF0AF706253459FC314EF28C842A2BB7E4FF98710F40465EB998DB394E634E901CB96
            Function 01260854 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction ID: f12dbe1147762e360c32c2b5bf4d7e637c806af54f72cbbcb53d703b68d514a3
            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction Fuzzy Hash: 4AF0E972620205AFE724DF26CC01F56B7EDEF98344F148078A645D71A0FAB0DD41D658
            Function 012BC912 Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3a10e60af93435458d2a21bbdbaea2eaf8a5a0b924308d2233a254f29b7b9af
            • Instruction ID: 8d24743764e8d9cbd835d00330e1587b8987ed6491adf6ec72102c97e2503ca8
            • Opcode Fuzzy Hash: a3a10e60af93435458d2a21bbdbaea2eaf8a5a0b924308d2233a254f29b7b9af
            • Instruction Fuzzy Hash: 17F0C270A1024ADFDB04EF69C551AAEB7B4FF18300F00805AB945EB385DA34EA01CB50
            Function 012347FB Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e15fb9fd1f21c51ecaabc550d9fdfb84ea9906fc3addb64ec61dfab7fc2515e7
            • Instruction ID: 31fd653ec1bf96a53fb584f9b990d9aacadb243cdb4b04453f7a72bf325388d1
            • Opcode Fuzzy Hash: e15fb9fd1f21c51ecaabc550d9fdfb84ea9906fc3addb64ec61dfab7fc2515e7
            • Instruction Fuzzy Hash: 22F024B59322D28FE733EB1CCC04B217BC49F80728F0889EAC78983542C360D880CA00
            Function 012F0115 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 74ab477cc8bc349665dcf4ee08037a63cd5a52873113209ea014ad4a8d5a5fee
            • Instruction ID: c76f3bfbfc1c16ad34166da1b0ed21a8fa95dfcd82dd7fc1c5cde9d3733264b4
            • Opcode Fuzzy Hash: 74ab477cc8bc349665dcf4ee08037a63cd5a52873113209ea014ad4a8d5a5fee
            • Instruction Fuzzy Hash: A6F097BA5366C60ACF327F2C24553E2AF9AAB42210F09105CDBA113207C8789483C728
            Function 0126C5ED Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 12d7cce7349384d267224e468bf23c4cd9ad7166af9aaad97d01eae35d8cfecf
            • Instruction ID: 640fa52b65cd3b1971781585ffec9982144c9f8dc539f19db5e3119dd1bfb67d
            • Opcode Fuzzy Hash: 12d7cce7349384d267224e468bf23c4cd9ad7166af9aaad97d01eae35d8cfecf
            • Instruction Fuzzy Hash: 0BF0E2719316529FE722B71CC148B21BBDC9B807A4F08A525D69AC7AD2C264FCE0CA59
            Function 01272619 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction ID: 1ec1668aa3d52c4128257fb759475e95946219b246b6037944b6174af5b74032
            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction Fuzzy Hash: 0FE0D872310A016BE7229E598CC0F67776EEFD2B10F04007AB6045F251C9F2DC0982A4
            Function 012C6030 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction ID: 9df42765b2be4b5ea3aebbad45e756caf04c820ac51f25d876aae2622eb1f29d
            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction Fuzzy Hash: 50F06572124604DFE3218F49D945F62B7F8FB05764F45C129E709AB661D379EC40CBA4
            Function 01230710 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction ID: 86b84d98bcc92f6e36c47772745b3a4d91ca60fb82abc6574027e4b8a0928489
            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction Fuzzy Hash: CCF0E579224341DBDB1BDF19C040AA57BE4FB91350B010094F9428B341E771E981CBA4
            Function 012649D0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction ID: 3ed30dc2fd4fc8e17ac390e844e4b0492bbd10f61085491fca041409b27b02f6
            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction Fuzzy Hash: 7FE09B322745C5BBD32139598811F6E769D97D4BA0F150425E2C087590DB70EC80C798
            Function 01304164 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e1d1a5a580bb9f6e6a5aa478c472b14e9534d63fa37c957f9831291f4bad0ec6
            • Instruction ID: d84b7ec6e432debdcd52e999661a09ddb4889d0dbf683bd41a81285d0d6d69df
            • Opcode Fuzzy Hash: e1d1a5a580bb9f6e6a5aa478c472b14e9534d63fa37c957f9831291f4bad0ec6
            • Instruction Fuzzy Hash: F5F02231A36A918FE77BD72CE6A0F5277E0AF10738F0A05A4D506879D2C320EE80C650
            Function 012D678E Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction ID: 57a3ed6f78d40fd3d445905d5429b7f8f74d62d49d5e7b41a41960ccf109a11f
            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction Fuzzy Hash: D1E0DF32B50114BBEB25AB99CD01FAABEADDBA0EA0F060054B700E70D0E530DE00C690
            Function 013008C0 Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction ID: ddd5dc7433fe351237c485290cb740ed54e8bc4aff305687b864048fabd7f86b
            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction Fuzzy Hash: BCE09B316403548BCB2A8A1DC150B73BFE8FF957A8F158069E94547652D231F942C6D0
            Function 012325E0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 215a14752f459814d6f00ef67b959c0ad85855344ec08812f7eeddd54718de51
            • Instruction ID: 79a1081009ecfbf25d70be27e614199413507707337ba537a35e649635bc0ed3
            • Opcode Fuzzy Hash: 215a14752f459814d6f00ef67b959c0ad85855344ec08812f7eeddd54718de51
            • Instruction Fuzzy Hash: 75E092721206949BC321FF29DD01FAB779AEFA0360F014519F11557190CA30A810C788
            Function 012EA456 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction ID: 663cff1b088014bc8ac908edde0bccb563b02e96818cdeb6565c2733983ddf34
            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction Fuzzy Hash: 06E01A31030A52DFE7366F2AD94CB62BAE5FF90711F558C2DE29A124B0C7B598D1CA40
            Function 012B4000 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction ID: fbf2cc83bcd7b4c35c8a6c25c2686d875d445a4a801548c57418f4f8aed61278
            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction Fuzzy Hash: 7CE0C9343103468FE715DF19C080BA27BB6BFD5B50F28C468A9498F206EB32E842CB40
            Function 0126CA38 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 66329f2d0482d54ce90359919fbb02e31e695e9c38fd8b4bd8f3cca92fc01209
            • Instruction ID: d1129414336c17b49f11f13dc436f8873a6209c8ee7fb31516670a74591249fe
            • Opcode Fuzzy Hash: 66329f2d0482d54ce90359919fbb02e31e695e9c38fd8b4bd8f3cca92fc01209
            • Instruction Fuzzy Hash: 4BD02E325B10316BCB7AFE29BC04FBB3A9DAB50760F028861F648D20A1D564CCE193C8
            Function 0122823B Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction ID: bb95c5eb14c14f46eac3728ebd723ce67dd8fba6ca8201f9e84ddf06b2fed88d
            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction Fuzzy Hash: B0E08C31031A71EFDB326E16DC00B6676E5FB55B10F104A29E181064A497B4AC81DB58
            Function 01232050 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1162856782b9927ccd2b2ac7ab55587d0c2337b2db595ea06c70c60acd046783
            • Instruction ID: dbeb45eae8b519e3f5d4226d92f96cbfacbbc15529f43da55edab0f9e4400d7e
            • Opcode Fuzzy Hash: 1162856782b9927ccd2b2ac7ab55587d0c2337b2db595ea06c70c60acd046783
            • Instruction Fuzzy Hash: 2FE0C2721205A0ABC321FF5DDD01F6A739EEFE4370F000225F15087690CA20AC00C798
            Function 01286AA4 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction ID: da9dee0fb5b3123425ecac09e28b605cef9ee0205ca60a51f301bc5a0ac16eaa
            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction Fuzzy Hash: 97D05E36521A50EFD332AF1BEA00D13FBF9FBC4A10705062EE54583920C670A806CBA0
            Function 0126E59C Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction ID: a16516d89d4c7a2864551097c0c2f6b60527118d27b75ef1c5749d0c12d439a8
            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction Fuzzy Hash: 73D0A932224620ABDB32AA1DFC00FD333E8BB88720F060459F009C7050C360AC81CA88
            Function 012AE908 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction ID: b6dbf6f5c3096bef4eea23dd6b6505b5bd716e1349c837438fb1ec5e2773223f
            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction Fuzzy Hash: 7BE0EC759607869BDF16EF59C640F5ABBB5BB94B40F560058A1085B660C624AD01CB40
            Function 0122A0E3 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction ID: 6b398db343f796856b84bf776e59ea6856cc4fea62f7ba1c710460ef054d84fa
            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction Fuzzy Hash: CBD01232236071A7DB29A655A914F6B6915AB81AA4F1A006DB90AE3D00C9198C42D6E0
            Function 0126A830 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction ID: 76d785f4bbbf50b554a72fdf7c4f08602e85f0206596296ad9f3d79935f76147
            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction Fuzzy Hash: 83D012371E055DBBCB11EF66DC01FA57BA9E764BA0F444020F504875A0C63AE950D684
            Function 0126CA24 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9d7f9bed305ff96178133c4f60656315109fd29c2143cc2e323088ed633dc310
            • Instruction ID: 29a86d155303189ce637a4e32148e66bbbbd0cac414e05f101cafcad4f0b538a
            • Opcode Fuzzy Hash: 9d7f9bed305ff96178133c4f60656315109fd29c2143cc2e323088ed633dc310
            • Instruction Fuzzy Hash: 45D092346755129BDF2AEF59CA11A7E7AB8EB14741F80006CEB45A2560E329DC518B50
            Function 012402A0 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction ID: 0fb3bb43f18d02a814c29ba2dc2765c2704e6d6e92c475a48c15a42885f2813a
            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction Fuzzy Hash: 3AD09235222A81CFD61ACB1DC5A4B5633A4BB44A44F810490E601CBB62D668D980CA04
            Function 0126C700 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction ID: cb6b3182733a5c39a7f823ddfc3b90a06b371c8ad4231a4368785f9460be376b
            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction Fuzzy Hash: 3AC012322A0648AFC716EA99CD01F127BA9EBA8B40F000021F2048B670C631E820EA88
            Function 01250310 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction ID: fc4205cd50ae6fca9d38a086891e2a15cec4b4443a0e5497872beaf7b0998c78
            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction Fuzzy Hash: AFD01236110248EFCB01DF41C890DAA772AFBD8710F148019FD19076118A31ED62DA50
            Function 01230750 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction ID: 5b3944cd8b14ab2d979b7ee778aadb5379e78a0e6d509a65f8dd915a2b76ffbb
            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction Fuzzy Hash: F7C04C75711542CFCF15DB19D294F5577E4F744740F150890E945CB721E624E801CA10
            Function 01274340 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1da429201c2fa0be9e62a387590d6ff0c96c6b33e2e733b48e27257465413c1c
            • Instruction ID: 093a65c1578582b86f701b3d80209f60daa2f133f10372500b601559bdf78f43
            • Opcode Fuzzy Hash: 1da429201c2fa0be9e62a387590d6ff0c96c6b33e2e733b48e27257465413c1c
            • Instruction Fuzzy Hash: 8790023161680012A140715848C45469006A7E0301B95C011E142455CCCA148A565361
            Function 01274650 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c7563959552b89a6e26a61ce6cf0c989b155553ecbcf58abacf08ac23ebce93a
            • Instruction ID: 3a872738f0ddcfd70ef51b4fd9f2dc1d0e60641ab5edf82fcb2b83e7538c09a8
            • Opcode Fuzzy Hash: c7563959552b89a6e26a61ce6cf0c989b155553ecbcf58abacf08ac23ebce93a
            • Instruction Fuzzy Hash: B390026161250042514071584844406B006A7E13013D5C115A1554568CC61889559369
            Function 01272B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d18efebff82f5eb0751569dee5ae7457d0932058f6c9cbadbee88cb58a3c1729
            • Instruction ID: d25885690c7c53f167073b0e5a1e638d037ee291729d2d814474b55565a63f8c
            • Opcode Fuzzy Hash: d18efebff82f5eb0751569dee5ae7457d0932058f6c9cbadbee88cb58a3c1729
            • Instruction Fuzzy Hash: A390026121340003510571584454616900B97E0301B95C021E2014598DC52589916225
            Function 01272BA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 04415ba28b6180b5fef542d1236121257b343bc19eb40cad0d0ccb37a2c3058c
            • Instruction ID: 418f1325a41c1d6421d5caa7a1971e21dbf2e5cc2a4eeb74f48aa1a58931e6a9
            • Opcode Fuzzy Hash: 04415ba28b6180b5fef542d1236121257b343bc19eb40cad0d0ccb37a2c3058c
            • Instruction Fuzzy Hash: 7E90023161640802E15071584454746500697D0301F95C011A102465CDC7558B5577A1
            Function 01272B80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 617417652d21f1b75185ecaeb5ec384c0f04561c9aee4f76c5f1d70489e00fc9
            • Instruction ID: a725b029a4dcabb165c6a61819c2687f6fb3d20fbc5f739cbf2d25011975e94f
            • Opcode Fuzzy Hash: 617417652d21f1b75185ecaeb5ec384c0f04561c9aee4f76c5f1d70489e00fc9
            • Instruction Fuzzy Hash: F990023121240802E10471584844686500697D0301F95C011A702465DED66589917231
            Function 01272BE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7b7cc062ed480b2bfa125019c912705c5ab9ec249a5c59b93cd3a77e645fb62e
            • Instruction ID: 99fd861eb7b6207968bfd093a63aad42b50af2e8694f19b6c2e9cfe14f9b3f2c
            • Opcode Fuzzy Hash: 7b7cc062ed480b2bfa125019c912705c5ab9ec249a5c59b93cd3a77e645fb62e
            • Instruction Fuzzy Hash: B290023121644842E14071584444A46501697D0305F95C011A106469CDD6258E55B761
            Function 01272BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 076f779e3eab034b4632f4e79ab2af386f23eb666e00d345b6a35ba2551bdf9f
            • Instruction ID: 05d3b6ec4e08c029cecf8d43875fa747b57b4c261e04d3e0b7035e33c5a2377e
            • Opcode Fuzzy Hash: 076f779e3eab034b4632f4e79ab2af386f23eb666e00d345b6a35ba2551bdf9f
            • Instruction Fuzzy Hash: 4E90023121240802E1807158444464A500697D1301FD5C015A102565CDCA158B5977A1
            Function 01272AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e9f7d7e03669c4df44bf508ad68775d4935e3b1fb6a90d901a2ea95cb1c4947
            • Instruction ID: 5a05f0dfc8f311ad88dbf6ffb3500920a45c903deac1bc413e16948d336590ca
            • Opcode Fuzzy Hash: 9e9f7d7e03669c4df44bf508ad68775d4935e3b1fb6a90d901a2ea95cb1c4947
            • Instruction Fuzzy Hash: 499002A1212540925500B2588444B0A950697E0301B95C016E2054568CC52589519235
            Function 01272AF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4bd86c00d2dd95bfb7f8e254ba39f4d32a1c17fc22fa34fe2f8f992f93aed744
            • Instruction ID: a5de0409a3c7436b96f4c596bba794a19554009d0f82384204f354b3a2df0bab
            • Opcode Fuzzy Hash: 4bd86c00d2dd95bfb7f8e254ba39f4d32a1c17fc22fa34fe2f8f992f93aed744
            • Instruction Fuzzy Hash: 0A900225232400021145B558064450B5446A7D63513D5C015F2416598CC62189655321
            Function 01272AD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d08aeda2e548a59c9738260d4fb7c8d3a98c3afccf75c5399bd60758fbdead85
            • Instruction ID: 8385324466f7caef30225b5e9b983898a2552f3c02d7ee43ff44e4bfae5efdc9
            • Opcode Fuzzy Hash: d08aeda2e548a59c9738260d4fb7c8d3a98c3afccf75c5399bd60758fbdead85
            • Instruction Fuzzy Hash: 60900435333400031105F55C07445075047D7D53513D5C031F301555CCD731CD715331
            Function 01272D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c189d4cf21ceabd1cef710ef9db2109ffa2cb95ece24411fbc5d455aec041821
            • Instruction ID: 217e0eb488ffc5e60a6b2dda852a68605540dbff8ed5077c8fe72c7ec975d1b1
            • Opcode Fuzzy Hash: c189d4cf21ceabd1cef710ef9db2109ffa2cb95ece24411fbc5d455aec041821
            • Instruction Fuzzy Hash: B790022131240003E140715854586069006E7E1301F95D011E141455CCD91589565322
            Function 01272D00 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7e5b3eb4307be82739ba6b911ad7e387a1f3ae5d220a0365e3a99fe77bb242f0
            • Instruction ID: a01980cebf0ad670899a656447ca785c7c5f549032ea041533b0ff25abd31659
            • Opcode Fuzzy Hash: 7e5b3eb4307be82739ba6b911ad7e387a1f3ae5d220a0365e3a99fe77bb242f0
            • Instruction Fuzzy Hash: 2190022121644442E10075585448A06500697D0305F95D011A206459DDC6358951A231
            Function 01272D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4794ea7d50d16967df9ae0239c3d1c747e2a88c181aba09f1d528b96053f4b02
            • Instruction ID: dfbc5e7a3ff2d4639ae9c37542c4f536700866e2d8683e088585cd712fa4ade9
            • Opcode Fuzzy Hash: 4794ea7d50d16967df9ae0239c3d1c747e2a88c181aba09f1d528b96053f4b02
            • Instruction Fuzzy Hash: 1F90022922340002E1807158544860A500697D1302FD5D415A101555CCC91589695321
            Function 01272DB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 62eee20611a46ba13a9a509159a49ba0ea4de23cadf27895bf9a1963451bdbdc
            • Instruction ID: d7b46464f3e4c6cd5e93ed71cefd74169bf3d52b9954275aac20f95f3b5ee28d
            • Opcode Fuzzy Hash: 62eee20611a46ba13a9a509159a49ba0ea4de23cadf27895bf9a1963451bdbdc
            • Instruction Fuzzy Hash: 9090023125240402E14171584444606500AA7D0341FD5C012A142455CEC6558B56AB61
            Function 01272DD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dda7454a6cb9f9a8543ab5c5844346a84448be3358497031532477ac5908a17a
            • Instruction ID: d0a8e48a156a68e77ba3c919a3a1b8bdc495665f562532c09be4e124f4ec1407
            • Opcode Fuzzy Hash: dda7454a6cb9f9a8543ab5c5844346a84448be3358497031532477ac5908a17a
            • Instruction Fuzzy Hash: 07900221253441526545B15844445079007A7E03417D5C012A2414958CC5269956D721
            Function 01272C60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3fa79fc30f5e320d6fe94c5975948eb7e954e497355d0a11253ab0051bece685
            • Instruction ID: 92b4b76ece0ff5dd026e1ca72286b9da48423bd50681bdac996b57500fd64ab5
            • Opcode Fuzzy Hash: 3fa79fc30f5e320d6fe94c5975948eb7e954e497355d0a11253ab0051bece685
            • Instruction Fuzzy Hash: 4C90023121240842E10071584444B46500697E0301F95C016A112465CDC615C9517621
            Function 01272C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 08d7f679d08e44b93653ba079e35a2fced20b7194c5bbab187c00bcea1a7e955
            • Instruction ID: b38c9317162172c3a09a15f90b66f1f79e73fb53dbdb27e4e6e8edf258f009f9
            • Opcode Fuzzy Hash: 08d7f679d08e44b93653ba079e35a2fced20b7194c5bbab187c00bcea1a7e955
            • Instruction Fuzzy Hash: 8190023121248802E1107158844474A500697D0301F99C411A542465CDC69589917221
            Function 01272CA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4d407e7b21f2f1ea51a452efdd119fd95c396a1253542f1e73ba79827b2fc41f
            • Instruction ID: 691c52434664860ab1d1403c7652af4ab2925950e28a69c69ba240d11d34addc
            • Opcode Fuzzy Hash: 4d407e7b21f2f1ea51a452efdd119fd95c396a1253542f1e73ba79827b2fc41f
            • Instruction Fuzzy Hash: 3D90023121240402E10075985448646500697E0301F95D011A602455DEC66589916231
            Function 01272CF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2ada24bdac4fb214a82339653360de402a557aa1fb8ecfd012762a351efe0781
            • Instruction ID: 2f58f6b5300b13bf9f3be635ca8ee632cf04f9cf28a3879304cc32ba357f1b08
            • Opcode Fuzzy Hash: 2ada24bdac4fb214a82339653360de402a557aa1fb8ecfd012762a351efe0781
            • Instruction Fuzzy Hash: 1890023121240403E10071585548707500697D0301F95D411A142455CDD65689516221
            Function 01272CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4882812a61c977a74f66cb990f8753a452020285b691309a12d468703357bccc
            • Instruction ID: 907816fa5215686df338717a0d68096aa1eddd3670eed13baaab762d569abbf0
            • Opcode Fuzzy Hash: 4882812a61c977a74f66cb990f8753a452020285b691309a12d468703357bccc
            • Instruction Fuzzy Hash: F790022161640402E14071585458706501697D0301F95D011A102455CDC6598B5567A1
            Function 01272F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7fe5f657ca7565464dcc744a9e64f0e6ee451a585ca82945920a668257d092b6
            • Instruction ID: 0850d76c5083917de81b38537c6c61fc93ee1c82a223a3fcec8c7a0d9f9274b3
            • Opcode Fuzzy Hash: 7fe5f657ca7565464dcc744a9e64f0e6ee451a585ca82945920a668257d092b6
            • Instruction Fuzzy Hash: CC90026135240442E10071584454B065006D7E1301F95C015E206455CDC619CD526226
            Function 01272F60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bbac847f776a175e286843ead410e374c6f6cba6f745d9ac79faf4283e57e066
            • Instruction ID: 76eefd2355e08bd9456659255bb53bffff3a7106f7ee26cb640777a05d350ca9
            • Opcode Fuzzy Hash: bbac847f776a175e286843ead410e374c6f6cba6f745d9ac79faf4283e57e066
            • Instruction Fuzzy Hash: EF90026122240042E10471584444706504697E1301F95C012A315455CCC5298D615225
            Function 01272FA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 20162e15f04ec95383eaee38befcefe4fcc537dd527dccdef5acafa3663ed4c7
            • Instruction ID: 0c11e1f00ac51de27c8e3856b2b3e89ef6fe2628ba384d5b3c200b828464ab31
            • Opcode Fuzzy Hash: 20162e15f04ec95383eaee38befcefe4fcc537dd527dccdef5acafa3663ed4c7
            • Instruction Fuzzy Hash: 4B90023121280402E10071584848747500697D0302F95C011A616455DEC665C9916631
            Function 01272FB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f035e70a2bd65ddc7a91aaba0b65bbf313637827c5080767993234bf6d9ffc1f
            • Instruction ID: 637517f3378454ceeb825cfdc94493f08efd3f8a0fd4a2e48518c627822fbaf5
            • Opcode Fuzzy Hash: f035e70a2bd65ddc7a91aaba0b65bbf313637827c5080767993234bf6d9ffc1f
            • Instruction Fuzzy Hash: 83900221612400425140716888849069006BBE1311795C121A1998558DC55989655765
            Function 01272F90 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ce687d34383017a814374ca4449647bf7bf1c415d25a84838b3bda3525f1c5f2
            • Instruction ID: d2072ec4d250987983c0fcc9e1e21c729684961b180686f9afd44eb9a3de3f5e
            • Opcode Fuzzy Hash: ce687d34383017a814374ca4449647bf7bf1c415d25a84838b3bda3525f1c5f2
            • Instruction Fuzzy Hash: 2390023121280402E1007158485470B500697D0302F95C011A216455DDC62589516671
            Function 01272FE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8da05deb710642a0981df967de4f138478d22e7448e5ff757796c85c01eb674b
            • Instruction ID: 549cd70a524c6f21051acfd8793fe7b54918b31df4b6be0af202eb72fd60f43a
            • Opcode Fuzzy Hash: 8da05deb710642a0981df967de4f138478d22e7448e5ff757796c85c01eb674b
            • Instruction Fuzzy Hash: 4E900221222C0042E20075684C54B07500697D0303F95C115A115455CCC91589615621
            Function 01272E30 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5c52e403829da1c5a0f5beeda1b60c6dcb879b05f07051a04e3388ac185bbe88
            • Instruction ID: b414c5dc87dfe7d21077ab43179aaba9a05bf80e57774cb126b394ee55632048
            • Opcode Fuzzy Hash: 5c52e403829da1c5a0f5beeda1b60c6dcb879b05f07051a04e3388ac185bbe88
            • Instruction Fuzzy Hash: 0890022131240402E10271584454606500AD7D1345FD5C012E242455DDC6258A53A232
            Function 01272EA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6afd4d008ef595337e3a108edcfff9b5eccad0195a5ed984a9fc1e116386c144
            • Instruction ID: e94ed2127a7c4f68c544d7ce0e56f6f255bd27576dcd735c43add514d6dd35dd
            • Opcode Fuzzy Hash: 6afd4d008ef595337e3a108edcfff9b5eccad0195a5ed984a9fc1e116386c144
            • Instruction Fuzzy Hash: D490027121240402E14071584444746500697D0301F95C011A606455CEC6598ED56765
            Function 01272E80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 12eef03c44219801c2ab044516a83e0f421106b109c4d3402fd225b9a61beab5
            • Instruction ID: 51214849d7018e36ee15dcc685b6fb0c2e6a55fbbde8dcb3977d8bbcecd4ace5
            • Opcode Fuzzy Hash: 12eef03c44219801c2ab044516a83e0f421106b109c4d3402fd225b9a61beab5
            • Instruction Fuzzy Hash: CE90022161240502E10171584444616500B97D0341FD5C022A202455DECA258A92A231
            Function 01272EE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 87d020df8a4d07d78cff0b3e232c775ecfd57e21b5d44886126e2656f95423e6
            • Instruction ID: 56da9985fcfaabd6505466881fd0a0ce1479215a67899ebb60cc611ddb45d2a8
            • Opcode Fuzzy Hash: 87d020df8a4d07d78cff0b3e232c775ecfd57e21b5d44886126e2656f95423e6
            • Instruction Fuzzy Hash: DE90026121280403E14075584844607500697D0302F95C011A306455DECA298D516235
            Function 01273010 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ff47cfbcae4491611fb9ffc0e2126a232206ed11e2d38fb02d61051f97a27d29
            • Instruction ID: 0be573ac7013602c0cc728503f3a36c893d55bfa7359ac0fa2420b80f21f1acd
            • Opcode Fuzzy Hash: ff47cfbcae4491611fb9ffc0e2126a232206ed11e2d38fb02d61051f97a27d29
            • Instruction Fuzzy Hash: E390022121284442E14072584844B0F910697E1302FD5C019A515655CCC91589555721
            Function 01273090 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9facc0a35cd31ec7c6da585ec62e66ab99869ffa42dcad3f3154f7293753ae53
            • Instruction ID: 1837150c807d79618d308e465b7efe116cd7a64e9af413825e8029f612debcb2
            • Opcode Fuzzy Hash: 9facc0a35cd31ec7c6da585ec62e66ab99869ffa42dcad3f3154f7293753ae53
            • Instruction Fuzzy Hash: 0290022125240802E140715884547075007D7D0701F95C011A102455CDC6168A6567B1
            Function 012735C0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 493f40d43cecd2b357bf6e1e334c1b92e5c2d6b442b110eaae5ef641c53d4b83
            • Instruction ID: 3e06d8b115e3cda66e8481c330cec938365ccc660ae31eddcededbb130e838c4
            • Opcode Fuzzy Hash: 493f40d43cecd2b357bf6e1e334c1b92e5c2d6b442b110eaae5ef641c53d4b83
            • Instruction Fuzzy Hash: DD90023161650402E10071584554706600697D0301FA5C411A142456CDC7958A5166A2
            Function 012739B0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: df9d94697b1722b35c2e89b48e2e0371619a5c14bd8c97d54a1ae3104f4a59db
            • Instruction ID: 5ab3d28b3cd039f183eaed639b30df464cda0528e754b398597049b34dcaea9b
            • Opcode Fuzzy Hash: df9d94697b1722b35c2e89b48e2e0371619a5c14bd8c97d54a1ae3104f4a59db
            • Instruction Fuzzy Hash: 5E90022125645102E150715C44446169006B7E0301F95C021A181459CDC55589556321
            Function 01272C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction ID: ab3b5dd5735c097f18a1587d2f18a1045a10b3491938433fb7e86c6c6c20a6de
            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction Fuzzy Hash:
            Function 01272890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: e4f2db1d12f370d33cb3d57d38e8c6b69e3df4d1be0a9e3cf267c5b4ca1af9ab
            • Instruction ID: 061b882c067ca9ca60082245e7f94fec669ae9d86e481bb0e0897d45caabadf1
            • Opcode Fuzzy Hash: e4f2db1d12f370d33cb3d57d38e8c6b69e3df4d1be0a9e3cf267c5b4ca1af9ab
            • Instruction Fuzzy Hash: 5551D6B5A20117FFDB21DB9C889097FFBB8BF08240B648269E595D7641D374DE44CBA0
            Function 012E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: cffd116f7bac6b31308f3297dc84b2ffd2becbfe93ba1106a5648a3b766365ef
            • Instruction ID: bfe59b64372d9994eac1e5029808a7ae329f8dcb18e3b512674eca58184e9fa6
            • Opcode Fuzzy Hash: cffd116f7bac6b31308f3297dc84b2ffd2becbfe93ba1106a5648a3b766365ef
            • Instruction Fuzzy Hash: D3512771A20656EECF34DF5CD99487FBBFCEB48200B848459E597D7681E6B4EA008760
            Function 01267630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
            Download Yara Rule
            Strings
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 012A4742
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 012A4725
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 012A4655
            • Execute=1, xrefs: 012A4713
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 012A46FC
            • ExecuteOptions, xrefs: 012A46A0
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 012A4787
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: 10408874bc8af7d0a4a15950a439544988186c80a4aa8cb68df5a3cc0f33d0d2
            • Instruction ID: 941fed4d5f0471cfefde4e602951fc850d653dc6ea027c3608ed75e26da06049
            • Opcode Fuzzy Hash: 10408874bc8af7d0a4a15950a439544988186c80a4aa8cb68df5a3cc0f33d0d2
            • Instruction Fuzzy Hash: A5512D3162025AAFEF25EA69EC85FBE77ACEF14308F4400A9D705971D0D7709E818F50
            Function 01306940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
            • Instruction ID: 472e72258ab9850e2456e7c100c4fe1e0d8d9737137f282a052ec679117afd0f
            • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
            • Instruction Fuzzy Hash: 1C0227B1508342AFD706DF18C5A1A6FBBE5EFC8708F04892DF9894B294DB31E945CB52
            Function 0127B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-$0$0
            • API String ID: 1302938615-699404926
            • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
            • Instruction ID: 3056d6e539599a60a0bfbfe3da45fb39d5dbaf49e13d0f75f9ae0aa0c337c7a0
            • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
            • Instruction Fuzzy Hash: FA81C171E3524A9EEF29CE6CC8917FFBBB1AF45320F18421ADA61A72D1C7349840CB55
            Function 012E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$[$]:%u
            • API String ID: 48624451-2819853543
            • Opcode ID: c206993a1ed00ff80aec3759046297bc19f34a795e9201e5a9673cc143d210b8
            • Instruction ID: 1ec56b1e8ed5a737e7a586dfe672129031ab4f583760a8c1c3319cad2bfc6ad5
            • Opcode Fuzzy Hash: c206993a1ed00ff80aec3759046297bc19f34a795e9201e5a9673cc143d210b8
            • Instruction Fuzzy Hash: 9121657AA2011AEBDB10DF79CC44AFEBBFCEF54644F44011AEA05E7241E730DA058BA1
            Function 0125F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
            Download Yara Rule
            Strings
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 012A02E7
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 012A02BD
            • RTL: Re-Waiting, xrefs: 012A031E
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
            • API String ID: 0-2474120054
            • Opcode ID: 5e681a25faa53cb3d8143bc01648ae885bda4828280ed7d56de2a0c603a3a673
            • Instruction ID: 7902624c4b4106a4f4338c86ea1ad2023deac92d2cfa0a868d0c35f3e72d6593
            • Opcode Fuzzy Hash: 5e681a25faa53cb3d8143bc01648ae885bda4828280ed7d56de2a0c603a3a673
            • Instruction Fuzzy Hash: 4CE1BE30624742DFD765CF28C985B6ABBE0BF88314F140A2DFAA58B2D1D774E944CB52
            Function 0126B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012A728C
            Strings
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 012A7294
            • RTL: Re-Waiting, xrefs: 012A72C1
            • RTL: Resource at %p, xrefs: 012A72A3
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: df82f88fd4fc7bc7fc07bafb984a7572e9040fa3f28357015aee97d4e793afba
            • Instruction ID: 629978521e6cee90dbbc2896e2d88aa6d052af592f493d57f0b6d0dcb08e9367
            • Opcode Fuzzy Hash: df82f88fd4fc7bc7fc07bafb984a7572e9040fa3f28357015aee97d4e793afba
            • Instruction Fuzzy Hash: AD41F035760603ABD721DE29CC41B66B7A9FB94710F100629FA55EB280DB32E8428BD5
            Function 012E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$]:%u
            • API String ID: 48624451-3050659472
            • Opcode ID: 6f0ce7b45f31b4d914c588d86d42af20d788669c12ff38bcfb37de456efc7496
            • Instruction ID: 8ffcbfb4b068d178b48577a0df8c9c2da276e979b68e9f2c15ca487ae3ad59b5
            • Opcode Fuzzy Hash: 6f0ce7b45f31b4d914c588d86d42af20d788669c12ff38bcfb37de456efc7496
            • Instruction Fuzzy Hash: 1B314572610219DFDB20DF29DC44BEEB7FCFB54610F84455AE949E3240EB309A448F61
            Function 01239126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: c139faf27d855593e916ea4cc28638d3c2769e2a1bb6b13b16dc2f3cad0a2b70
            • Instruction ID: cae6ff71ce7405b80bcde5206eb78cbe0097e6dfa155d75cfce5ddaf5a5e4e79
            • Opcode Fuzzy Hash: c139faf27d855593e916ea4cc28638d3c2769e2a1bb6b13b16dc2f3cad0a2b70
            • Instruction Fuzzy Hash: 55811C72D1026ADBDB35DF58CC45BEAB6B8AB48714F0041DAEA19B7280D7705E84CFA0
            Function 01267B2F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81threadCOMMON
            Download Yara Rule
            APIs
            • BaseThreadInitThunk.KERNEL32 ref: 01267B5C
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.2041382964.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1200000_173312131497fead2ebdffba48e639d886af98a7e28613c1999208e8d7a719ebfa8a8c.jbxd
            Similarity
            • API ID: BaseInitThreadThunk
            • String ID: $h4;$3+4(
            • API String ID: 2021000177-2200218722
            • Opcode ID: dccee98bcec738945a64a99ec4b448ef5c70aadad8b2b894ecf840ceaa71fa85
            • Instruction ID: a349a98efbb7d6be0aab7e512efd4cc8bbdd25dbadc60b8a033aafde4bf92dab
            • Opcode Fuzzy Hash: dccee98bcec738945a64a99ec4b448ef5c70aadad8b2b894ecf840ceaa71fa85
            • Instruction Fuzzy Hash: 9B312675E10229DFCF21EFA8D855AADBBF4BB48720F24412AE911B7290C7719900CF54