Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3FG4bsfkEwmxFYY.exe

Overview

General Information

Sample name:3FG4bsfkEwmxFYY.exe
Analysis ID:1580314
MD5:a8dadba4e00d4a960fdff63594e6bc11
SHA1:208d148340f8184cf8b2ad0c02196b9718605ff7
SHA256:f93805b2899cc7a68369be48f770e2f293410dfea9f0186d4270fedff272a8ce
Tags:exeuser-julianmckein
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 3FG4bsfkEwmxFYY.exe (PID: 4348 cmdline: "C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe" MD5: A8DADBA4E00D4A960FDFF63594E6BC11)
    • 3FG4bsfkEwmxFYY.exe (PID: 3744 cmdline: "C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe" MD5: A8DADBA4E00D4A960FDFF63594E6BC11)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2217986683.0000000000A90000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Process Memory Space: 3FG4bsfkEwmxFYY.exe PID: 4348JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.3FG4bsfkEwmxFYY.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.3FG4bsfkEwmxFYY.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: 3FG4bsfkEwmxFYY.exeReversingLabs: Detection: 39%
            Source: 3FG4bsfkEwmxFYY.exeVirustotal: Detection: 34%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.3FG4bsfkEwmxFYY.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.3FG4bsfkEwmxFYY.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2217986683.0000000000A90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: 3FG4bsfkEwmxFYY.exeJoe Sandbox ML: detected
            Source: 3FG4bsfkEwmxFYY.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: 3FG4bsfkEwmxFYY.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: 3FG4bsfkEwmxFYY.exe, 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 3FG4bsfkEwmxFYY.exe, 3FG4bsfkEwmxFYY.exe, 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747628114.0000000004F14000.00000004.00000020.00020000.00000000.sdmp, 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.3FG4bsfkEwmxFYY.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.3FG4bsfkEwmxFYY.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2217986683.0000000000A90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0042CCC3 NtClose,2_2_0042CCC3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022B60 NtClose,LdrInitializeThunk,2_2_01022B60
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01022DF0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01022C70
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010235C0 NtCreateMutant,LdrInitializeThunk,2_2_010235C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01024340 NtSetContextThread,2_2_01024340
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01024650 NtSuspendThread,2_2_01024650
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022B80 NtQueryInformationFile,2_2_01022B80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022BA0 NtEnumerateValueKey,2_2_01022BA0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022BE0 NtQueryValueKey,2_2_01022BE0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022BF0 NtAllocateVirtualMemory,2_2_01022BF0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022AB0 NtWaitForSingleObject,2_2_01022AB0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022AD0 NtReadFile,2_2_01022AD0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022AF0 NtWriteFile,2_2_01022AF0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022D00 NtSetInformationFile,2_2_01022D00
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022D10 NtMapViewOfSection,2_2_01022D10
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022D30 NtUnmapViewOfSection,2_2_01022D30
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022DB0 NtEnumerateKey,2_2_01022DB0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022DD0 NtDelayExecution,2_2_01022DD0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022C00 NtQueryInformationProcess,2_2_01022C00
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022C60 NtCreateKey,2_2_01022C60
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022CA0 NtQueryInformationToken,2_2_01022CA0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022CC0 NtQueryVirtualMemory,2_2_01022CC0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022CF0 NtOpenProcess,2_2_01022CF0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022F30 NtCreateSection,2_2_01022F30
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022F60 NtCreateProcessEx,2_2_01022F60
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022F90 NtProtectVirtualMemory,2_2_01022F90
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022FA0 NtQuerySection,2_2_01022FA0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022FB0 NtResumeThread,2_2_01022FB0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022FE0 NtCreateFile,2_2_01022FE0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022E30 NtWriteVirtualMemory,2_2_01022E30
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022E80 NtReadVirtualMemory,2_2_01022E80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022EA0 NtAdjustPrivilegesToken,2_2_01022EA0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022EE0 NtQueueApcThread,2_2_01022EE0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01023010 NtOpenDirectoryObject,2_2_01023010
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01023090 NtSetValueKey,2_2_01023090
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010239B0 NtGetContextThread,2_2_010239B0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01023D10 NtOpenProcessToken,2_2_01023D10
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01023D70 NtOpenThread,2_2_01023D70
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_00A2E7140_2_00A2E714
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_026291D60_2_026291D6
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_02628E480_2_02628E48
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_0262DEA80_2_0262DEA8
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_0262A2100_2_0262A210
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_0262A2B10_2_0262A2B1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_026244370_2_02624437
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_0262A5380_2_0262A538
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_0262D8F30_2_0262D8F3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_0262D8F80_2_0262D8F8
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_06BBE4780_2_06BBE478
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_06BBE0400_2_06BBE040
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_06BBE8B00_2_06BBE8B0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_06FF04780_2_06FF0478
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_06FF04680_2_06FF0468
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_06FF00400_2_06FF0040
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_06FF00070_2_06FF0007
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_0866773C0_2_0866773C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_0866819B0_2_0866819B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00401C662_2_00401C66
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004030452_2_00403045
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004030502_2_00403050
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0040E8EA2_2_0040E8EA
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0040E8F32_2_0040E8F3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0040296B2_2_0040296B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004029702_2_00402970
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00404A472_2_00404A47
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0042F2B32_2_0042F2B3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004014402_2_00401440
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004034202_2_00403420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0041056A2_2_0041056A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004105732_2_00410573
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004025C62_2_004025C6
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004025D02_2_004025D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00402E2E2_2_00402E2E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00402E302_2_00402E30
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00416F1E2_2_00416F1E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00416F232_2_00416F23
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004107932_2_00410793
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0040E79A2_2_0040E79A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0040E7A32_2_0040E7A3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108A1182_2_0108A118
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010781582_2_01078158
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B01AA2_2_010B01AA
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A41A22_2_010A41A2
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A81CC2_2_010A81CC
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010820002_2_01082000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE01002_2_00FE0100
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AA3522_2_010AA352
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B03E62_2_010B03E6
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFE3F02_2_00FFE3F0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010902742_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010702C02_2_010702C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B05912_2_010B0591
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010944202_2_01094420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A24462_2_010A2446
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF05352_2_00FF0535
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109E4F62_2_0109E4F6
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010147502_2_01014750
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEC7C02_2_00FEC7C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF07702_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100C6E02_2_0100C6E0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD68B82_2_00FD68B8
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010069622_2_01006962
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010BA9A62_2_010BA9A6
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF28402_2_00FF2840
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFA8402_2_00FFA840
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A02_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E8F02_2_0101E8F0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AAB402_2_010AAB40
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA802_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A6BD72_2_010A6BD7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE0CF22_2_00FE0CF2
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108CD1F2_2_0108CD1F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01008DBF2_2_01008DBF
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0C002_2_00FF0C00
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEADE02_2_00FEADE0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090CB52_2_01090CB5
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFAD002_2_00FFAD00
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01032F282_2_01032F28
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01010F302_2_01010F30
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01092F302_2_01092F30
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01064F402_2_01064F40
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0E592_2_00FF0E59
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106EFA02_2_0106EFA0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AEE262_2_010AEE26
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE2FC82_2_00FE2FC8
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01002E902_2_01002E90
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010ACE932_2_010ACE93
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AEEDB2_2_010AEEDB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF70C02_2_00FF70C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010BB16B2_2_010BB16B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0102516C2_2_0102516C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFB1B02_2_00FFB1B0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDF1722_2_00FDF172
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109F0CC2_2_0109F0CC
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A70E92_2_010A70E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AF0E02_2_010AF0E0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A132D2_2_010A132D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF52A02_2_00FF52A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0103739A2_2_0103739A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDD34C2_2_00FDD34C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100B2C02_2_0100B2C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010912ED2_2_010912ED
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A75712_2_010A7571
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE14602_2_00FE1460
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108D5B02_2_0108D5B0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AF43F2_2_010AF43F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AF7B02_2_010AF7B0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A16CC2_2_010A16CC
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010859102_2_01085910
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF38E02_2_00FF38E0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100B9502_2_0100B950
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105D8002_2_0105D800
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF99502_2_00FF9950
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AFB762_2_010AFB76
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100FB802_2_0100FB80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01065BF02_2_01065BF0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0102DBF92_2_0102DBF9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AFA492_2_010AFA49
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A7A462_2_010A7A46
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01063A6C2_2_01063A6C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01035AA02_2_01035AA0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108DAAC2_2_0108DAAC
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01091AA32_2_01091AA3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109DAC62_2_0109DAC6
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A1D5A2_2_010A1D5A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A7D732_2_010A7D73
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100FDC02_2_0100FDC0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01069C322_2_01069C32
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF3D402_2_00FF3D40
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AFCF22_2_010AFCF2
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AFF092_2_010AFF09
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF9EB02_2_00FF9EB0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AFFB12_2_010AFFB1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF1F922_2_00FF1F92
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: String function: 01025130 appears 58 times
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: String function: 0106F290 appears 105 times
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: String function: 00FDB970 appears 265 times
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: String function: 0105EA12 appears 86 times
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: String function: 01037E54 appears 100 times
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1745433811.00000000027A5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs 3FG4bsfkEwmxFYY.exe
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1748882656.0000000008640000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs 3FG4bsfkEwmxFYY.exe
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000000.1720714329.00000000002A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAzxV.exe. vs 3FG4bsfkEwmxFYY.exe
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1744598663.0000000000A3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 3FG4bsfkEwmxFYY.exe
            Source: 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1748339158.0000000006BF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs 3FG4bsfkEwmxFYY.exe
            Source: 3FG4bsfkEwmxFYY.exe, 00000002.00000002.2218511427.00000000010DD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 3FG4bsfkEwmxFYY.exe
            Source: 3FG4bsfkEwmxFYY.exeBinary or memory string: OriginalFilenameAzxV.exe. vs 3FG4bsfkEwmxFYY.exe
            Source: 3FG4bsfkEwmxFYY.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: 3FG4bsfkEwmxFYY.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, swiCtI2X3eGmi42eFl.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, csWNpqmBj0Jd5ipbT9.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, csWNpqmBj0Jd5ipbT9.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, csWNpqmBj0Jd5ipbT9.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, swiCtI2X3eGmi42eFl.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, csWNpqmBj0Jd5ipbT9.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, csWNpqmBj0Jd5ipbT9.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, csWNpqmBj0Jd5ipbT9.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal80.troj.evad.winEXE@3/1@0/0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3FG4bsfkEwmxFYY.exe.logJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMutant created: NULL
            Source: 3FG4bsfkEwmxFYY.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 3FG4bsfkEwmxFYY.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 3FG4bsfkEwmxFYY.exeReversingLabs: Detection: 39%
            Source: 3FG4bsfkEwmxFYY.exeVirustotal: Detection: 34%
            Source: unknownProcess created: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe "C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe"
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess created: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe "C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe"
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess created: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe "C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe"Jump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeSection loaded: iconcodecservice.dllJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: 3FG4bsfkEwmxFYY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 3FG4bsfkEwmxFYY.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: 3FG4bsfkEwmxFYY.exe, 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 3FG4bsfkEwmxFYY.exe, 3FG4bsfkEwmxFYY.exe, 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, csWNpqmBj0Jd5ipbT9.cs.Net Code: Ek5opGNODd System.Reflection.Assembly.Load(byte[])
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, csWNpqmBj0Jd5ipbT9.cs.Net Code: Ek5opGNODd System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_02620BE8 push 34025FC4h; iretd 0_2_02620BED
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_02626FB1 push 3C051402h; ret 0_2_02626FBD
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_06BB46A6 pushfd ; ret 0_2_06BB46A7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_06FF1912 push ecx; ret 0_2_06FF191C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_08665AE2 push esp; retf 0_2_08665AE9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_0866EDDE push 0000005Dh; ret 0_2_0866EDED
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 0_2_08662620 pushad ; retn 0255h0_2_0866264D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004178CA push edx; iretd 2_2_004178CD
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004150EB push esp; iretd 2_2_0041514F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0040D8B6 push ecx; ret 2_2_0040D8B7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00415119 push esp; iretd 2_2_0041514F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00424A53 push 3D550B4Fh; ret 2_2_00424A6B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00417A3B push ebx; iretd 2_2_00417A3C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00423D13 push edi; retf 2_2_00423D1E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00423DBE push esp; iretd 2_2_00423DE4
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0040AEDA push FFFFFF84h; retf 2_2_0040AEDC
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_004036A0 push eax; ret 2_2_004036A2
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE09AD push ecx; mov dword ptr [esp], ecx2_2_00FE09B6
            Source: 3FG4bsfkEwmxFYY.exeStatic PE information: section name: .text entropy: 7.785065831548723
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, N5xLnPXXNc7AKvfMjgg.csHigh entropy of concatenated method names: 'ksNkiqdtUq', 'H6Kkzwp0WT', 'gDZFPcB6UJ', 'WstFXrZxr6', 'v1RFCnJCEf', 'rd3F7etser', 'nS9FoPXnuE', 'spLFtVpp28', 'VX3FVuJwgU', 'spHFQBx9v0'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, swiCtI2X3eGmi42eFl.csHigh entropy of concatenated method names: 'E8yQNpMDQv', 'CDLQsvGTm4', 'wpVQaJf36C', 'PEBQJ72DZR', 'IWaQrr0LGC', 'A60QqQJj0W', 'WtpQE2WckU', 'oZDQxTQXCE', 'I1qQ4u6qdF', 'E8qQioill5'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, qqHqaygFYKSVZYhgU3.csHigh entropy of concatenated method names: 'qPbjfOUHy7', 'C8DjOWTCOa', 'ECbjpoD1Bs', 'X2YjuVKEb2', 'fs8jlq07Za', 'VI4j5N0G86', 'k8fjdpR7kG', 'O0cj22vj1k', 'rwBjwQ0dDG', 'daTjBIuhdM'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, YGGJfSJbNWPpEB2QPK.csHigh entropy of concatenated method names: 'pFSA9olYER', 'H7NA1QgXsN', 'ToString', 'nHsAV6W6Bg', 'goYAQTKRNK', 'T34AHlbpHt', 'hKeAKybnYQ', 'mJTATwTK0Z', 'j3mAjniSy7', 'KxJAm5Qd7t'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, csWNpqmBj0Jd5ipbT9.csHigh entropy of concatenated method names: 'YvS7tqr9Ay', 'Vp67VU4gas', 'ieV7QnLp3s', 'BRb7H1kOAL', 'xxQ7KRC7nm', 'a7A7TZ4TYg', 'CEk7jVKPkw', 'nye7maunKC', 'EHv7YW898x', 'pFW79QFctp'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, qRUV9lXPW6gRlGx7tiC.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'euMkeGkf1M', 'OwRky372M4', 'MGukZYiA9c', 'ASnkNFgkL9', 'KJZkseRUbY', 'sBNkaB5oft', 'pRNkJve58V'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, SkowgLwpFC5uOYLquC.csHigh entropy of concatenated method names: 'u9RHuHcOB7', 'JToH5BokyU', 'dxiH2ke6JG', 'KNRHwAB3Qi', 'xG0Hh8raQ9', 'xltHRZffGU', 'ObMHAagN4M', 'uS9H0k5iJ9', 'oeuHImkhoH', 'wpcHkrQJDL'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, BnVuhWX7YQvao70IDkC.csHigh entropy of concatenated method names: 'XSrFiOAS5d', 'DLSFzNFGX9', 'Ws88PkV9t3', 'FUtv5VxskogafHIDBOx', 'YfReFux3JaFyUr2AHnT', 'SQuj6ex20PT7pUGVUZN', 'xX3WwaxrWdwkPuJZc7H', 'jrwnxBxpOmBoRSMR0fe'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, D6MHU6bh7hKU20ZbO9.csHigh entropy of concatenated method names: 'UjETtKkUly', 'MVDTQEPIWN', 'q2STKVfGP8', 'FeCTjB6Anb', 's9yTmZBW2k', 'AOMKrFSWs1', 'QLFKqfuVhX', 'l86KEYENyK', 'CSoKxahABI', 'M4aK40jHJn'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, Aufjy9ieP2Lua2N8FW.csHigh entropy of concatenated method names: 'HWOkHkrNoM', 'G2okKyFIfE', 'LMdkT8N3IR', 'rvdkjZIDbq', 'cAgkIhHT2A', 'Cd5kmCNbFj', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, VgPWa5XC911AfrWkJMk.csHigh entropy of concatenated method names: 'ToString', 'NkfF29QR7Q', 'O4AFwP3tj2', 'JAVFBBQ4E6', 'g9lFbBo4Dk', 'nXRFcZ3Q1F', 'RSUFWTVmpk', 'lYWF64Kf5E', 'SIM8uixIQcCkZ4NOGCT', 'Ciax6kxakUZ4AIoKeJy'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, AIlcNBQEmOpeAGyD3L.csHigh entropy of concatenated method names: 'Dispose', 'a8AX4gkbS4', 'FGECcYn8uO', 'fgNNxc1BC4', 'abpXiEgmd5', 'HaUXzFBHGj', 'ProcessDialogKey', 'R65CPMmgaW', 'B2ACXJS6iA', 'dD7CCuufjy'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, JKChN7zem7bnSn9xc0.csHigh entropy of concatenated method names: 'dm4k5yebZ3', 'qwHk2iVvDK', 'w0Rkwdsis3', 'DjCkb9IsE5', 'HRRkckRNJR', 'RMik6eWwjF', 'dNqkSBPeKu', 'Hq8kD5wA9w', 'SrWkfB6pGQ', 'OIrkOX16CZ'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, CMmgaW452AJS6iAoD7.csHigh entropy of concatenated method names: 'DERIb8qQMN', 'gwxIcjLS8k', 'ob8IWrym9a', 'DD6I6rhdp8', 'GUHISnRQ9o', 'hSVIMNxutc', 'InHIvmbAfD', 'qKaIUGjlLC', 'yJnIgYJPrU', 'Vi7InFjMGE'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, kpEW4maAmK8tqSDSeV.csHigh entropy of concatenated method names: 'ToString', 'BBVRet3L3k', 'Ip8RcAaX6F', 'YpRRW9G1eF', 'Ua4R615XdG', 'QE8RSk1ZL0', 'xUxRMEwyDg', 'S7GRvqR8tS', 'q94RU5Wcnl', 'zOwRgmTdf8'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, fl2GJPBylt21c7m46O.csHigh entropy of concatenated method names: 'Rd2KlrTH7T', 'eZQKdbYj0M', 'rfAHWs5NgY', 'dcCH6UO5wt', 'IOBHS6w9VN', 'wVUHMf1C5t', 'gieHvAEsVU', 'E7qHUmfT2v', 'OBgHgV7RwC', 'S4FHn4Rgih'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, LCE8JUqfOIAn7kXVBK.csHigh entropy of concatenated method names: 'FmDAxuvyG7', 'zooAirS66P', 'ade0PyZKnt', 'wkB0XP8fOL', 'yTjAenFevl', 'c3DAyyHfQB', 'HZlAZIA36p', 'WndANCYxns', 'jkHAspmPHW', 'FwlAagf3RJ'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, EFHCQLXovQ08PgsxXME.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hUG8I58HiA', 'Pl78kpWcl0', 'tuJ8FtKv2Y', 'Dan88ujaea', 'K9a8G7qGX5', 'UhB8LNICfE', 'UW98DJ7W4A'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, UjWSKwZhABlk5FwIsF.csHigh entropy of concatenated method names: 'WhB324YfvL', 'psI3wUeP3i', 'Nj43byrg1s', 'oDv3cd0Z4g', 'Amc36kFfIR', 'C4n3SbVHyC', 'n4h3vlX4Bg', 'Xwi3Us2QPp', 'LTS3n6EoFU', 'JJP3eN3hl3'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, OcC43cE5pP8AgkbS4X.csHigh entropy of concatenated method names: 'fjGIhuwF0j', 'pymIAJVJDU', 'iu8IIdPWrJ', 'RT9IFmCsYN', 'zAdIGg9tA2', 'bUcIDNufFM', 'Dispose', 'bMa0VXH1Iw', 'toD0QkIPlU', 'hfm0HacoCy'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, DKiYwKNrWpanpAZrKv.csHigh entropy of concatenated method names: 'YJjhn1h6CQ', 'AX9hy119pR', 'jtLhN4blHg', 'slMhsqH5g7', 'SCphcxPvnd', 'c7yhWMH8lO', 'Vgfh6qxUSo', 'cIdhSH3Xx5', 'garhMBRdaY', 'J2rhv0GPPE'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, cTlGrBo8QmPdHDx8X8.csHigh entropy of concatenated method names: 'EgkXjwiCtI', 'b3eXmGmi42', 'wpFX9C5uOY', 'wquX1CVl2G', 'cm4Xh6O26M', 'gU6XRh7hKU', 'IUffco8opYaLOUdDmO', 'SfOYOinK3UR2id83ZJ', 'hhhXXr3ZrP', 'uwwX7fuvDv'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.3835bb8.3.raw.unpack, MZsjVkCGT0WUBCAwiX.csHigh entropy of concatenated method names: 'Y5JpP4OWO', 'ISyutocnx', 'Bn65itG1r', 'xrqd2CMdn', 'cSgwAeS1o', 'xuNBeOAOX', 'HvxdjARk8GyEWpTMbl', 'biEvkOCsiPAjYYUshn', 'Y9I01fDrG', 'ofSkfCheI'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, N5xLnPXXNc7AKvfMjgg.csHigh entropy of concatenated method names: 'ksNkiqdtUq', 'H6Kkzwp0WT', 'gDZFPcB6UJ', 'WstFXrZxr6', 'v1RFCnJCEf', 'rd3F7etser', 'nS9FoPXnuE', 'spLFtVpp28', 'VX3FVuJwgU', 'spHFQBx9v0'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, swiCtI2X3eGmi42eFl.csHigh entropy of concatenated method names: 'E8yQNpMDQv', 'CDLQsvGTm4', 'wpVQaJf36C', 'PEBQJ72DZR', 'IWaQrr0LGC', 'A60QqQJj0W', 'WtpQE2WckU', 'oZDQxTQXCE', 'I1qQ4u6qdF', 'E8qQioill5'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, qqHqaygFYKSVZYhgU3.csHigh entropy of concatenated method names: 'qPbjfOUHy7', 'C8DjOWTCOa', 'ECbjpoD1Bs', 'X2YjuVKEb2', 'fs8jlq07Za', 'VI4j5N0G86', 'k8fjdpR7kG', 'O0cj22vj1k', 'rwBjwQ0dDG', 'daTjBIuhdM'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, YGGJfSJbNWPpEB2QPK.csHigh entropy of concatenated method names: 'pFSA9olYER', 'H7NA1QgXsN', 'ToString', 'nHsAV6W6Bg', 'goYAQTKRNK', 'T34AHlbpHt', 'hKeAKybnYQ', 'mJTATwTK0Z', 'j3mAjniSy7', 'KxJAm5Qd7t'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, csWNpqmBj0Jd5ipbT9.csHigh entropy of concatenated method names: 'YvS7tqr9Ay', 'Vp67VU4gas', 'ieV7QnLp3s', 'BRb7H1kOAL', 'xxQ7KRC7nm', 'a7A7TZ4TYg', 'CEk7jVKPkw', 'nye7maunKC', 'EHv7YW898x', 'pFW79QFctp'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, qRUV9lXPW6gRlGx7tiC.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'euMkeGkf1M', 'OwRky372M4', 'MGukZYiA9c', 'ASnkNFgkL9', 'KJZkseRUbY', 'sBNkaB5oft', 'pRNkJve58V'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, SkowgLwpFC5uOYLquC.csHigh entropy of concatenated method names: 'u9RHuHcOB7', 'JToH5BokyU', 'dxiH2ke6JG', 'KNRHwAB3Qi', 'xG0Hh8raQ9', 'xltHRZffGU', 'ObMHAagN4M', 'uS9H0k5iJ9', 'oeuHImkhoH', 'wpcHkrQJDL'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, BnVuhWX7YQvao70IDkC.csHigh entropy of concatenated method names: 'XSrFiOAS5d', 'DLSFzNFGX9', 'Ws88PkV9t3', 'FUtv5VxskogafHIDBOx', 'YfReFux3JaFyUr2AHnT', 'SQuj6ex20PT7pUGVUZN', 'xX3WwaxrWdwkPuJZc7H', 'jrwnxBxpOmBoRSMR0fe'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, D6MHU6bh7hKU20ZbO9.csHigh entropy of concatenated method names: 'UjETtKkUly', 'MVDTQEPIWN', 'q2STKVfGP8', 'FeCTjB6Anb', 's9yTmZBW2k', 'AOMKrFSWs1', 'QLFKqfuVhX', 'l86KEYENyK', 'CSoKxahABI', 'M4aK40jHJn'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, Aufjy9ieP2Lua2N8FW.csHigh entropy of concatenated method names: 'HWOkHkrNoM', 'G2okKyFIfE', 'LMdkT8N3IR', 'rvdkjZIDbq', 'cAgkIhHT2A', 'Cd5kmCNbFj', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, VgPWa5XC911AfrWkJMk.csHigh entropy of concatenated method names: 'ToString', 'NkfF29QR7Q', 'O4AFwP3tj2', 'JAVFBBQ4E6', 'g9lFbBo4Dk', 'nXRFcZ3Q1F', 'RSUFWTVmpk', 'lYWF64Kf5E', 'SIM8uixIQcCkZ4NOGCT', 'Ciax6kxakUZ4AIoKeJy'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, AIlcNBQEmOpeAGyD3L.csHigh entropy of concatenated method names: 'Dispose', 'a8AX4gkbS4', 'FGECcYn8uO', 'fgNNxc1BC4', 'abpXiEgmd5', 'HaUXzFBHGj', 'ProcessDialogKey', 'R65CPMmgaW', 'B2ACXJS6iA', 'dD7CCuufjy'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, JKChN7zem7bnSn9xc0.csHigh entropy of concatenated method names: 'dm4k5yebZ3', 'qwHk2iVvDK', 'w0Rkwdsis3', 'DjCkb9IsE5', 'HRRkckRNJR', 'RMik6eWwjF', 'dNqkSBPeKu', 'Hq8kD5wA9w', 'SrWkfB6pGQ', 'OIrkOX16CZ'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, CMmgaW452AJS6iAoD7.csHigh entropy of concatenated method names: 'DERIb8qQMN', 'gwxIcjLS8k', 'ob8IWrym9a', 'DD6I6rhdp8', 'GUHISnRQ9o', 'hSVIMNxutc', 'InHIvmbAfD', 'qKaIUGjlLC', 'yJnIgYJPrU', 'Vi7InFjMGE'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, kpEW4maAmK8tqSDSeV.csHigh entropy of concatenated method names: 'ToString', 'BBVRet3L3k', 'Ip8RcAaX6F', 'YpRRW9G1eF', 'Ua4R615XdG', 'QE8RSk1ZL0', 'xUxRMEwyDg', 'S7GRvqR8tS', 'q94RU5Wcnl', 'zOwRgmTdf8'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, fl2GJPBylt21c7m46O.csHigh entropy of concatenated method names: 'Rd2KlrTH7T', 'eZQKdbYj0M', 'rfAHWs5NgY', 'dcCH6UO5wt', 'IOBHS6w9VN', 'wVUHMf1C5t', 'gieHvAEsVU', 'E7qHUmfT2v', 'OBgHgV7RwC', 'S4FHn4Rgih'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, LCE8JUqfOIAn7kXVBK.csHigh entropy of concatenated method names: 'FmDAxuvyG7', 'zooAirS66P', 'ade0PyZKnt', 'wkB0XP8fOL', 'yTjAenFevl', 'c3DAyyHfQB', 'HZlAZIA36p', 'WndANCYxns', 'jkHAspmPHW', 'FwlAagf3RJ'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, EFHCQLXovQ08PgsxXME.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hUG8I58HiA', 'Pl78kpWcl0', 'tuJ8FtKv2Y', 'Dan88ujaea', 'K9a8G7qGX5', 'UhB8LNICfE', 'UW98DJ7W4A'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, UjWSKwZhABlk5FwIsF.csHigh entropy of concatenated method names: 'WhB324YfvL', 'psI3wUeP3i', 'Nj43byrg1s', 'oDv3cd0Z4g', 'Amc36kFfIR', 'C4n3SbVHyC', 'n4h3vlX4Bg', 'Xwi3Us2QPp', 'LTS3n6EoFU', 'JJP3eN3hl3'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, OcC43cE5pP8AgkbS4X.csHigh entropy of concatenated method names: 'fjGIhuwF0j', 'pymIAJVJDU', 'iu8IIdPWrJ', 'RT9IFmCsYN', 'zAdIGg9tA2', 'bUcIDNufFM', 'Dispose', 'bMa0VXH1Iw', 'toD0QkIPlU', 'hfm0HacoCy'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, DKiYwKNrWpanpAZrKv.csHigh entropy of concatenated method names: 'YJjhn1h6CQ', 'AX9hy119pR', 'jtLhN4blHg', 'slMhsqH5g7', 'SCphcxPvnd', 'c7yhWMH8lO', 'Vgfh6qxUSo', 'cIdhSH3Xx5', 'garhMBRdaY', 'J2rhv0GPPE'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, cTlGrBo8QmPdHDx8X8.csHigh entropy of concatenated method names: 'EgkXjwiCtI', 'b3eXmGmi42', 'wpFX9C5uOY', 'wquX1CVl2G', 'cm4Xh6O26M', 'gU6XRh7hKU', 'IUffco8opYaLOUdDmO', 'SfOYOinK3UR2id83ZJ', 'hhhXXr3ZrP', 'uwwX7fuvDv'
            Source: 0.2.3FG4bsfkEwmxFYY.exe.6bf0000.4.raw.unpack, MZsjVkCGT0WUBCAwiX.csHigh entropy of concatenated method names: 'Y5JpP4OWO', 'ISyutocnx', 'Bn65itG1r', 'xrqd2CMdn', 'cSgwAeS1o', 'xuNBeOAOX', 'HvxdjARk8GyEWpTMbl', 'biEvkOCsiPAjYYUshn', 'Y9I01fDrG', 'ofSkfCheI'
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: 3FG4bsfkEwmxFYY.exe PID: 4348, type: MEMORYSTR
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMemory allocated: A00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMemory allocated: 2760000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMemory allocated: C30000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMemory allocated: 8670000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMemory allocated: 6DD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMemory allocated: 9670000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMemory allocated: A670000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0102096E rdtsc 2_2_0102096E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeAPI coverage: 0.7 %
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe TID: 4948Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe TID: 2180Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0102096E rdtsc 2_2_0102096E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00417EB3 LdrLoadDll,2_2_00417EB3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov eax, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov ecx, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov eax, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov eax, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov ecx, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov eax, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov eax, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov ecx, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov eax, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E10E mov ecx, dword ptr fs:[00000030h]2_2_0108E10E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDC0F0 mov eax, dword ptr fs:[00000030h]2_2_00FDC0F0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108A118 mov ecx, dword ptr fs:[00000030h]2_2_0108A118
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108A118 mov eax, dword ptr fs:[00000030h]2_2_0108A118
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108A118 mov eax, dword ptr fs:[00000030h]2_2_0108A118
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108A118 mov eax, dword ptr fs:[00000030h]2_2_0108A118
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE80E9 mov eax, dword ptr fs:[00000030h]2_2_00FE80E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDA0E3 mov ecx, dword ptr fs:[00000030h]2_2_00FDA0E3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A0115 mov eax, dword ptr fs:[00000030h]2_2_010A0115
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01010124 mov eax, dword ptr fs:[00000030h]2_2_01010124
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01074144 mov eax, dword ptr fs:[00000030h]2_2_01074144
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01074144 mov eax, dword ptr fs:[00000030h]2_2_01074144
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01074144 mov ecx, dword ptr fs:[00000030h]2_2_01074144
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01074144 mov eax, dword ptr fs:[00000030h]2_2_01074144
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01074144 mov eax, dword ptr fs:[00000030h]2_2_01074144
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01078158 mov eax, dword ptr fs:[00000030h]2_2_01078158
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE208A mov eax, dword ptr fs:[00000030h]2_2_00FE208A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109C188 mov eax, dword ptr fs:[00000030h]2_2_0109C188
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109C188 mov eax, dword ptr fs:[00000030h]2_2_0109C188
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01020185 mov eax, dword ptr fs:[00000030h]2_2_01020185
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01084180 mov eax, dword ptr fs:[00000030h]2_2_01084180
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01084180 mov eax, dword ptr fs:[00000030h]2_2_01084180
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106019F mov eax, dword ptr fs:[00000030h]2_2_0106019F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106019F mov eax, dword ptr fs:[00000030h]2_2_0106019F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106019F mov eax, dword ptr fs:[00000030h]2_2_0106019F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106019F mov eax, dword ptr fs:[00000030h]2_2_0106019F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE2050 mov eax, dword ptr fs:[00000030h]2_2_00FE2050
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A61C3 mov eax, dword ptr fs:[00000030h]2_2_010A61C3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A61C3 mov eax, dword ptr fs:[00000030h]2_2_010A61C3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E1D0 mov eax, dword ptr fs:[00000030h]2_2_0105E1D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E1D0 mov eax, dword ptr fs:[00000030h]2_2_0105E1D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0105E1D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E1D0 mov eax, dword ptr fs:[00000030h]2_2_0105E1D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E1D0 mov eax, dword ptr fs:[00000030h]2_2_0105E1D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDA020 mov eax, dword ptr fs:[00000030h]2_2_00FDA020
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDC020 mov eax, dword ptr fs:[00000030h]2_2_00FDC020
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFE016 mov eax, dword ptr fs:[00000030h]2_2_00FFE016
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFE016 mov eax, dword ptr fs:[00000030h]2_2_00FFE016
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFE016 mov eax, dword ptr fs:[00000030h]2_2_00FFE016
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFE016 mov eax, dword ptr fs:[00000030h]2_2_00FFE016
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B61E5 mov eax, dword ptr fs:[00000030h]2_2_010B61E5
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010101F8 mov eax, dword ptr fs:[00000030h]2_2_010101F8
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01064000 mov ecx, dword ptr fs:[00000030h]2_2_01064000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01082000 mov eax, dword ptr fs:[00000030h]2_2_01082000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01082000 mov eax, dword ptr fs:[00000030h]2_2_01082000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01082000 mov eax, dword ptr fs:[00000030h]2_2_01082000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01082000 mov eax, dword ptr fs:[00000030h]2_2_01082000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01082000 mov eax, dword ptr fs:[00000030h]2_2_01082000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01082000 mov eax, dword ptr fs:[00000030h]2_2_01082000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01082000 mov eax, dword ptr fs:[00000030h]2_2_01082000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01082000 mov eax, dword ptr fs:[00000030h]2_2_01082000
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01076030 mov eax, dword ptr fs:[00000030h]2_2_01076030
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01066050 mov eax, dword ptr fs:[00000030h]2_2_01066050
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDA197 mov eax, dword ptr fs:[00000030h]2_2_00FDA197
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDA197 mov eax, dword ptr fs:[00000030h]2_2_00FDA197
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDA197 mov eax, dword ptr fs:[00000030h]2_2_00FDA197
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100C073 mov eax, dword ptr fs:[00000030h]2_2_0100C073
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6154 mov eax, dword ptr fs:[00000030h]2_2_00FE6154
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6154 mov eax, dword ptr fs:[00000030h]2_2_00FE6154
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDC156 mov eax, dword ptr fs:[00000030h]2_2_00FDC156
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010780A8 mov eax, dword ptr fs:[00000030h]2_2_010780A8
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A60B8 mov eax, dword ptr fs:[00000030h]2_2_010A60B8
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A60B8 mov ecx, dword ptr fs:[00000030h]2_2_010A60B8
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010620DE mov eax, dword ptr fs:[00000030h]2_2_010620DE
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010660E0 mov eax, dword ptr fs:[00000030h]2_2_010660E0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010220F0 mov ecx, dword ptr fs:[00000030h]2_2_010220F0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A30B mov eax, dword ptr fs:[00000030h]2_2_0101A30B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A30B mov eax, dword ptr fs:[00000030h]2_2_0101A30B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A30B mov eax, dword ptr fs:[00000030h]2_2_0101A30B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01000310 mov ecx, dword ptr fs:[00000030h]2_2_01000310
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF02E1 mov eax, dword ptr fs:[00000030h]2_2_00FF02E1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF02E1 mov eax, dword ptr fs:[00000030h]2_2_00FF02E1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF02E1 mov eax, dword ptr fs:[00000030h]2_2_00FF02E1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FEA2C3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FEA2C3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FEA2C3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FEA2C3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FEA2C3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01062349 mov eax, dword ptr fs:[00000030h]2_2_01062349
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AA352 mov eax, dword ptr fs:[00000030h]2_2_010AA352
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01088350 mov ecx, dword ptr fs:[00000030h]2_2_01088350
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106035C mov eax, dword ptr fs:[00000030h]2_2_0106035C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106035C mov eax, dword ptr fs:[00000030h]2_2_0106035C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106035C mov eax, dword ptr fs:[00000030h]2_2_0106035C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106035C mov ecx, dword ptr fs:[00000030h]2_2_0106035C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106035C mov eax, dword ptr fs:[00000030h]2_2_0106035C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106035C mov eax, dword ptr fs:[00000030h]2_2_0106035C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF02A0 mov eax, dword ptr fs:[00000030h]2_2_00FF02A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF02A0 mov eax, dword ptr fs:[00000030h]2_2_00FF02A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108437C mov eax, dword ptr fs:[00000030h]2_2_0108437C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100438F mov eax, dword ptr fs:[00000030h]2_2_0100438F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100438F mov eax, dword ptr fs:[00000030h]2_2_0100438F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD826B mov eax, dword ptr fs:[00000030h]2_2_00FD826B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE4260 mov eax, dword ptr fs:[00000030h]2_2_00FE4260
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE4260 mov eax, dword ptr fs:[00000030h]2_2_00FE4260
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE4260 mov eax, dword ptr fs:[00000030h]2_2_00FE4260
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6259 mov eax, dword ptr fs:[00000030h]2_2_00FE6259
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDA250 mov eax, dword ptr fs:[00000030h]2_2_00FDA250
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109C3CD mov eax, dword ptr fs:[00000030h]2_2_0109C3CD
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD823B mov eax, dword ptr fs:[00000030h]2_2_00FD823B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010663C0 mov eax, dword ptr fs:[00000030h]2_2_010663C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E3DB mov eax, dword ptr fs:[00000030h]2_2_0108E3DB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E3DB mov eax, dword ptr fs:[00000030h]2_2_0108E3DB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E3DB mov ecx, dword ptr fs:[00000030h]2_2_0108E3DB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108E3DB mov eax, dword ptr fs:[00000030h]2_2_0108E3DB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010843D4 mov eax, dword ptr fs:[00000030h]2_2_010843D4
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010843D4 mov eax, dword ptr fs:[00000030h]2_2_010843D4
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010163FF mov eax, dword ptr fs:[00000030h]2_2_010163FF
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFE3F0 mov eax, dword ptr fs:[00000030h]2_2_00FFE3F0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFE3F0 mov eax, dword ptr fs:[00000030h]2_2_00FFE3F0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFE3F0 mov eax, dword ptr fs:[00000030h]2_2_00FFE3F0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF03E9 mov eax, dword ptr fs:[00000030h]2_2_00FF03E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF03E9 mov eax, dword ptr fs:[00000030h]2_2_00FF03E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF03E9 mov eax, dword ptr fs:[00000030h]2_2_00FF03E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF03E9 mov eax, dword ptr fs:[00000030h]2_2_00FF03E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF03E9 mov eax, dword ptr fs:[00000030h]2_2_00FF03E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF03E9 mov eax, dword ptr fs:[00000030h]2_2_00FF03E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF03E9 mov eax, dword ptr fs:[00000030h]2_2_00FF03E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF03E9 mov eax, dword ptr fs:[00000030h]2_2_00FF03E9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE83C0 mov eax, dword ptr fs:[00000030h]2_2_00FE83C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE83C0 mov eax, dword ptr fs:[00000030h]2_2_00FE83C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE83C0 mov eax, dword ptr fs:[00000030h]2_2_00FE83C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE83C0 mov eax, dword ptr fs:[00000030h]2_2_00FE83C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FEA3C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FEA3C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FEA3C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FEA3C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FEA3C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FEA3C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01068243 mov eax, dword ptr fs:[00000030h]2_2_01068243
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01068243 mov ecx, dword ptr fs:[00000030h]2_2_01068243
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109A250 mov eax, dword ptr fs:[00000030h]2_2_0109A250
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109A250 mov eax, dword ptr fs:[00000030h]2_2_0109A250
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD8397 mov eax, dword ptr fs:[00000030h]2_2_00FD8397
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD8397 mov eax, dword ptr fs:[00000030h]2_2_00FD8397
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD8397 mov eax, dword ptr fs:[00000030h]2_2_00FD8397
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDE388 mov eax, dword ptr fs:[00000030h]2_2_00FDE388
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDE388 mov eax, dword ptr fs:[00000030h]2_2_00FDE388
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDE388 mov eax, dword ptr fs:[00000030h]2_2_00FDE388
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01090274 mov eax, dword ptr fs:[00000030h]2_2_01090274
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01060283 mov eax, dword ptr fs:[00000030h]2_2_01060283
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01060283 mov eax, dword ptr fs:[00000030h]2_2_01060283
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01060283 mov eax, dword ptr fs:[00000030h]2_2_01060283
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E284 mov eax, dword ptr fs:[00000030h]2_2_0101E284
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E284 mov eax, dword ptr fs:[00000030h]2_2_0101E284
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010762A0 mov eax, dword ptr fs:[00000030h]2_2_010762A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010762A0 mov ecx, dword ptr fs:[00000030h]2_2_010762A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010762A0 mov eax, dword ptr fs:[00000030h]2_2_010762A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010762A0 mov eax, dword ptr fs:[00000030h]2_2_010762A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010762A0 mov eax, dword ptr fs:[00000030h]2_2_010762A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010762A0 mov eax, dword ptr fs:[00000030h]2_2_010762A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDC310 mov ecx, dword ptr fs:[00000030h]2_2_00FDC310
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01076500 mov eax, dword ptr fs:[00000030h]2_2_01076500
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B4500 mov eax, dword ptr fs:[00000030h]2_2_010B4500
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B4500 mov eax, dword ptr fs:[00000030h]2_2_010B4500
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B4500 mov eax, dword ptr fs:[00000030h]2_2_010B4500
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B4500 mov eax, dword ptr fs:[00000030h]2_2_010B4500
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B4500 mov eax, dword ptr fs:[00000030h]2_2_010B4500
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B4500 mov eax, dword ptr fs:[00000030h]2_2_010B4500
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B4500 mov eax, dword ptr fs:[00000030h]2_2_010B4500
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE04E5 mov ecx, dword ptr fs:[00000030h]2_2_00FE04E5
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E53E mov eax, dword ptr fs:[00000030h]2_2_0100E53E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E53E mov eax, dword ptr fs:[00000030h]2_2_0100E53E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E53E mov eax, dword ptr fs:[00000030h]2_2_0100E53E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E53E mov eax, dword ptr fs:[00000030h]2_2_0100E53E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E53E mov eax, dword ptr fs:[00000030h]2_2_0100E53E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE64AB mov eax, dword ptr fs:[00000030h]2_2_00FE64AB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101656A mov eax, dword ptr fs:[00000030h]2_2_0101656A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101656A mov eax, dword ptr fs:[00000030h]2_2_0101656A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101656A mov eax, dword ptr fs:[00000030h]2_2_0101656A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01014588 mov eax, dword ptr fs:[00000030h]2_2_01014588
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E59C mov eax, dword ptr fs:[00000030h]2_2_0101E59C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD645D mov eax, dword ptr fs:[00000030h]2_2_00FD645D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010605A7 mov eax, dword ptr fs:[00000030h]2_2_010605A7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010605A7 mov eax, dword ptr fs:[00000030h]2_2_010605A7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010605A7 mov eax, dword ptr fs:[00000030h]2_2_010605A7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010045B1 mov eax, dword ptr fs:[00000030h]2_2_010045B1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010045B1 mov eax, dword ptr fs:[00000030h]2_2_010045B1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E5CF mov eax, dword ptr fs:[00000030h]2_2_0101E5CF
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E5CF mov eax, dword ptr fs:[00000030h]2_2_0101E5CF
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A5D0 mov eax, dword ptr fs:[00000030h]2_2_0101A5D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A5D0 mov eax, dword ptr fs:[00000030h]2_2_0101A5D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDC427 mov eax, dword ptr fs:[00000030h]2_2_00FDC427
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDE420 mov eax, dword ptr fs:[00000030h]2_2_00FDE420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDE420 mov eax, dword ptr fs:[00000030h]2_2_00FDE420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDE420 mov eax, dword ptr fs:[00000030h]2_2_00FDE420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E5E7 mov eax, dword ptr fs:[00000030h]2_2_0100E5E7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E5E7 mov eax, dword ptr fs:[00000030h]2_2_0100E5E7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E5E7 mov eax, dword ptr fs:[00000030h]2_2_0100E5E7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E5E7 mov eax, dword ptr fs:[00000030h]2_2_0100E5E7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E5E7 mov eax, dword ptr fs:[00000030h]2_2_0100E5E7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E5E7 mov eax, dword ptr fs:[00000030h]2_2_0100E5E7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E5E7 mov eax, dword ptr fs:[00000030h]2_2_0100E5E7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E5E7 mov eax, dword ptr fs:[00000030h]2_2_0100E5E7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101C5ED mov eax, dword ptr fs:[00000030h]2_2_0101C5ED
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101C5ED mov eax, dword ptr fs:[00000030h]2_2_0101C5ED
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01018402 mov eax, dword ptr fs:[00000030h]2_2_01018402
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01018402 mov eax, dword ptr fs:[00000030h]2_2_01018402
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01018402 mov eax, dword ptr fs:[00000030h]2_2_01018402
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE25E0 mov eax, dword ptr fs:[00000030h]2_2_00FE25E0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01066420 mov eax, dword ptr fs:[00000030h]2_2_01066420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01066420 mov eax, dword ptr fs:[00000030h]2_2_01066420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01066420 mov eax, dword ptr fs:[00000030h]2_2_01066420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01066420 mov eax, dword ptr fs:[00000030h]2_2_01066420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01066420 mov eax, dword ptr fs:[00000030h]2_2_01066420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01066420 mov eax, dword ptr fs:[00000030h]2_2_01066420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01066420 mov eax, dword ptr fs:[00000030h]2_2_01066420
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE65D0 mov eax, dword ptr fs:[00000030h]2_2_00FE65D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A430 mov eax, dword ptr fs:[00000030h]2_2_0101A430
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E443 mov eax, dword ptr fs:[00000030h]2_2_0101E443
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E443 mov eax, dword ptr fs:[00000030h]2_2_0101E443
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E443 mov eax, dword ptr fs:[00000030h]2_2_0101E443
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E443 mov eax, dword ptr fs:[00000030h]2_2_0101E443
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E443 mov eax, dword ptr fs:[00000030h]2_2_0101E443
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E443 mov eax, dword ptr fs:[00000030h]2_2_0101E443
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E443 mov eax, dword ptr fs:[00000030h]2_2_0101E443
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101E443 mov eax, dword ptr fs:[00000030h]2_2_0101E443
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100245A mov eax, dword ptr fs:[00000030h]2_2_0100245A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109A456 mov eax, dword ptr fs:[00000030h]2_2_0109A456
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106C460 mov ecx, dword ptr fs:[00000030h]2_2_0106C460
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100A470 mov eax, dword ptr fs:[00000030h]2_2_0100A470
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100A470 mov eax, dword ptr fs:[00000030h]2_2_0100A470
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100A470 mov eax, dword ptr fs:[00000030h]2_2_0100A470
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE2582 mov eax, dword ptr fs:[00000030h]2_2_00FE2582
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE2582 mov ecx, dword ptr fs:[00000030h]2_2_00FE2582
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0109A49A mov eax, dword ptr fs:[00000030h]2_2_0109A49A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE8550 mov eax, dword ptr fs:[00000030h]2_2_00FE8550
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE8550 mov eax, dword ptr fs:[00000030h]2_2_00FE8550
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010144B0 mov ecx, dword ptr fs:[00000030h]2_2_010144B0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106A4B0 mov eax, dword ptr fs:[00000030h]2_2_0106A4B0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0535 mov eax, dword ptr fs:[00000030h]2_2_00FF0535
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0535 mov eax, dword ptr fs:[00000030h]2_2_00FF0535
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0535 mov eax, dword ptr fs:[00000030h]2_2_00FF0535
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0535 mov eax, dword ptr fs:[00000030h]2_2_00FF0535
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0535 mov eax, dword ptr fs:[00000030h]2_2_00FF0535
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0535 mov eax, dword ptr fs:[00000030h]2_2_00FF0535
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101C700 mov eax, dword ptr fs:[00000030h]2_2_0101C700
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01010710 mov eax, dword ptr fs:[00000030h]2_2_01010710
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101C720 mov eax, dword ptr fs:[00000030h]2_2_0101C720
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101C720 mov eax, dword ptr fs:[00000030h]2_2_0101C720
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105C730 mov eax, dword ptr fs:[00000030h]2_2_0105C730
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101273C mov eax, dword ptr fs:[00000030h]2_2_0101273C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101273C mov ecx, dword ptr fs:[00000030h]2_2_0101273C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101273C mov eax, dword ptr fs:[00000030h]2_2_0101273C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101674D mov esi, dword ptr fs:[00000030h]2_2_0101674D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101674D mov eax, dword ptr fs:[00000030h]2_2_0101674D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101674D mov eax, dword ptr fs:[00000030h]2_2_0101674D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022750 mov eax, dword ptr fs:[00000030h]2_2_01022750
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022750 mov eax, dword ptr fs:[00000030h]2_2_01022750
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01064755 mov eax, dword ptr fs:[00000030h]2_2_01064755
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106E75D mov eax, dword ptr fs:[00000030h]2_2_0106E75D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE4690 mov eax, dword ptr fs:[00000030h]2_2_00FE4690
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE4690 mov eax, dword ptr fs:[00000030h]2_2_00FE4690
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108678E mov eax, dword ptr fs:[00000030h]2_2_0108678E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010947A0 mov eax, dword ptr fs:[00000030h]2_2_010947A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFC640 mov eax, dword ptr fs:[00000030h]2_2_00FFC640
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010607C3 mov eax, dword ptr fs:[00000030h]2_2_010607C3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE262C mov eax, dword ptr fs:[00000030h]2_2_00FE262C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FFE627 mov eax, dword ptr fs:[00000030h]2_2_00FFE627
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106E7E1 mov eax, dword ptr fs:[00000030h]2_2_0106E7E1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010027ED mov eax, dword ptr fs:[00000030h]2_2_010027ED
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010027ED mov eax, dword ptr fs:[00000030h]2_2_010027ED
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010027ED mov eax, dword ptr fs:[00000030h]2_2_010027ED
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF260B mov eax, dword ptr fs:[00000030h]2_2_00FF260B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF260B mov eax, dword ptr fs:[00000030h]2_2_00FF260B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF260B mov eax, dword ptr fs:[00000030h]2_2_00FF260B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF260B mov eax, dword ptr fs:[00000030h]2_2_00FF260B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF260B mov eax, dword ptr fs:[00000030h]2_2_00FF260B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF260B mov eax, dword ptr fs:[00000030h]2_2_00FF260B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF260B mov eax, dword ptr fs:[00000030h]2_2_00FF260B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE47FB mov eax, dword ptr fs:[00000030h]2_2_00FE47FB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE47FB mov eax, dword ptr fs:[00000030h]2_2_00FE47FB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E609 mov eax, dword ptr fs:[00000030h]2_2_0105E609
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01022619 mov eax, dword ptr fs:[00000030h]2_2_01022619
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01016620 mov eax, dword ptr fs:[00000030h]2_2_01016620
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01018620 mov eax, dword ptr fs:[00000030h]2_2_01018620
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEC7C0 mov eax, dword ptr fs:[00000030h]2_2_00FEC7C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE07AF mov eax, dword ptr fs:[00000030h]2_2_00FE07AF
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A660 mov eax, dword ptr fs:[00000030h]2_2_0101A660
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A660 mov eax, dword ptr fs:[00000030h]2_2_0101A660
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A866E mov eax, dword ptr fs:[00000030h]2_2_010A866E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A866E mov eax, dword ptr fs:[00000030h]2_2_010A866E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01012674 mov eax, dword ptr fs:[00000030h]2_2_01012674
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE8770 mov eax, dword ptr fs:[00000030h]2_2_00FE8770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0770 mov eax, dword ptr fs:[00000030h]2_2_00FF0770
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101C6A6 mov eax, dword ptr fs:[00000030h]2_2_0101C6A6
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE0750 mov eax, dword ptr fs:[00000030h]2_2_00FE0750
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010166B0 mov eax, dword ptr fs:[00000030h]2_2_010166B0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0101A6C7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A6C7 mov eax, dword ptr fs:[00000030h]2_2_0101A6C7
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE0710 mov eax, dword ptr fs:[00000030h]2_2_00FE0710
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E6F2 mov eax, dword ptr fs:[00000030h]2_2_0105E6F2
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E6F2 mov eax, dword ptr fs:[00000030h]2_2_0105E6F2
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E6F2 mov eax, dword ptr fs:[00000030h]2_2_0105E6F2
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E6F2 mov eax, dword ptr fs:[00000030h]2_2_0105E6F2
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010606F1 mov eax, dword ptr fs:[00000030h]2_2_010606F1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010606F1 mov eax, dword ptr fs:[00000030h]2_2_010606F1
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E908 mov eax, dword ptr fs:[00000030h]2_2_0105E908
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105E908 mov eax, dword ptr fs:[00000030h]2_2_0105E908
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106C912 mov eax, dword ptr fs:[00000030h]2_2_0106C912
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106892A mov eax, dword ptr fs:[00000030h]2_2_0106892A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0107892B mov eax, dword ptr fs:[00000030h]2_2_0107892B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01060946 mov eax, dword ptr fs:[00000030h]2_2_01060946
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01006962 mov eax, dword ptr fs:[00000030h]2_2_01006962
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01006962 mov eax, dword ptr fs:[00000030h]2_2_01006962
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01006962 mov eax, dword ptr fs:[00000030h]2_2_01006962
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0102096E mov eax, dword ptr fs:[00000030h]2_2_0102096E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0102096E mov edx, dword ptr fs:[00000030h]2_2_0102096E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0102096E mov eax, dword ptr fs:[00000030h]2_2_0102096E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01084978 mov eax, dword ptr fs:[00000030h]2_2_01084978
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01084978 mov eax, dword ptr fs:[00000030h]2_2_01084978
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE0887 mov eax, dword ptr fs:[00000030h]2_2_00FE0887
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106C97C mov eax, dword ptr fs:[00000030h]2_2_0106C97C
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE4859 mov eax, dword ptr fs:[00000030h]2_2_00FE4859
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE4859 mov eax, dword ptr fs:[00000030h]2_2_00FE4859
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010689B3 mov esi, dword ptr fs:[00000030h]2_2_010689B3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010689B3 mov eax, dword ptr fs:[00000030h]2_2_010689B3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010689B3 mov eax, dword ptr fs:[00000030h]2_2_010689B3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF2840 mov ecx, dword ptr fs:[00000030h]2_2_00FF2840
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010769C0 mov eax, dword ptr fs:[00000030h]2_2_010769C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010149D0 mov eax, dword ptr fs:[00000030h]2_2_010149D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AA9D3 mov eax, dword ptr fs:[00000030h]2_2_010AA9D3
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106E9E0 mov eax, dword ptr fs:[00000030h]2_2_0106E9E0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010129F9 mov eax, dword ptr fs:[00000030h]2_2_010129F9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010129F9 mov eax, dword ptr fs:[00000030h]2_2_010129F9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106C810 mov eax, dword ptr fs:[00000030h]2_2_0106C810
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FEA9D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FEA9D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FEA9D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FEA9D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FEA9D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FEA9D0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101A830 mov eax, dword ptr fs:[00000030h]2_2_0101A830
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108483A mov eax, dword ptr fs:[00000030h]2_2_0108483A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108483A mov eax, dword ptr fs:[00000030h]2_2_0108483A
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01002835 mov eax, dword ptr fs:[00000030h]2_2_01002835
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01002835 mov eax, dword ptr fs:[00000030h]2_2_01002835
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01002835 mov eax, dword ptr fs:[00000030h]2_2_01002835
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01002835 mov ecx, dword ptr fs:[00000030h]2_2_01002835
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01002835 mov eax, dword ptr fs:[00000030h]2_2_01002835
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01002835 mov eax, dword ptr fs:[00000030h]2_2_01002835
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE09AD mov eax, dword ptr fs:[00000030h]2_2_00FE09AD
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE09AD mov eax, dword ptr fs:[00000030h]2_2_00FE09AD
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01010854 mov eax, dword ptr fs:[00000030h]2_2_01010854
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF29A0 mov eax, dword ptr fs:[00000030h]2_2_00FF29A0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106E872 mov eax, dword ptr fs:[00000030h]2_2_0106E872
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106E872 mov eax, dword ptr fs:[00000030h]2_2_0106E872
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01076870 mov eax, dword ptr fs:[00000030h]2_2_01076870
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01076870 mov eax, dword ptr fs:[00000030h]2_2_01076870
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106C89D mov eax, dword ptr fs:[00000030h]2_2_0106C89D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100E8C0 mov eax, dword ptr fs:[00000030h]2_2_0100E8C0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD8918 mov eax, dword ptr fs:[00000030h]2_2_00FD8918
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD8918 mov eax, dword ptr fs:[00000030h]2_2_00FD8918
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AA8E4 mov eax, dword ptr fs:[00000030h]2_2_010AA8E4
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101C8F9 mov eax, dword ptr fs:[00000030h]2_2_0101C8F9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101C8F9 mov eax, dword ptr fs:[00000030h]2_2_0101C8F9
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105EB1D mov eax, dword ptr fs:[00000030h]2_2_0105EB1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105EB1D mov eax, dword ptr fs:[00000030h]2_2_0105EB1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105EB1D mov eax, dword ptr fs:[00000030h]2_2_0105EB1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105EB1D mov eax, dword ptr fs:[00000030h]2_2_0105EB1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105EB1D mov eax, dword ptr fs:[00000030h]2_2_0105EB1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105EB1D mov eax, dword ptr fs:[00000030h]2_2_0105EB1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105EB1D mov eax, dword ptr fs:[00000030h]2_2_0105EB1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105EB1D mov eax, dword ptr fs:[00000030h]2_2_0105EB1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105EB1D mov eax, dword ptr fs:[00000030h]2_2_0105EB1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100EB20 mov eax, dword ptr fs:[00000030h]2_2_0100EB20
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100EB20 mov eax, dword ptr fs:[00000030h]2_2_0100EB20
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A8B28 mov eax, dword ptr fs:[00000030h]2_2_010A8B28
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010A8B28 mov eax, dword ptr fs:[00000030h]2_2_010A8B28
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE0AD0 mov eax, dword ptr fs:[00000030h]2_2_00FE0AD0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01094B4B mov eax, dword ptr fs:[00000030h]2_2_01094B4B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01094B4B mov eax, dword ptr fs:[00000030h]2_2_01094B4B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01076B40 mov eax, dword ptr fs:[00000030h]2_2_01076B40
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01076B40 mov eax, dword ptr fs:[00000030h]2_2_01076B40
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010AAB40 mov eax, dword ptr fs:[00000030h]2_2_010AAB40
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01088B42 mov eax, dword ptr fs:[00000030h]2_2_01088B42
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108EB50 mov eax, dword ptr fs:[00000030h]2_2_0108EB50
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE8AA0 mov eax, dword ptr fs:[00000030h]2_2_00FE8AA0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE8AA0 mov eax, dword ptr fs:[00000030h]2_2_00FE8AA0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA80 mov eax, dword ptr fs:[00000030h]2_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA80 mov eax, dword ptr fs:[00000030h]2_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA80 mov eax, dword ptr fs:[00000030h]2_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA80 mov eax, dword ptr fs:[00000030h]2_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA80 mov eax, dword ptr fs:[00000030h]2_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA80 mov eax, dword ptr fs:[00000030h]2_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA80 mov eax, dword ptr fs:[00000030h]2_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA80 mov eax, dword ptr fs:[00000030h]2_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FEEA80 mov eax, dword ptr fs:[00000030h]2_2_00FEEA80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0A5B mov eax, dword ptr fs:[00000030h]2_2_00FF0A5B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0A5B mov eax, dword ptr fs:[00000030h]2_2_00FF0A5B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6A50 mov eax, dword ptr fs:[00000030h]2_2_00FE6A50
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6A50 mov eax, dword ptr fs:[00000030h]2_2_00FE6A50
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6A50 mov eax, dword ptr fs:[00000030h]2_2_00FE6A50
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6A50 mov eax, dword ptr fs:[00000030h]2_2_00FE6A50
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6A50 mov eax, dword ptr fs:[00000030h]2_2_00FE6A50
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6A50 mov eax, dword ptr fs:[00000030h]2_2_00FE6A50
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE6A50 mov eax, dword ptr fs:[00000030h]2_2_00FE6A50
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01094BB0 mov eax, dword ptr fs:[00000030h]2_2_01094BB0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01094BB0 mov eax, dword ptr fs:[00000030h]2_2_01094BB0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01000BCB mov eax, dword ptr fs:[00000030h]2_2_01000BCB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01000BCB mov eax, dword ptr fs:[00000030h]2_2_01000BCB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01000BCB mov eax, dword ptr fs:[00000030h]2_2_01000BCB
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108EBD0 mov eax, dword ptr fs:[00000030h]2_2_0108EBD0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106CBF0 mov eax, dword ptr fs:[00000030h]2_2_0106CBF0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100EBFC mov eax, dword ptr fs:[00000030h]2_2_0100EBFC
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE8BF0 mov eax, dword ptr fs:[00000030h]2_2_00FE8BF0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE8BF0 mov eax, dword ptr fs:[00000030h]2_2_00FE8BF0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE8BF0 mov eax, dword ptr fs:[00000030h]2_2_00FE8BF0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0106CA11 mov eax, dword ptr fs:[00000030h]2_2_0106CA11
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101CA24 mov eax, dword ptr fs:[00000030h]2_2_0101CA24
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0100EA2E mov eax, dword ptr fs:[00000030h]2_2_0100EA2E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE0BCD mov eax, dword ptr fs:[00000030h]2_2_00FE0BCD
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE0BCD mov eax, dword ptr fs:[00000030h]2_2_00FE0BCD
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FE0BCD mov eax, dword ptr fs:[00000030h]2_2_00FE0BCD
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01004A35 mov eax, dword ptr fs:[00000030h]2_2_01004A35
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01004A35 mov eax, dword ptr fs:[00000030h]2_2_01004A35
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101CA38 mov eax, dword ptr fs:[00000030h]2_2_0101CA38
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0BBE mov eax, dword ptr fs:[00000030h]2_2_00FF0BBE
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FF0BBE mov eax, dword ptr fs:[00000030h]2_2_00FF0BBE
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0108EA60 mov eax, dword ptr fs:[00000030h]2_2_0108EA60
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101CA6F mov eax, dword ptr fs:[00000030h]2_2_0101CA6F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101CA6F mov eax, dword ptr fs:[00000030h]2_2_0101CA6F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101CA6F mov eax, dword ptr fs:[00000030h]2_2_0101CA6F
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105CA72 mov eax, dword ptr fs:[00000030h]2_2_0105CA72
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0105CA72 mov eax, dword ptr fs:[00000030h]2_2_0105CA72
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDCB7E mov eax, dword ptr fs:[00000030h]2_2_00FDCB7E
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_010B4A80 mov eax, dword ptr fs:[00000030h]2_2_010B4A80
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01018A90 mov edx, dword ptr fs:[00000030h]2_2_01018A90
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01036AA4 mov eax, dword ptr fs:[00000030h]2_2_01036AA4
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01036ACC mov eax, dword ptr fs:[00000030h]2_2_01036ACC
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01036ACC mov eax, dword ptr fs:[00000030h]2_2_01036ACC
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01036ACC mov eax, dword ptr fs:[00000030h]2_2_01036ACC
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01014AD0 mov eax, dword ptr fs:[00000030h]2_2_01014AD0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01014AD0 mov eax, dword ptr fs:[00000030h]2_2_01014AD0
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101AAEE mov eax, dword ptr fs:[00000030h]2_2_0101AAEE
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_0101AAEE mov eax, dword ptr fs:[00000030h]2_2_0101AAEE
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01098D10 mov eax, dword ptr fs:[00000030h]2_2_01098D10
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01098D10 mov eax, dword ptr fs:[00000030h]2_2_01098D10
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01014D1D mov eax, dword ptr fs:[00000030h]2_2_01014D1D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01068D20 mov eax, dword ptr fs:[00000030h]2_2_01068D20
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FDCCC8 mov eax, dword ptr fs:[00000030h]2_2_00FDCCC8
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_01078D6B mov eax, dword ptr fs:[00000030h]2_2_01078D6B
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeCode function: 2_2_00FD8C8D mov eax, dword ptr fs:[00000030h]2_2_00FD8C8D
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeMemory written: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeProcess created: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe "C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe"Jump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.3FG4bsfkEwmxFYY.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.3FG4bsfkEwmxFYY.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2217986683.0000000000A90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.3FG4bsfkEwmxFYY.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.3FG4bsfkEwmxFYY.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2217986683.0000000000A90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Windows Management Instrumentation            		1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping3
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)51
            Virtualization/Sandbox Evasion            		Security Account Manager51
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS32
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            3FG4bsfkEwmxFYY.exe39%ReversingLabsWin32.Trojan.Generic
            3FG4bsfkEwmxFYY.exe35%VirustotalBrowse
            3FG4bsfkEwmxFYY.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            bg.microsoft.map.fastly.net
            		199.232.214.172
            		truefalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.apache.org/licenses/LICENSE-2.03FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.fontbureau.com3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.fontbureau.com/designersG3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.fontbureau.com/designers/?3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.founder.com.cn/cn/bThe3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.com/designers?3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.tiro.com3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.goodfont.co.kr3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.carterandcone.coml3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.sajatypeworks.com3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.typography.netD3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designers/cabarga.htmlN3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.founder.com.cn/cn/cThe3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.galapagosdesign.com/staff/dennis.htm3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designers/frere-user.html3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.jiyu-kobo.co.jp/3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.galapagosdesign.com/DPlease3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers83FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.fonts.com3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.sandoll.co.kr3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.urwpp.deDPlease3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.zhongyicts.com.cn3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.sakkal.com3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747628114.0000000004F14000.00000004.00000020.00020000.00000000.sdmp, 3FG4bsfkEwmxFYY.exe, 00000000.00000002.1747738609.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                No contacted IP infos

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1580314
                                                                Start date and time:2024-12-24 09:12:06 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 6m 25s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:7
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:3FG4bsfkEwmxFYY.exe
                                                                Detection:MAL
                                                                Classification:mal80.troj.evad.winEXE@3/1@0/0
                                                                EGA Information:
                                                                • Successful, ratio: 100%
                                                                HCA Information:
                                                                • Successful, ratio: 93%
                                                                • Number of executed functions: 93
                                                                • Number of non-executed functions: 275
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                • Excluded IPs from analysis (whitelisted): 4.245.163.56, 52.165.164.15, 40.69.42.241, 23.218.208.109, 13.107.246.63
                                                                • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                • Not all processes where analyzed, report is missing behavior information

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                03:13:04API Interceptor4x Sleep call for process: 3FG4bsfkEwmxFYY.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                No context

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                bg.microsoft.map.fastly.net#U5b89#U88c5#U52a9#U624b1.0.3.exeGet hashmaliciousUnknownBrowse
                                                                • 199.232.214.172
                                                                eCompleted_419z.pdfGet hashmaliciousUnknownBrowse
                                                                • 199.232.210.172
                                                                Onboard Training Checklist v1.1 - Wyatt Young (1).xlsxGet hashmaliciousUnknownBrowse
                                                                • 199.232.214.172
                                                                94e.exeGet hashmaliciousRemcosBrowse
                                                                • 199.232.214.172
                                                                https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                • 199.232.210.172
                                                                7q551ugrWe.exeGet hashmaliciousUltraVNCBrowse
                                                                • 199.232.210.172
                                                                T8xrZb7nBL.exeGet hashmaliciousUltraVNCBrowse
                                                                • 199.232.210.172
                                                                Olz7TmvkEW.exeGet hashmaliciousUltraVNCBrowse
                                                                • 199.232.214.172
                                                                mSRW5AfJpC.exeGet hashmaliciousUltraVNCBrowse
                                                                • 199.232.214.172
                                                                q8b3OisMC4.dllGet hashmaliciousUnknownBrowse
                                                                • 199.232.210.172

                                                                ASNs

                                                                No context

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3FG4bsfkEwmxFYY.exe.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1216
                                                                Entropy (8bit):5.34331486778365
                                                                Encrypted:false
                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                Malicious:true
                                                                Reputation:high, very likely benign file
                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Entropy (8bit):7.779216280786981
                                                                TrID:
                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                File name:3FG4bsfkEwmxFYY.exe
                                                                File size:794'112 bytes
                                                                MD5:a8dadba4e00d4a960fdff63594e6bc11
                                                                SHA1:208d148340f8184cf8b2ad0c02196b9718605ff7
                                                                SHA256:f93805b2899cc7a68369be48f770e2f293410dfea9f0186d4270fedff272a8ce
                                                                SHA512:b6524b176ff7410ad0981732e1a878de695ee2abbb166b241819b8a9c86a14b6cd6c8473e1cae8a7ce2facbf0f67d407eb12c79a3ebbdb1915c7ed0e30a079ad
                                                                SSDEEP:12288:kq0KBfF55OHTDP+dvb2u0Q3Lj08YFhIuHgWYvPJsXzqLIOPmdD:kCFXOPK2uKnHgzPJsWkO
                                                                TLSH:C3F402582905E407C9562AB40A71F3B822744EDEE901E7879FDDBCEFB89AF664C51083
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?.jg.....................4........... ... ....@.. ....................................@................................

                                                                File Icon

                                                                Icon Hash:17b3cecece96d26d

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x4c0706
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x676A063F [Tue Dec 24 00:54:23 2024 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                Entrypoint Preview

                                                                Instruction
                                                                jmp dword ptr [00402000h]
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc06ac0x57.text
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc20000x30d0.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc60000xc.reloc
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x20000xbe70c0xbe8005d5b1a904427cdfd002bd2825157d52eFalse0.9170062848589239data7.785065831548723IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rsrc0xc20000x30d00x3200b3506a2f5aa39b4f07360703f8f749d5False0.901640625data7.50153750357473IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .reloc0xc60000xc0x200e8d02a664b49d719f1f81ff89d5fa62fFalse0.041015625data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_ICON0xc20e80x2ccfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.965129456891291
                                                                RT_GROUP_ICON0xc4db80x14data1.05
                                                                RT_VERSION0xc4dcc0x304data0.4365284974093264

                                                                Imports

                                                                DLLImport
                                                                mscoree.dll_CorExeMain

                                                                Network Behavior

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Dec 24, 2024 09:13:21.324023962 CET1.1.1.1192.168.2.40x6540No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                Dec 24, 2024 09:13:21.324023962 CET1.1.1.1192.168.2.40x6540No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:03:13:02
                                                                Start date:24/12/2024
                                                                Path:C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe"
                                                                Imagebase:0x1e0000
                                                                File size:794'112 bytes
                                                                MD5 hash:A8DADBA4E00D4A960FDFF63594E6BC11
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:2
                                                                Start time:03:13:04
                                                                Start date:24/12/2024
                                                                Path:C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\3FG4bsfkEwmxFYY.exe"
                                                                Imagebase:0x460000
                                                                File size:794'112 bytes
                                                                MD5 hash:A8DADBA4E00D4A960FDFF63594E6BC11
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2217986683.0000000000A90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:low
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:10.1%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:1.1%
                                                                  Total number of Nodes:283
                                                                  Total number of Limit Nodes:20
                                                                  execution_graph 45543 a2dda0 DuplicateHandle 45544 a2de36 45543->45544 45721 a2bac0 45722 a2bb02 45721->45722 45723 a2bb08 GetModuleHandleW 45721->45723 45722->45723 45724 a2bb35 45723->45724 45545 6bb2cb8 45546 6bb2cde 45545->45546 45547 6bb2d38 45546->45547 45549 6ff34ad 45546->45549 45552 6ff34b9 45549->45552 45550 6ff34ef 45550->45547 45552->45550 45553 6ff0cfc 45552->45553 45554 6ff3790 PostMessageW 45553->45554 45555 6ff37fc 45554->45555 45555->45552 45556 8663cf0 45560 8663d18 45556->45560 45563 8663d09 45556->45563 45557 8663d04 45561 8663d56 45560->45561 45566 8663df1 45560->45566 45561->45557 45565 8663df1 3 API calls 45563->45565 45564 8663d56 45564->45557 45565->45564 45567 8663e1c 45566->45567 45571 262b608 45567->45571 45574 262b618 45567->45574 45568 8663e32 45568->45561 45577 262633c 45571->45577 45573 262b62f 45573->45568 45575 262b62f 45574->45575 45576 262633c 3 API calls 45574->45576 45575->45568 45576->45575 45578 2626347 45577->45578 45579 2627118 45578->45579 45585 8662668 45578->45585 45590 866265a 45578->45590 45595 2627138 45578->45595 45601 2627128 45578->45601 45579->45573 45580 26270e2 45580->45573 45586 8662677 45585->45586 45588 2627128 3 API calls 45586->45588 45589 2627138 3 API calls 45586->45589 45587 866268f 45587->45580 45588->45587 45589->45587 45591 8662677 45590->45591 45593 2627128 3 API calls 45591->45593 45594 2627138 3 API calls 45591->45594 45592 866268f 45592->45580 45593->45592 45594->45592 45596 2627167 45595->45596 45597 26271cd 45596->45597 45607 86626a8 45596->45607 45612 866269a 45596->45612 45617 8662620 45596->45617 45602 2627138 45601->45602 45603 26271cd 45602->45603 45604 8662620 3 API calls 45602->45604 45605 866269a 3 API calls 45602->45605 45606 86626a8 3 API calls 45602->45606 45604->45603 45605->45603 45606->45603 45608 86626b8 45607->45608 45609 86626d0 45608->45609 45622 26236e8 45608->45622 45632 26236d8 45608->45632 45609->45597 45613 86626a2 45612->45613 45614 26236e8 3 API calls 45613->45614 45615 26236d8 3 API calls 45613->45615 45616 86626d0 45613->45616 45614->45616 45615->45616 45616->45597 45618 866262f 45617->45618 45619 86625bc 45618->45619 45620 26236e8 3 API calls 45618->45620 45621 26236d8 3 API calls 45618->45621 45619->45597 45620->45619 45621->45619 45623 2623710 45622->45623 45624 26237c1 45622->45624 45642 2623d48 45623->45642 45647 2623d38 45623->45647 45628 2622a20 2 API calls 45624->45628 45629 2623892 45624->45629 45625 2623755 45652 2622a20 GetSystemMetrics 45625->45652 45628->45629 45629->45609 45633 2623710 45632->45633 45637 26237c1 45632->45637 45640 2623d48 DrawTextExW 45633->45640 45641 2623d38 DrawTextExW 45633->45641 45634 2623755 45635 2622a20 2 API calls 45634->45635 45636 2623760 45635->45636 45636->45609 45638 2622a20 2 API calls 45637->45638 45639 2623892 45637->45639 45638->45639 45639->45609 45640->45634 45641->45634 45644 2623d69 45642->45644 45643 2623d7e 45643->45625 45644->45643 45656 262226c 45644->45656 45646 2623de9 45646->45646 45649 2623d3b 45647->45649 45648 2623d7e 45648->45625 45649->45648 45650 262226c DrawTextExW 45649->45650 45651 2623de9 45650->45651 45651->45651 45653 2622a81 45652->45653 45654 2622a88 GetSystemMetrics 45652->45654 45653->45654 45655 2622abb 45654->45655 45655->45609 45658 2622277 45656->45658 45657 26259a9 45657->45646 45658->45657 45662 2626920 45658->45662 45665 2626925 45658->45665 45659 2625abc 45659->45646 45663 26262f4 DrawTextExW 45662->45663 45664 262693d 45663->45664 45664->45659 45666 262692a 45665->45666 45667 262693d 45666->45667 45668 26262f4 DrawTextExW 45666->45668 45667->45659 45668->45667 45692 86680b0 45693 86680ea 45692->45693 45694 8668166 45693->45694 45695 866817b 45693->45695 45700 866773c 45694->45700 45697 866773c 3 API calls 45695->45697 45699 866818a 45697->45699 45702 8667747 45700->45702 45701 8668171 45702->45701 45705 8668ac0 45702->45705 45712 8668ad0 45702->45712 45706 8668ad0 45705->45706 45718 8667784 45706->45718 45709 8668af7 45709->45701 45710 8668b20 CreateIconFromResourceEx 45711 8668b9e 45710->45711 45711->45701 45713 8667784 CreateIconFromResourceEx 45712->45713 45714 8668aea 45713->45714 45715 8668af7 45714->45715 45716 8668b20 CreateIconFromResourceEx 45714->45716 45715->45701 45717 8668b9e 45716->45717 45717->45701 45719 8668b20 CreateIconFromResourceEx 45718->45719 45720 8668aea 45719->45720 45720->45709 45720->45710 45725 6ff1998 45726 6ff19a8 45725->45726 45731 6ff2361 45726->45731 45749 6ff2310 45726->45749 45766 6ff2301 45726->45766 45727 6ff1da2 45732 6ff2310 45731->45732 45734 6ff2366 45731->45734 45733 6ff234e 45732->45733 45783 6ff2e1d 45732->45783 45787 6ff2ba4 45732->45787 45791 6ff2de4 45732->45791 45796 6ff2e05 45732->45796 45801 6ff28a7 45732->45801 45806 6ff2b49 45732->45806 45811 6ff2ceb 45732->45811 45816 6ff2f0b 45732->45816 45821 6ff2e8b 45732->45821 45825 6ff29cd 45732->45825 45830 6ff274f 45732->45830 45834 6ff28f1 45732->45834 45839 6ff2f57 45732->45839 45844 6ff2d59 45732->45844 45733->45727 45734->45727 45750 6ff231e 45749->45750 45751 6ff2e1d 2 API calls 45750->45751 45752 6ff2d59 2 API calls 45750->45752 45753 6ff2f57 2 API calls 45750->45753 45754 6ff28f1 2 API calls 45750->45754 45755 6ff274f 2 API calls 45750->45755 45756 6ff29cd 2 API calls 45750->45756 45757 6ff2e8b 2 API calls 45750->45757 45758 6ff2f0b 2 API calls 45750->45758 45759 6ff2ceb 2 API calls 45750->45759 45760 6ff2b49 2 API calls 45750->45760 45761 6ff28a7 2 API calls 45750->45761 45762 6ff234e 45750->45762 45763 6ff2e05 2 API calls 45750->45763 45764 6ff2de4 2 API calls 45750->45764 45765 6ff2ba4 2 API calls 45750->45765 45751->45762 45752->45762 45753->45762 45754->45762 45755->45762 45756->45762 45757->45762 45758->45762 45759->45762 45760->45762 45761->45762 45762->45727 45763->45762 45764->45762 45765->45762 45767 6ff230a 45766->45767 45768 6ff234e 45767->45768 45769 6ff2e1d 2 API calls 45767->45769 45770 6ff2d59 2 API calls 45767->45770 45771 6ff2f57 2 API calls 45767->45771 45772 6ff28f1 2 API calls 45767->45772 45773 6ff274f 2 API calls 45767->45773 45774 6ff29cd 2 API calls 45767->45774 45775 6ff2e8b 2 API calls 45767->45775 45776 6ff2f0b 2 API calls 45767->45776 45777 6ff2ceb 2 API calls 45767->45777 45778 6ff2b49 2 API calls 45767->45778 45779 6ff28a7 2 API calls 45767->45779 45780 6ff2e05 2 API calls 45767->45780 45781 6ff2de4 2 API calls 45767->45781 45782 6ff2ba4 2 API calls 45767->45782 45768->45727 45769->45768 45770->45768 45771->45768 45772->45768 45773->45768 45774->45768 45775->45768 45776->45768 45777->45768 45778->45768 45779->45768 45780->45768 45781->45768 45782->45768 45848 6ff13d8 45783->45848 45852 6ff13d1 45783->45852 45784 6ff27ae 45784->45733 45856 6ff12e8 45787->45856 45860 6ff12e0 45787->45860 45788 6ff2bd2 45788->45733 45793 6ff29e4 45791->45793 45792 6ff3133 45792->45733 45793->45733 45793->45792 45864 6ff1099 45793->45864 45868 6ff10a0 45793->45868 45797 6ff2d58 45796->45797 45872 6ff1149 45797->45872 45876 6ff1150 45797->45876 45798 6ff2d73 45798->45733 45802 6ff3170 45801->45802 45880 6ff1228 45802->45880 45884 6ff1220 45802->45884 45803 6ff318e 45807 6ff2b56 45806->45807 45809 6ff12e8 WriteProcessMemory 45807->45809 45810 6ff12e0 WriteProcessMemory 45807->45810 45808 6ff2d24 45809->45808 45810->45808 45812 6ff2d03 45811->45812 45814 6ff12e8 WriteProcessMemory 45812->45814 45815 6ff12e0 WriteProcessMemory 45812->45815 45813 6ff2d24 45814->45813 45815->45813 45817 6ff2dcb 45816->45817 45817->45733 45818 6ff3133 45817->45818 45819 6ff1099 ResumeThread 45817->45819 45820 6ff10a0 ResumeThread 45817->45820 45818->45733 45819->45817 45820->45817 45823 6ff12e8 WriteProcessMemory 45821->45823 45824 6ff12e0 WriteProcessMemory 45821->45824 45822 6ff2eaf 45823->45822 45824->45822 45826 6ff29d3 45825->45826 45826->45733 45827 6ff3133 45826->45827 45828 6ff1099 ResumeThread 45826->45828 45829 6ff10a0 ResumeThread 45826->45829 45827->45733 45828->45826 45829->45826 45888 6ff1564 45830->45888 45892 6ff1570 45830->45892 45835 6ff290b 45834->45835 45835->45733 45836 6ff3133 45835->45836 45837 6ff1099 ResumeThread 45835->45837 45838 6ff10a0 ResumeThread 45835->45838 45836->45733 45837->45835 45838->45835 45840 6ff2f66 45839->45840 45842 6ff1149 Wow64SetThreadContext 45840->45842 45843 6ff1150 Wow64SetThreadContext 45840->45843 45841 6ff2f81 45842->45841 45843->45841 45846 6ff1149 Wow64SetThreadContext 45844->45846 45847 6ff1150 Wow64SetThreadContext 45844->45847 45845 6ff2d73 45845->45733 45846->45845 45847->45845 45849 6ff1423 ReadProcessMemory 45848->45849 45851 6ff1467 45849->45851 45851->45784 45853 6ff1423 ReadProcessMemory 45852->45853 45855 6ff1467 45853->45855 45855->45784 45857 6ff1330 WriteProcessMemory 45856->45857 45859 6ff1387 45857->45859 45859->45788 45861 6ff1330 WriteProcessMemory 45860->45861 45863 6ff1387 45861->45863 45863->45788 45865 6ff10e0 ResumeThread 45864->45865 45867 6ff1111 45865->45867 45867->45793 45869 6ff10e0 ResumeThread 45868->45869 45871 6ff1111 45869->45871 45871->45793 45873 6ff1151 Wow64SetThreadContext 45872->45873 45875 6ff11dd 45873->45875 45875->45798 45877 6ff1195 Wow64SetThreadContext 45876->45877 45879 6ff11dd 45877->45879 45879->45798 45881 6ff1268 VirtualAllocEx 45880->45881 45883 6ff12a5 45881->45883 45883->45803 45885 6ff1268 VirtualAllocEx 45884->45885 45887 6ff12a5 45885->45887 45887->45803 45889 6ff1570 CreateProcessA 45888->45889 45891 6ff17bb 45889->45891 45891->45891 45893 6ff15f9 CreateProcessA 45892->45893 45895 6ff17bb 45893->45895 45895->45895 45669 2627048 45670 262633c 3 API calls 45669->45670 45671 262705e 45670->45671 45672 a24668 45673 a24672 45672->45673 45675 a24758 45672->45675 45676 a2477d 45675->45676 45680 a24868 45676->45680 45684 a24858 45676->45684 45682 a2488f 45680->45682 45681 a2496c 45681->45681 45682->45681 45688 a244c4 45682->45688 45685 a2488f 45684->45685 45686 a244c4 CreateActCtxA 45685->45686 45687 a2496c 45685->45687 45686->45687 45689 a258f8 CreateActCtxA 45688->45689 45691 a259bb 45689->45691 45896 a2db58 45897 a2db9e GetCurrentProcess 45896->45897 45899 a2dbf0 GetCurrentThread 45897->45899 45900 a2dbe9 45897->45900 45901 a2dc26 45899->45901 45902 a2dc2d GetCurrentProcess 45899->45902 45900->45899 45901->45902 45903 a2dc63 GetCurrentThreadId 45902->45903 45905 a2dcbc 45903->45905

                                                                  Executed Functions

                                                                  Function 0866773C Relevance: 6.9, Strings: 5, Instructions: 632COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 319 866773c-86681d0 322 86681d6-86681db 319->322 323 86686b3-866871c 319->323 322->323 324 86681e1-86681fe 322->324 330 8668723-86687ab 323->330 329 8668204-8668208 324->329 324->330 332 8668217-866821b 329->332 333 866820a-8668214 call 866774c 329->333 378 86687b6-8668836 330->378 336 866821d-8668227 call 866774c 332->336 337 866822a-8668231 332->337 333->332 336->337 341 8668237-8668267 337->341 342 866834c-8668351 337->342 351 8668a36-8668a4d 341->351 356 866826d-8668340 call 8667758 * 2 341->356 345 8668353-8668357 342->345 346 8668359-866835e 342->346 345->346 348 8668360-8668364 345->348 349 8668370-86683a0 call 8667764 * 3 346->349 348->351 352 866836a-866836d 348->352 349->378 379 86683a6-86683a9 349->379 363 8668aa7-8668abc 351->363 364 8668a4f-8668a5c 351->364 352->349 356->342 387 8668342 356->387 368 8668a5e-8668a6a 364->368 369 8668a6c 364->369 375 8668a6f-8668a74 368->375 369->375 395 866883d-86688bf 378->395 379->378 382 86683af-86683b1 379->382 382->378 383 86683b7-86683ec 382->383 394 86683f2-86683fb 383->394 383->395 387->342 396 8668401-866845b call 8667764 * 2 call 8667774 * 2 394->396 397 866855e-8668562 394->397 401 86688c7-8668949 395->401 439 866846d 396->439 440 866845d-8668466 396->440 397->401 402 8668568-866856c 397->402 405 8668951-866897e 401->405 404 8668572-8668578 402->404 402->405 409 866857c-86685b1 404->409 410 866857a 404->410 421 8668985-8668a05 405->421 415 86685b8-86685be 409->415 410->415 420 86685c4-86685cc 415->420 415->421 422 86685d3-86685d5 420->422 423 86685ce-86685d2 420->423 478 8668a0c-8668a2e 421->478 428 8668637-866863d 422->428 429 86685d7-86685fb 422->429 423->422 437 866863f-866865a 428->437 438 866865c-866868a 428->438 462 8668604-8668608 429->462 463 86685fd-8668602 429->463 451 8668692-866869e 437->451 438->451 446 8668471-8668473 439->446 440->446 447 8668468-866846b 440->447 452 8668475 446->452 453 866847a-866847e 446->453 447->446 477 86686a4-86686b0 451->477 451->478 452->453 460 8668480-8668487 453->460 461 866848c-8668492 453->461 468 8668529-866852d 460->468 465 8668494-866849a 461->465 466 866849c-86684a1 461->466 462->351 469 866860e-8668611 462->469 470 8668614-8668625 463->470 473 86684a7-86684ad 465->473 466->473 475 866852f-8668549 468->475 476 866854c-8668558 468->476 469->470 512 8668627 call 8668ac0 470->512 513 8668627 call 8668ad0 470->513 482 86684b3-86684b8 473->482 483 86684af-86684b1 473->483 475->476 476->396 476->397 478->351 487 86684ba-86684cc 482->487 483->487 484 866862d-8668635 484->451 493 86684d6-86684db 487->493 494 86684ce-86684d4 487->494 496 86684e1-86684e8 493->496 494->496 498 86684ee 496->498 499 86684ea-86684ec 496->499 503 86684f3-86684fe 498->503 499->503 504 8668522 503->504 505 8668500-8668503 503->505 504->468 505->468 507 8668505-866850b 505->507 508 8668512-866851b 507->508 509 866850d-8668510 507->509 508->468 511 866851d-8668520 508->511 509->504 509->508 511->468 511->504 512->484 513->484
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748917523.0000000008660000.00000040.00000800.00020000.00000000.sdmp, Offset: 08660000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_8660000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Hbq$Hbq$Hbq$Hbq$Hbq
                                                                  • API String ID: 0-1677660839
                                                                  • Opcode ID: 449a90e24af2ea1ac91b1c4648ae54ec9d8836bbfa91ad7dadec9506de8774bd
                                                                  • Instruction ID: d5604fd6c464d352c44a09955c1feabc01bb123aeb50308259457e1bbb6be22c
                                                                  • Opcode Fuzzy Hash: 449a90e24af2ea1ac91b1c4648ae54ec9d8836bbfa91ad7dadec9506de8774bd
                                                                  • Instruction Fuzzy Hash: 7642AD30E00258CFDB54DFB8C8907AEBBF2BF84311F1585AAD509AB395DA309D56CB91
                                                                  Function 026291D6 Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 757 26291d6-2629348 776 2629382-2629384 757->776 777 262934a-2629380 757->777 778 2629386-2629388 776->778 779 262938a-2629394 776->779 777->776 780 2629396-26293ae 778->780 779->780 783 26293b0-26293b2 780->783 784 26293b4-26293bc 780->784 786 26293be-26293c3 783->786 784->786 788 26293c5-26293d5 786->788 789 26293da-2629405 786->789 788->789 792 2629407-2629413 789->792 793 262943d-2629447 789->793 792->793 794 2629415-2629422 792->794 795 2629450-26294da 793->795 796 2629449 793->796 799 2629424-2629426 794->799 800 2629428-2629438 794->800 806 262951c-262952a 795->806 807 26294dc-262951a 795->807 796->795 799->793 800->793 810 2629535-26295e7 806->810 807->810 818 26295f3-26295f5 810->818 819 2629623-262963f 818->819 820 26295f7-2629621 818->820 823 2629641 819->823 824 262964d 819->824 820->819 823->824
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LR^q$\s^q
                                                                  • API String ID: 0-2586804783
                                                                  • Opcode ID: 11ba49ef4ad8edf37b8664a3a3886b39fbdcffb161e8da69d7749173d99ccdba
                                                                  • Instruction ID: b871e03446247e7a530d9460bd644419416402f5843c7a95af8dc09c2f35aa70
                                                                  • Opcode Fuzzy Hash: 11ba49ef4ad8edf37b8664a3a3886b39fbdcffb161e8da69d7749173d99ccdba
                                                                  • Instruction Fuzzy Hash: 37D17A34A116268FDB14DF79D894AAEB7F2BFC8305F119568D406EB365DB30A906CF80
                                                                  Function 02628E48 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: \s^q
                                                                  • API String ID: 0-4111632511
                                                                  • Opcode ID: 19bd3b3d1bf71ba5aadf0f56632cec98cfde4c0d7e9f9ffe2aff069109eb3f8c
                                                                  • Instruction ID: 5488f49dc27fe84450a83c699d30f1f3d41068dcb382fa4ce66ae303c09ce0cd
                                                                  • Opcode Fuzzy Hash: 19bd3b3d1bf71ba5aadf0f56632cec98cfde4c0d7e9f9ffe2aff069109eb3f8c
                                                                  • Instruction Fuzzy Hash: C0710878D4011E9FDF14CFA9D984AAEBBB1BF88311F20A659D402EB3A4DB319945CF10
                                                                  Function 0262DEA8 Relevance: .4, Instructions: 399COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dbb01efef05b2726a067c2658512d3fd2692cc03f2e486ab912f29dfc810247e
                                                                  • Instruction ID: 521829a1e2aeac2492a4a9223273dc0796f0e1b0f6416b368263938f8e9f4f02
                                                                  • Opcode Fuzzy Hash: dbb01efef05b2726a067c2658512d3fd2692cc03f2e486ab912f29dfc810247e
                                                                  • Instruction Fuzzy Hash: 3AF15C71E0052A8FCB14DFA9C980AAEFBB2FF88301F188569D455EB345D735A946CF90
                                                                  Function 0866819B Relevance: .3, Instructions: 280COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748917523.0000000008660000.00000040.00000800.00020000.00000000.sdmp, Offset: 08660000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_8660000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f4aed839ed3d69b478286d1ee05387ee510f31a33e5deb0f9af13787acaf9e92
                                                                  • Instruction ID: fb4f5e5c97411375c9847fcc2ef8a839e6aaed9f2da79664385a27ae3e2c934c
                                                                  • Opcode Fuzzy Hash: f4aed839ed3d69b478286d1ee05387ee510f31a33e5deb0f9af13787acaf9e92
                                                                  • Instruction Fuzzy Hash: 82C15A34E00298CFCF15CFA5C890799BBB2AF88325F15C5A9D449AB355DB30E996CF50
                                                                  Function 06BB4B70 Relevance: 16.3, Strings: 13, Instructions: 93COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 294 6bb4b70-6bb4b8b 295 6bb4c0e-6bb4c15 294->295 296 6bb4c20-6bb4c58 295->296 300 6bb4c5f-6bb4c61 296->300 301 6bb4b90-6bb4b93 300->301 302 6bb4b9c-6bb4bb0 301->302 303 6bb4b95 301->303 306 6bb4cad-6bb4cbf 302->306 307 6bb4bb6-6bb4bca 302->307 303->295 303->300 303->302 304 6bb4c66-6bb4c81 303->304 314 6bb4c99-6bb4cac 304->314 315 6bb4c83-6bb4c89 304->315 307->306 309 6bb4bd0-6bb4bde 307->309 309->306 311 6bb4be4-6bb4bf7 309->311 311->306 313 6bb4bfd-6bb4c0c 311->313 313->301 316 6bb4c8b 315->316 317 6bb4c8d-6bb4c8f 315->317 316->314 317->314
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: "$8bq$8bq$LR^q$LR^q$LR^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                  • API String ID: 0-2864199233
                                                                  • Opcode ID: c61f10504a9b4465733f7357fd846b06d7bfe687d8568b5c5d336b9a0b87d54c
                                                                  • Instruction ID: fc41671cd7b96e97e60b2d60732426f5034cfa2054aebb7dbc3753fad3c38c9d
                                                                  • Opcode Fuzzy Hash: c61f10504a9b4465733f7357fd846b06d7bfe687d8568b5c5d336b9a0b87d54c
                                                                  • Instruction Fuzzy Hash: 1C31F6B0B002049FD7948B6998146BA7BF2FBC9705F1490BAD146CB39ADBB5C809C791
                                                                  Function 00A2DB58 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 514 a2db58-a2dbe7 GetCurrentProcess 518 a2dbf0-a2dc24 GetCurrentThread 514->518 519 a2dbe9-a2dbef 514->519 520 a2dc26-a2dc2c 518->520 521 a2dc2d-a2dc61 GetCurrentProcess 518->521 519->518 520->521 523 a2dc63-a2dc69 521->523 524 a2dc6a-a2dc82 521->524 523->524 527 a2dc8b-a2dcba GetCurrentThreadId 524->527 528 a2dcc3-a2dd25 527->528 529 a2dcbc-a2dcc2 527->529 529->528
                                                                  APIs
                                                                  • GetCurrentProcess.KERNEL32 ref: 00A2DBD6
                                                                  • GetCurrentThread.KERNEL32 ref: 00A2DC13
                                                                  • GetCurrentProcess.KERNEL32 ref: 00A2DC50
                                                                  • GetCurrentThreadId.KERNEL32 ref: 00A2DCA9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744581082.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a20000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: Current$ProcessThread
                                                                  • String ID:
                                                                  • API String ID: 2063062207-0
                                                                  • Opcode ID: b1912946bdfaedbb8503d9266c70e2f9d8a8eab97d1fde3b4242264aeb3194a0
                                                                  • Instruction ID: 927f748b85328ef5b7a2bca30f62799076a051b958d166b402442a18e006fb8c
                                                                  • Opcode Fuzzy Hash: b1912946bdfaedbb8503d9266c70e2f9d8a8eab97d1fde3b4242264aeb3194a0
                                                                  • Instruction Fuzzy Hash: 4D5156B0900719CFDB04DFA9D548BDEBBF1FB88304F208469E419A7261C7749984CF69
                                                                  Function 06BB3BF7 Relevance: 5.1, Strings: 4, Instructions: 124COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 535 6bb3bf7-6bb3bff 536 6bb3b8a-6bb3b8d 535->536 537 6bb3b8f 536->537 538 6bb3b96-6bb3ba8 536->538 537->538 539 6bb3baa-6bb3bcf 537->539 540 6bb3cf9-6bb3cfd 537->540 541 6bb3c08-6bb3c1b 537->541 542 6bb3c73-6bb3c9f 537->542 543 6bb3ce1-6bb3ce7 537->543 544 6bb3c01-6bb3c06 537->544 545 6bb3cb0-6bb3cc2 537->545 546 6bb3ca4-6bb3cab 537->546 538->536 569 6bb3bd1 539->569 570 6bb3bd4-6bb3bde 539->570 551 6bb3cff-6bb3d08 540->551 552 6bb3d1e 540->552 555 6bb3c23-6bb3c25 541->555 542->536 548 6bb3ceb 543->548 549 6bb3ce9 543->549 544->536 545->536 546->536 556 6bb3ced-6bb3cf6 548->556 549->556 558 6bb3d0a-6bb3d0d 551->558 559 6bb3d0f-6bb3d12 551->559 554 6bb3d21-6bb3d28 552->554 562 6bb3c33-6bb3c5c 555->562 563 6bb3c27-6bb3c2d 555->563 556->540 561 6bb3d1c 558->561 559->561 561->554 571 6bb3d29-6bb3d3b 562->571 572 6bb3c62-6bb3c6e 562->572 564 6bb3c2f 563->564 565 6bb3c31 563->565 564->562 565->562 569->570 573 6bb3be0-6bb3be5 570->573 574 6bb3be7-6bb3bea 570->574 572->536 575 6bb3bed-6bb3bff 573->575 574->575 575->536
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LR^q$$^q$$^q$$^q
                                                                  • API String ID: 0-2876625903
                                                                  • Opcode ID: ef33531d31034d7c497cc6d7af4acc26a2970ce600956e332812bf92fca5528a
                                                                  • Instruction ID: 061620831a57a28217312524427e0e3a20eb1c44d76b80f41318a612e23c841b
                                                                  • Opcode Fuzzy Hash: ef33531d31034d7c497cc6d7af4acc26a2970ce600956e332812bf92fca5528a
                                                                  • Instruction Fuzzy Hash: 6041E1B0F44219DFEBA44F98D8447FEB7F1FB48710F14A5AAE102AB285C6B48941CB81
                                                                  Function 06BB3CD3 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 692 6bb3cd3-6bb3cdf 693 6bb3cc2 692->693 694 6bb3b8a-6bb3b8d 693->694 695 6bb3b8f 694->695 696 6bb3b96-6bb3ba8 694->696 695->696 697 6bb3baa-6bb3bcf 695->697 698 6bb3cf9-6bb3cfd 695->698 699 6bb3c08-6bb3c1b 695->699 700 6bb3c73-6bb3c9f 695->700 701 6bb3ce1-6bb3ce7 695->701 702 6bb3c01-6bb3c06 695->702 703 6bb3cb0-6bb3cbd 695->703 704 6bb3ca4-6bb3cab 695->704 696->694 726 6bb3bd1 697->726 727 6bb3bd4-6bb3bde 697->727 709 6bb3cff-6bb3d08 698->709 710 6bb3d1e 698->710 712 6bb3c23-6bb3c25 699->712 700->694 706 6bb3ceb 701->706 707 6bb3ce9 701->707 702->694 703->693 704->694 713 6bb3ced-6bb3cf6 706->713 707->713 715 6bb3d0a-6bb3d0d 709->715 716 6bb3d0f-6bb3d12 709->716 711 6bb3d21-6bb3d28 710->711 719 6bb3c33-6bb3c5c 712->719 720 6bb3c27-6bb3c2d 712->720 713->698 718 6bb3d1c 715->718 716->718 718->711 728 6bb3d29-6bb3d3b 719->728 729 6bb3c62-6bb3c6e 719->729 721 6bb3c2f 720->721 722 6bb3c31 720->722 721->719 722->719 726->727 730 6bb3be0-6bb3be5 727->730 731 6bb3be7-6bb3bea 727->731 729->694 732 6bb3bed-6bb3bff 730->732 731->732 732->694
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LR^q$$^q$$^q
                                                                  • API String ID: 0-3333519130
                                                                  • Opcode ID: d5a6cc45b692905222ff24fda210099332a0f6536b3fb8dc010bb3bc2610709d
                                                                  • Instruction ID: 8356a2c15bc4933d6dbdfa96685f283053f67f92b75fa17309f25cca07bb455f
                                                                  • Opcode Fuzzy Hash: d5a6cc45b692905222ff24fda210099332a0f6536b3fb8dc010bb3bc2610709d
                                                                  • Instruction Fuzzy Hash: BA31CEB0F44618DFEBA44B98D845BFD73E1EB48711F14A5AAF202AB2D4C6F48941CB81
                                                                  Function 06BB4B45 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 868 6bb4b45-6bb4b8b 869 6bb4c0e-6bb4c15 868->869 870 6bb4b90-6bb4b93 868->870 875 6bb4c20-6bb4c58 869->875 871 6bb4b9c-6bb4bb0 870->871 872 6bb4b95 870->872 877 6bb4cad-6bb4cbf 871->877 878 6bb4bb6-6bb4bca 871->878 872->869 872->871 873 6bb4c5f-6bb4c61 872->873 874 6bb4c66-6bb4c81 872->874 873->870 887 6bb4c99-6bb4cac 874->887 888 6bb4c83-6bb4c89 874->888 875->873 878->877 881 6bb4bd0-6bb4bde 878->881 881->877 883 6bb4be4-6bb4bf7 881->883 883->877 886 6bb4bfd-6bb4c0c 883->886 886->870 890 6bb4c8b 888->890 891 6bb4c8d-6bb4c8f 888->891 890->887 891->887
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 8bq$8bq
                                                                  • API String ID: 0-1276831224
                                                                  • Opcode ID: 543639e7bef4fbdb2c1caae8e9ac058b165231e9e8b15906f883cee3fab5f7d0
                                                                  • Instruction ID: c23aece91720e20bde746a588a48a2d2c62e6a72100377f85e28fc7a9f532abf
                                                                  • Opcode Fuzzy Hash: 543639e7bef4fbdb2c1caae8e9ac058b165231e9e8b15906f883cee3fab5f7d0
                                                                  • Instruction Fuzzy Hash: 613137B0A042009FD7948F68D8146BA3BF2FBC5305F1490FAD146CB29AD7B58809C791
                                                                  Function 06BB3279 Relevance: 2.5, Strings: 2, Instructions: 16COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 893 6bb3279-6bb3290 894 6bb32a8 893->894 895 6bb3292-6bb3298 893->895 896 6bb329a 895->896 897 6bb329c-6bb329e 895->897 896->894 897->894
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $^q$$^q
                                                                  • API String ID: 0-355816377
                                                                  • Opcode ID: 8c7647fb55fc772034672f3f1df0cbacd1803d8f6a561ddfdd0f9ef67f551172
                                                                  • Instruction ID: 2d133da7583230a6d39caa59edee8c7c8163ea99b36c9226915a654172fb2cef
                                                                  • Opcode Fuzzy Hash: 8c7647fb55fc772034672f3f1df0cbacd1803d8f6a561ddfdd0f9ef67f551172
                                                                  • Instruction Fuzzy Hash: 1AD0A9B2E0020D9FF76A04102E643A523C2BB92A00B8B26A588009F308E916D805C1C2
                                                                  Function 06FF1564 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 898 6ff1564-6ff1605 901 6ff163e-6ff165e 898->901 902 6ff1607-6ff1611 898->902 909 6ff1697-6ff16c6 901->909 910 6ff1660-6ff166a 901->910 902->901 903 6ff1613-6ff1615 902->903 904 6ff1638-6ff163b 903->904 905 6ff1617-6ff1621 903->905 904->901 907 6ff1625-6ff1634 905->907 908 6ff1623 905->908 907->907 911 6ff1636 907->911 908->907 918 6ff16ff-6ff17b9 CreateProcessA 909->918 919 6ff16c8-6ff16d2 909->919 910->909 912 6ff166c-6ff166e 910->912 911->904 913 6ff1691-6ff1694 912->913 914 6ff1670-6ff167a 912->914 913->909 916 6ff167e-6ff168d 914->916 917 6ff167c 914->917 916->916 920 6ff168f 916->920 917->916 930 6ff17bb-6ff17c1 918->930 931 6ff17c2-6ff1848 918->931 919->918 921 6ff16d4-6ff16d6 919->921 920->913 923 6ff16f9-6ff16fc 921->923 924 6ff16d8-6ff16e2 921->924 923->918 925 6ff16e6-6ff16f5 924->925 926 6ff16e4 924->926 925->925 928 6ff16f7 925->928 926->925 928->923 930->931 941 6ff184a-6ff184e 931->941 942 6ff1858-6ff185c 931->942 941->942 943 6ff1850 941->943 944 6ff185e-6ff1862 942->944 945 6ff186c-6ff1870 942->945 943->942 944->945 948 6ff1864 944->948 946 6ff1872-6ff1876 945->946 947 6ff1880-6ff1884 945->947 946->947 949 6ff1878 946->949 950 6ff1896-6ff189d 947->950 951 6ff1886-6ff188c 947->951 948->945 949->947 952 6ff189f-6ff18ae 950->952 953 6ff18b4 950->953 951->950 952->953 955 6ff18b5 953->955 955->955
                                                                  APIs
                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06FF17A6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: d9184afb78dc8fa5c86d0437831f4b7a2d47c97e7b43d28b1cd9ecf7b22b601b
                                                                  • Instruction ID: 0129891f6a68e7a69cebafbd7de03bfbe88652f0e4e008c8693007b42de24f4a
                                                                  • Opcode Fuzzy Hash: d9184afb78dc8fa5c86d0437831f4b7a2d47c97e7b43d28b1cd9ecf7b22b601b
                                                                  • Instruction Fuzzy Hash: 06A1AC71D10219CFDB60CFA8C841BEEBBB2FF49310F0485A9E948A7260DB749985CF91
                                                                  Function 06FF1570 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 956 6ff1570-6ff1605 958 6ff163e-6ff165e 956->958 959 6ff1607-6ff1611 956->959 966 6ff1697-6ff16c6 958->966 967 6ff1660-6ff166a 958->967 959->958 960 6ff1613-6ff1615 959->960 961 6ff1638-6ff163b 960->961 962 6ff1617-6ff1621 960->962 961->958 964 6ff1625-6ff1634 962->964 965 6ff1623 962->965 964->964 968 6ff1636 964->968 965->964 975 6ff16ff-6ff17b9 CreateProcessA 966->975 976 6ff16c8-6ff16d2 966->976 967->966 969 6ff166c-6ff166e 967->969 968->961 970 6ff1691-6ff1694 969->970 971 6ff1670-6ff167a 969->971 970->966 973 6ff167e-6ff168d 971->973 974 6ff167c 971->974 973->973 977 6ff168f 973->977 974->973 987 6ff17bb-6ff17c1 975->987 988 6ff17c2-6ff1848 975->988 976->975 978 6ff16d4-6ff16d6 976->978 977->970 980 6ff16f9-6ff16fc 978->980 981 6ff16d8-6ff16e2 978->981 980->975 982 6ff16e6-6ff16f5 981->982 983 6ff16e4 981->983 982->982 985 6ff16f7 982->985 983->982 985->980 987->988 998 6ff184a-6ff184e 988->998 999 6ff1858-6ff185c 988->999 998->999 1000 6ff1850 998->1000 1001 6ff185e-6ff1862 999->1001 1002 6ff186c-6ff1870 999->1002 1000->999 1001->1002 1005 6ff1864 1001->1005 1003 6ff1872-6ff1876 1002->1003 1004 6ff1880-6ff1884 1002->1004 1003->1004 1006 6ff1878 1003->1006 1007 6ff1896-6ff189d 1004->1007 1008 6ff1886-6ff188c 1004->1008 1005->1002 1006->1004 1009 6ff189f-6ff18ae 1007->1009 1010 6ff18b4 1007->1010 1008->1007 1009->1010 1012 6ff18b5 1010->1012 1012->1012
                                                                  APIs
                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06FF17A6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: 6eee31bc896ed857ddb4632d2f50fede2e99b50cdee81d8174967fafaf864ead
                                                                  • Instruction ID: 4a88c501482c26ff9c116e22cac8c1ca4c053251a93fbbd4ba19e97c29b52865
                                                                  • Opcode Fuzzy Hash: 6eee31bc896ed857ddb4632d2f50fede2e99b50cdee81d8174967fafaf864ead
                                                                  • Instruction Fuzzy Hash: 2F918C71D10219CFDB60CFA8C941BEEBBB2BF49310F1485A9E908A7260DB749985CF91
                                                                  Function 06BBEE00 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 4'^q
                                                                  • API String ID: 0-1614139903
                                                                  • Opcode ID: 3d1e2a5fe72e2898c764c5593537989cfb12ac9d6b6cdf2479487ef8ba7c4ec6
                                                                  • Instruction ID: 7ddf359cd20d4877410cf7a644451dadaf520605e411a02a7611ebdce09e0230
                                                                  • Opcode Fuzzy Hash: 3d1e2a5fe72e2898c764c5593537989cfb12ac9d6b6cdf2479487ef8ba7c4ec6
                                                                  • Instruction Fuzzy Hash: F8E19074A00309DFDB45EFB8C994BAEBBB6FB88300F1084A4E505A7368DB759D45CB51
                                                                  Function 00A258EC Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateActCtxA.KERNEL32(?), ref: 00A259A9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744581082.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a20000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: Create
                                                                  • String ID:
                                                                  • API String ID: 2289755597-0
                                                                  • Opcode ID: 1b7f7b8c235842d0919fc63b9143bc6dfccf216f29ac54b25dad913d98a850ce
                                                                  • Instruction ID: 9dbb0374cb241708bea45383fb80963028e098f38c819e500326a27f265c33fc
                                                                  • Opcode Fuzzy Hash: 1b7f7b8c235842d0919fc63b9143bc6dfccf216f29ac54b25dad913d98a850ce
                                                                  • Instruction Fuzzy Hash: 8A41E5B0C00619CFDB24CFA9C884BDEBBB5BF48304F24816AD409AB255DB75598ACF90
                                                                  Function 00A244C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateActCtxA.KERNEL32(?), ref: 00A259A9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744581082.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a20000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: Create
                                                                  • String ID:
                                                                  • API String ID: 2289755597-0
                                                                  • Opcode ID: 9e97c2a3168213fef72279c1db5aa4130fe5daca9746868d4d354de71d26e728
                                                                  • Instruction ID: 985afae87305fb4e9e2ea883cd9b8034c15f65e09cde7fa11b44b391e7976d67
                                                                  • Opcode Fuzzy Hash: 9e97c2a3168213fef72279c1db5aa4130fe5daca9746868d4d354de71d26e728
                                                                  • Instruction Fuzzy Hash: D641C1B0C00729CFDB24DFA9C884B9EBBF5BF49304F24816AD409AB255DB756949CF90
                                                                  Function 08668AD0 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748917523.0000000008660000.00000040.00000800.00020000.00000000.sdmp, Offset: 08660000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_8660000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFromIconResource
                                                                  • String ID:
                                                                  • API String ID: 3668623891-0
                                                                  • Opcode ID: 9d5df597a9bfdc9717cb1ff9fb6d518a2768db77a3919a86677781b2c1dd1866
                                                                  • Instruction ID: 83902b7fb0b2925da162852e9686762a58cd263d211b0d2c9e0bcfbaff4c9e6d
                                                                  • Opcode Fuzzy Hash: 9d5df597a9bfdc9717cb1ff9fb6d518a2768db77a3919a86677781b2c1dd1866
                                                                  • Instruction Fuzzy Hash: 3F317C729003899FCB11CFA9C844ADEBFF9EF49320F14806AE554A7221C335D964DFA5
                                                                  Function 06FF12E0 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06FF1378
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: 124637a00ab453ca566aebf6dd08f462d1f226219bbdae5d117a2beda8a0e7b7
                                                                  • Instruction ID: 433eae9f3798200d329b0c20902a687dfe6f52d55dc644c256b21f95163b1844
                                                                  • Opcode Fuzzy Hash: 124637a00ab453ca566aebf6dd08f462d1f226219bbdae5d117a2beda8a0e7b7
                                                                  • Instruction Fuzzy Hash: A22126B19002599FCB10CFA9C881BEEBBF5FF88310F108429E559A7250C7759955CBA5
                                                                  Function 02626950 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0262693D,?,?), ref: 026269EF
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: DrawText
                                                                  • String ID:
                                                                  • API String ID: 2175133113-0
                                                                  • Opcode ID: 23a0695a8317dd3affc962984b2fc589ec74949080aebe028fdde149018f4936
                                                                  • Instruction ID: 935c24b3a45e11d8d93320aef7adcea82f8d7a5da3128f6b602f48fb13bae13d
                                                                  • Opcode Fuzzy Hash: 23a0695a8317dd3affc962984b2fc589ec74949080aebe028fdde149018f4936
                                                                  • Instruction Fuzzy Hash: 9331F2B1D002599FCB14CF99D884A9EFBF5FB48320F14842AE819A7210D774A944CFA0
                                                                  Function 026262F4 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0262693D,?,?), ref: 026269EF
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: DrawText
                                                                  • String ID:
                                                                  • API String ID: 2175133113-0
                                                                  • Opcode ID: 38983ef44e2c146fcb4440e082621c67c8a5c9fdd081aec83ea08b416d21fddc
                                                                  • Instruction ID: 00d74309fb7a1691a092150c509a1ac8959a7632bace31f28a009c92e2a58a33
                                                                  • Opcode Fuzzy Hash: 38983ef44e2c146fcb4440e082621c67c8a5c9fdd081aec83ea08b416d21fddc
                                                                  • Instruction Fuzzy Hash: 0E3103B5D002599FDB14CF9AD884A9EFBF9FB48324F14842AE819A7310D774A944CFA0
                                                                  Function 06FF12E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06FF1378
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: 5b3a13b15b514633adbe03d4cf2a9f3728fb04f0e64dc9b43dbf9372cbf65651
                                                                  • Instruction ID: 8b6f4118075b7ebedeb0bf7340708f6303eb79aeefc436c0306ea2ccb19f6263
                                                                  • Opcode Fuzzy Hash: 5b3a13b15b514633adbe03d4cf2a9f3728fb04f0e64dc9b43dbf9372cbf65651
                                                                  • Instruction Fuzzy Hash: 572115B1900259DFCB10CFA9C885BDEBBF5FF48310F108429E959A7250C7789954CBA4
                                                                  Function 06FF13D1 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06FF1458
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessRead
                                                                  • String ID:
                                                                  • API String ID: 1726664587-0
                                                                  • Opcode ID: 8a3688ff369b9b8a01703827279fa240a32dccf01bd1f59992af5f9dcef9a5fb
                                                                  • Instruction ID: dee2bb9caeb450503d08e80799725ee325787d11f5397ccf0c385a75a4dfc662
                                                                  • Opcode Fuzzy Hash: 8a3688ff369b9b8a01703827279fa240a32dccf01bd1f59992af5f9dcef9a5fb
                                                                  • Instruction Fuzzy Hash: 082116B1D002599FDB10DFAAC880AEEFBF5FF88314F108429E559A7250C7359555CFA4
                                                                  Function 06FF1149 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06FF11CE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: ContextThreadWow64
                                                                  • String ID:
                                                                  • API String ID: 983334009-0
                                                                  • Opcode ID: 9b2f1adf87e8261e2ccc391e1e8128265f3c0c27a5b692700c70494032587a3d
                                                                  • Instruction ID: 1891d10767ec8d5324a0361c97e1d3889495cc4dbf0e1ac5f80f5b3d88ea1ea1
                                                                  • Opcode Fuzzy Hash: 9b2f1adf87e8261e2ccc391e1e8128265f3c0c27a5b692700c70494032587a3d
                                                                  • Instruction Fuzzy Hash: BC2159B1D002098FDB10DFAAC4847EEBBF4EF98324F10842AD559A7240C7789545CFA4
                                                                  Function 06FF13D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06FF1458
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessRead
                                                                  • String ID:
                                                                  • API String ID: 1726664587-0
                                                                  • Opcode ID: 5a2971372bec304f02f309e03060c0e337e487e7de54b357ead7922669af8972
                                                                  • Instruction ID: ae282af538b2b0ea1cc85f2d001bdb5066a36cfd28904e16017c32a3801a14d5
                                                                  • Opcode Fuzzy Hash: 5a2971372bec304f02f309e03060c0e337e487e7de54b357ead7922669af8972
                                                                  • Instruction Fuzzy Hash: 742128B1D00259DFCB10DFAAC880ADEFBF5FF88314F108429E559A7250C7349544CBA4
                                                                  Function 06FF1150 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06FF11CE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: ContextThreadWow64
                                                                  • String ID:
                                                                  • API String ID: 983334009-0
                                                                  • Opcode ID: 38d1f8c94fbfb895b9b5c7d2268e917822b4165fad6d70d729cc890d56ba9a0a
                                                                  • Instruction ID: e570434d7ffc98262adc0bcf01b305cc582b4c43080dc090ed8bf3f226a0d82a
                                                                  • Opcode Fuzzy Hash: 38d1f8c94fbfb895b9b5c7d2268e917822b4165fad6d70d729cc890d56ba9a0a
                                                                  • Instruction Fuzzy Hash: F12138B1D102098FDB10DFAAC4857EEBBF4EF98324F14842AD559A7250C778A944CFA4
                                                                  Function 00A2DDA0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A2DE27
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744581082.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a20000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: cc38911ad000d38fd25b2dae3c90b0d4db22cde96326a8a1486603d300b1ca00
                                                                  • Instruction ID: aeb7dbd64431abc9af3b2191c2806e9bd75a039db60528280fa5f9225baf2b1f
                                                                  • Opcode Fuzzy Hash: cc38911ad000d38fd25b2dae3c90b0d4db22cde96326a8a1486603d300b1ca00
                                                                  • Instruction Fuzzy Hash: AE21E4B5900258DFDB10CF9AD984ADEFFF9EB48310F14841AE918A7351C374A940CFA4
                                                                  Function 06FF1220 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06FF1296
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: b494421d02fcd91a69aca3729061572b82b739d379d39159771a764dd0fe8e01
                                                                  • Instruction ID: 456b4d2477d728c8661bcf4156bba5e68932332738c893d41ff10fd68c34ac87
                                                                  • Opcode Fuzzy Hash: b494421d02fcd91a69aca3729061572b82b739d379d39159771a764dd0fe8e01
                                                                  • Instruction Fuzzy Hash: BA1159B2900249CFDB10DFAAD844AEEBFF6EF88314F248419E559A7250C7769951CFA0
                                                                  Function 08667784 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,08668AEA,?,?,?,?,?), ref: 08668B8F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748917523.0000000008660000.00000040.00000800.00020000.00000000.sdmp, Offset: 08660000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_8660000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFromIconResource
                                                                  • String ID:
                                                                  • API String ID: 3668623891-0
                                                                  • Opcode ID: 11d85952909680c19032fb4eadf3d631b9fd33d83b245183c777423fe3f048d0
                                                                  • Instruction ID: b84ccfa21bf4e92884d1278806b95d0209d04d40a297b89b7635f26c5a2f74f1
                                                                  • Opcode Fuzzy Hash: 11d85952909680c19032fb4eadf3d631b9fd33d83b245183c777423fe3f048d0
                                                                  • Instruction Fuzzy Hash: 9F113AB580024DDFDB10CFAAC844BDEBFF9EB48320F14841AE554A7250C375A950DFA4
                                                                  Function 06FF1228 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06FF1296
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: 9fc495df1acf97417f7bf46efa6440c3d561ea39578c63b03951354030afff33
                                                                  • Instruction ID: c2f0675b5e39875ca3c16240a04c1eec9ab8ed22c18b9eca39408c22a81c26dc
                                                                  • Opcode Fuzzy Hash: 9fc495df1acf97417f7bf46efa6440c3d561ea39578c63b03951354030afff33
                                                                  • Instruction Fuzzy Hash: 6D115672800248CFCB10DFAAC844ADEBFF5EF88320F148419E519A7250C735A550CFA0
                                                                  Function 06FF1099 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: ResumeThread
                                                                  • String ID:
                                                                  • API String ID: 947044025-0
                                                                  • Opcode ID: d587e37f696b1d7bf64296ffd05e581251227ff3a5d6308d2b1feb45ce41e8b9
                                                                  • Instruction ID: b2bd96534b4b3de251dca17d56b57eedef4d1028a14398b0fca17362bd906248
                                                                  • Opcode Fuzzy Hash: d587e37f696b1d7bf64296ffd05e581251227ff3a5d6308d2b1feb45ce41e8b9
                                                                  • Instruction Fuzzy Hash: E61146B1D002488FDB20DFAAD8457EEFFF9AF88324F208419D059A7250CB359944CFA5
                                                                  Function 06FF3788 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06FF37ED
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: MessagePost
                                                                  • String ID:
                                                                  • API String ID: 410705778-0
                                                                  • Opcode ID: f4f36f0a106c9548caf650f7a0369c0cba408aa1aeda0088fd1e181344e1aeae
                                                                  • Instruction ID: 7230f33639a7357c484595865288aa11674edb74ba54d5dca30d08843b18a040
                                                                  • Opcode Fuzzy Hash: f4f36f0a106c9548caf650f7a0369c0cba408aa1aeda0088fd1e181344e1aeae
                                                                  • Instruction Fuzzy Hash: AD11E0B6800249DFCB10DF9AD885BDEFFF8EB48320F208419E559A7650C375A984CFA1
                                                                  Function 06FF10A0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: ResumeThread
                                                                  • String ID:
                                                                  • API String ID: 947044025-0
                                                                  • Opcode ID: de0cc888af644f4001c8f7ac50fa57dfa871423655d023b00a2b5088182a9f38
                                                                  • Instruction ID: 7c146f057a2e34578fc328795a29899ef466ff0eb08500718d83c9e52bf4840f
                                                                  • Opcode Fuzzy Hash: de0cc888af644f4001c8f7ac50fa57dfa871423655d023b00a2b5088182a9f38
                                                                  • Instruction Fuzzy Hash: 071125B1D002488BDB20DFAAC8457DEFBF9AF88324F248429D559A7250CA75A944CBA4
                                                                  Function 06FF0CFC Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06FF37ED
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: MessagePost
                                                                  • String ID:
                                                                  • API String ID: 410705778-0
                                                                  • Opcode ID: 10b4b9247a0d81a44bbb808997c441f0da2b65f34dd98a966df26f3043dbfe83
                                                                  • Instruction ID: a28139bac663fc7de9d244b2c322c72ef221c51d8e3467ffe168ab560e86b6d3
                                                                  • Opcode Fuzzy Hash: 10b4b9247a0d81a44bbb808997c441f0da2b65f34dd98a966df26f3043dbfe83
                                                                  • Instruction Fuzzy Hash: 201125B6800348DFCB50DF89C484BDEBBF8EB48310F108419E518A7210C375A940CFA4
                                                                  Function 00A2BAC0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00A2BB26
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744581082.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a20000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: HandleModule
                                                                  • String ID:
                                                                  • API String ID: 4139908857-0
                                                                  • Opcode ID: 8d901715e525e3a3483192ec5b1a80827582873a726920e291a5fb7794f37fe3
                                                                  • Instruction ID: 54d420ac37de42b2c8a9b93ce807880f2e518cd2df2746298f7fee75d95418be
                                                                  • Opcode Fuzzy Hash: 8d901715e525e3a3483192ec5b1a80827582873a726920e291a5fb7794f37fe3
                                                                  • Instruction Fuzzy Hash: 57110FB6C002598FCB10CF9AD844ADEFBF4AB88324F10842AD419A7610C375A545CFA1
                                                                  Function 06BB2CA8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: %*&/)(#$^@!~-_
                                                                  • API String ID: 0-3325533558
                                                                  • Opcode ID: f3822c3d6ee115beb0d1cd156781537f88efc942563d0b64904583fd202a9746
                                                                  • Instruction ID: a4e0cb31bd808179c705dcfef940b5b41a4702c0fff2fce75c602940a5b50ba3
                                                                  • Opcode Fuzzy Hash: f3822c3d6ee115beb0d1cd156781537f88efc942563d0b64904583fd202a9746
                                                                  • Instruction Fuzzy Hash: 9351C072F041049FD700AFB8D445BAEBBB2EF88301F1584A8D9819B3A9CF716E49C781
                                                                  Function 06BB2CB8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: %*&/)(#$^@!~-_
                                                                  • API String ID: 0-3325533558
                                                                  • Opcode ID: 4afd9e72cf864d7c1e854704122d28cd7cbad240f6aa58690a897ea2f0555b9f
                                                                  • Instruction ID: 31feb9b2b7df92c3c78a0b27e6000cfe475faf8e6d17a97ab22a2b2b0cf583c0
                                                                  • Opcode Fuzzy Hash: 4afd9e72cf864d7c1e854704122d28cd7cbad240f6aa58690a897ea2f0555b9f
                                                                  • Instruction Fuzzy Hash: 1C51A031F041149FD704ABB8D445BAEBBB2FF88301F1484A8D9919B3A9CF71AE49C781
                                                                  Function 06BBA155 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Te^q
                                                                  • API String ID: 0-671973202
                                                                  • Opcode ID: 51831e1db2962e8c2195cf0c1d5246d25b8e9a77b42933966535059aa7de8480
                                                                  • Instruction ID: d661972d0909715a4fb82b612dde0ce9b28fb616a36c8f2821691b00d20e3b40
                                                                  • Opcode Fuzzy Hash: 51831e1db2962e8c2195cf0c1d5246d25b8e9a77b42933966535059aa7de8480
                                                                  • Instruction Fuzzy Hash: 0F21FDB4D0461C8BDB48CFAAC9442EEBBFAEF89300F14A02AD419AB354DB745905CB91
                                                                  Function 06BBA16B Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Te^q
                                                                  • API String ID: 0-671973202
                                                                  • Opcode ID: 3978029adbca7b07515a7b03fb446fc8512fa25af9ee8de8597512fc26a9db5d
                                                                  • Instruction ID: ebea743b923ecbba7fccfc899668e6bb7934fb8231f9f5368366508f4d0515ea
                                                                  • Opcode Fuzzy Hash: 3978029adbca7b07515a7b03fb446fc8512fa25af9ee8de8597512fc26a9db5d
                                                                  • Instruction Fuzzy Hash: A131C274E00219CFDB48CFE9C8849EDFBB1FF48310F20916AE919AB265C7316945CB50
                                                                  Function 06BBA0D9 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Te^q
                                                                  • API String ID: 0-671973202
                                                                  • Opcode ID: 9fa02c805dfc87f6eb63b578c74f0714840115ce1d059f4f2e0fad0326b44bf7
                                                                  • Instruction ID: 9cb830db378787ac48c8688d2edd3653ccfbf40100cd35875877e5439679cb72
                                                                  • Opcode Fuzzy Hash: 9fa02c805dfc87f6eb63b578c74f0714840115ce1d059f4f2e0fad0326b44bf7
                                                                  • Instruction Fuzzy Hash: B421E9B0D046588BDB48DFAAC9446EEBFF6EF89300F14902AD419AB355EB741909CB91
                                                                  Function 06BBA0E8 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Te^q
                                                                  • API String ID: 0-671973202
                                                                  • Opcode ID: 1d448c625a917c57ee42cdba4090f1da5380eddb357632de9515ab226e0f5c2a
                                                                  • Instruction ID: d18e0102e4ea9d2bb6a4f6d67bccb9e0b8da4978f6e072bb9a41ff2e6cd93287
                                                                  • Opcode Fuzzy Hash: 1d448c625a917c57ee42cdba4090f1da5380eddb357632de9515ab226e0f5c2a
                                                                  • Instruction Fuzzy Hash: 6F21B7B0E046588BDB48DFEAC9546EEFBF6FF89300F14902AD419AB358DB741905CB91
                                                                  Function 06BBA190 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Te^q
                                                                  • API String ID: 0-671973202
                                                                  • Opcode ID: a84c381681c68cacf1244721b04d633b7060d370ac01e57509c2d89afa027c08
                                                                  • Instruction ID: 3bc6ae7775d979577a4f6f39aad85ad4632cd9b474356afd85825120686b2ce0
                                                                  • Opcode Fuzzy Hash: a84c381681c68cacf1244721b04d633b7060d370ac01e57509c2d89afa027c08
                                                                  • Instruction Fuzzy Hash: CBF0E2B4E082588FDB84DFE8C5545EDBBB6FB5A300F10605A984AAF349D6705D09CB41
                                                                  Function 06BB0EA8 Relevance: .2, Instructions: 224COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 44754b81bed1e18a5a53b42306563f0d23e15f6c0053d062135525d67cc43933
                                                                  • Instruction ID: 3cfbc817e7d902e6d73a658110128316352f21731f42636082333f8a2ec2e80f
                                                                  • Opcode Fuzzy Hash: 44754b81bed1e18a5a53b42306563f0d23e15f6c0053d062135525d67cc43933
                                                                  • Instruction Fuzzy Hash: CFA1D375910619CFCB10EF68C850AD9FBB1FF49314F05C299E949BB215EB30AA99CF90
                                                                  Function 06BB652E Relevance: .2, Instructions: 178COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d6e0a0691b66c575ed9bb8a82927198e37632f7d3a81765e90451006e3b47733
                                                                  • Instruction ID: d795bc052d0afda3ce03e255daba393336db2c515e3a67543a42d3ca3f1280f8
                                                                  • Opcode Fuzzy Hash: d6e0a0691b66c575ed9bb8a82927198e37632f7d3a81765e90451006e3b47733
                                                                  • Instruction Fuzzy Hash: 3261E3B0E001189FE744CFA9D9807FEBBB2BF44700F1094A6E951A7389E7B49D51CB81
                                                                  Function 06BB0E9A Relevance: .2, Instructions: 165COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b32995c118569d6347831643e5a8c6e46afa502bc82bd21eac6975cca270f29b
                                                                  • Instruction ID: 429da760050dc4d30f96454be7acaeade879778004c1b5ab9cf691b2994e8a40
                                                                  • Opcode Fuzzy Hash: b32995c118569d6347831643e5a8c6e46afa502bc82bd21eac6975cca270f29b
                                                                  • Instruction Fuzzy Hash: 7471F875910619CFDB10DF68C850AE9BBB1FF49314F05C299D809BB315EB70AA89CF80
                                                                  Function 06BB5358 Relevance: .1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0faf13d44d3bde8fc2757d7d275417ecf3959fdc0bdaeb99a64ac3370d0314e7
                                                                  • Instruction ID: ed490a3137d3c58f1c31ccb3284641a19b07066469cca049a926d1c6ca9a6b8e
                                                                  • Opcode Fuzzy Hash: 0faf13d44d3bde8fc2757d7d275417ecf3959fdc0bdaeb99a64ac3370d0314e7
                                                                  • Instruction Fuzzy Hash: DC31F3B2D05755CFE7B49F68C8012FEB6B5EB40201F04A9A7E0A7D6341E3B89451CB93
                                                                  Function 06BB2EEE Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fc98c04c15c439e2b6d074a85981cba331e4a4b97eb63140ef9c44fd0bf56b5a
                                                                  • Instruction ID: b3f5d9a2a5978c60414cd5718300191ac76a8897aea06316d1db166ae42164a2
                                                                  • Opcode Fuzzy Hash: fc98c04c15c439e2b6d074a85981cba331e4a4b97eb63140ef9c44fd0bf56b5a
                                                                  • Instruction Fuzzy Hash: 91313871D093908FC7165B759C9817D7FF2EF4A20270984D7E582CB2AADB788C45C761
                                                                  Function 06BB5E60 Relevance: .1, Instructions: 93COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4d076f1fc066c4bf95aa52a0ed535fbdaf9958d93fb65c96766bb259d60127e1
                                                                  • Instruction ID: b3ae1558a9b796f0ed3f824a74db71d85b8427b2426e2286d1652e031a32177a
                                                                  • Opcode Fuzzy Hash: 4d076f1fc066c4bf95aa52a0ed535fbdaf9958d93fb65c96766bb259d60127e1
                                                                  • Instruction Fuzzy Hash: EF3147B29002489FCB54DFA9D884ADEBFF5EF48310F14846AE819A7350D775A950CFA1
                                                                  Function 06BB9860 Relevance: .1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 871352f8273ec46a1e8efb7d5849252a77ca4ae9004fc622aa9ba0d67bd07cdc
                                                                  • Instruction ID: 717fea89508b7c6128a01049dc7c307350a6e84451748164c32518af2e6fc43d
                                                                  • Opcode Fuzzy Hash: 871352f8273ec46a1e8efb7d5849252a77ca4ae9004fc622aa9ba0d67bd07cdc
                                                                  • Instruction Fuzzy Hash: F431F5B090A214CFDB50EF69D4847EDBBB6FB4A340F15A4D5D609A7202C7B09984CF55
                                                                  Function 06BB2F28 Relevance: .1, Instructions: 81COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c8cf3f2600cee518c1997c08a531fe9118c4e2bb921b5b7c35588131fa257d5
                                                                  • Instruction ID: f0d6c16c11eebda44b62960bf6aa0fc4fd5b4543e5317bc690ae109f98f4fe13
                                                                  • Opcode Fuzzy Hash: 6c8cf3f2600cee518c1997c08a531fe9118c4e2bb921b5b7c35588131fa257d5
                                                                  • Instruction Fuzzy Hash: 09219C71E04210CFC7146F7AE89857E7BE6FF8924270484A6E912CB399DB789C55CBA0
                                                                  Function 0085D4C4 Relevance: .1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744334229.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_85d000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 38513a384b7f1c7a1092e21ca9941d33a1377b6bd0603147b24e3bd65979d693
                                                                  • Instruction ID: 6092bf2355ceb025a1dd2d6542b901deb6f48b6b133c6a25e27dc9d7835e108d
                                                                  • Opcode Fuzzy Hash: 38513a384b7f1c7a1092e21ca9941d33a1377b6bd0603147b24e3bd65979d693
                                                                  • Instruction Fuzzy Hash: B7212271500344DFCB25DF14D9C0B2ABF65FB98319F20C5A9EC098B256D336D85ACAA2
                                                                  Function 0086D1D4 Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744364111.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_86d000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c308f4b1b8d18a0b93b24387e1d2f5b5f0a0a68d7c5c9ac94a93ccf7b65aced2
                                                                  • Instruction ID: 07e860a0a931c65f9e37f0241d8aa16c9c7db3c3cb6a0689dc755512873ef231
                                                                  • Opcode Fuzzy Hash: c308f4b1b8d18a0b93b24387e1d2f5b5f0a0a68d7c5c9ac94a93ccf7b65aced2
                                                                  • Instruction Fuzzy Hash: E121F571A04304DFDB05DF14D5D0B26BBA5FB84318F24C56DD9098B355C336E846CA61
                                                                  Function 0086D01C Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744364111.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_86d000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7ac24589dab9b11cd76499602b80b4aab9285c82264eae8dc2ee0706567e8aea
                                                                  • Instruction ID: 1b2a13a3f700ab0a114fe195afc360b0aa465e9fcf4a18522a0376f5526931fe
                                                                  • Opcode Fuzzy Hash: 7ac24589dab9b11cd76499602b80b4aab9285c82264eae8dc2ee0706567e8aea
                                                                  • Instruction Fuzzy Hash: 6D21F575A04744DFCB14DF14D584B26BB65FB84318F24C569D8098B256C33BD847CA62
                                                                  Function 06BB6B20 Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53d8d724602d54e7932d8e18ad129a0b13e8356f43392c85d3d5628d1220f61e
                                                                  • Instruction ID: 7ed3185d9e43747796ade35c11ce888ebd8e9aa5bcab5109e32c67a85f6d2cb0
                                                                  • Opcode Fuzzy Hash: 53d8d724602d54e7932d8e18ad129a0b13e8356f43392c85d3d5628d1220f61e
                                                                  • Instruction Fuzzy Hash: 7021B1726140198BEBA48E6DDC12BFAB7B5FB48310F0065A7B452C71A0F2B8CD519791
                                                                  Function 06BB77E8 Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2f3b1dbcd011a3b75de7c4a3c79d0d799f027eee32b8325f6028c32431afdf8f
                                                                  • Instruction ID: 44e51d6e0fbfedb796043149e42b2eaf922f5d32c44e1e5be13dbe0b90a53387
                                                                  • Opcode Fuzzy Hash: 2f3b1dbcd011a3b75de7c4a3c79d0d799f027eee32b8325f6028c32431afdf8f
                                                                  • Instruction Fuzzy Hash: C92105B0F402049FD7584A2A9C087BA3692EBC5B11F50A4B9E1029F391DEB1CC40CBD1
                                                                  Function 06BB77D8 Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 82e91c8999f4ed98616824facbf3287b250ed2fbb5e2d757957e3407f3f09b9a
                                                                  • Instruction ID: 02e96fa1c68fe4e0dd41111b02f3eb13237a1a1e8fa2aada0effa7132aba290f
                                                                  • Opcode Fuzzy Hash: 82e91c8999f4ed98616824facbf3287b250ed2fbb5e2d757957e3407f3f09b9a
                                                                  • Instruction Fuzzy Hash: E611D3B0F402009FE7544A169C05BF973A2EBC5B12F95A0F5E1066F290CEB5C841C7C1
                                                                  Function 06BB31AE Relevance: .1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 091baad1f0f03bb22d5909399e1ae2e97d27b1945932259ec08b0fea098eb7f9
                                                                  • Instruction ID: 0cff946de9a6f62c69fd45eb2d7dcbdf523b96a6565aff583d85ab56f6aa950b
                                                                  • Opcode Fuzzy Hash: 091baad1f0f03bb22d5909399e1ae2e97d27b1945932259ec08b0fea098eb7f9
                                                                  • Instruction Fuzzy Hash: 7521D2F2D05525CBEBA0CBAAC8002FEF3F4FF00705F08A556E15296290D3B4D551CB96
                                                                  Function 06BB3224 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bb478f8a699a57c0ed91600bd626aab9024ff281236ed70d88f28ec35001ea65
                                                                  • Instruction ID: 177e4bceab1c48ca96dcb2db7a9de062a8dbe15bb8757d3fafe97c893a9719c5
                                                                  • Opcode Fuzzy Hash: bb478f8a699a57c0ed91600bd626aab9024ff281236ed70d88f28ec35001ea65
                                                                  • Instruction Fuzzy Hash: 5221D2F1804525CBEBA0CBAAC9002FEF3F4FF00B05F08A696E55695290C3B8D551CB96
                                                                  Function 06BB20AC Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3e8b71a421fc2cc673d967486e0a3fae7c14284b58ba9ecc34d5ba6c8dd4a8e7
                                                                  • Instruction ID: f5a24dce5c16e32e3f49245bc5a64e4b309bf7cd1905cff3564af099e0a706c9
                                                                  • Opcode Fuzzy Hash: 3e8b71a421fc2cc673d967486e0a3fae7c14284b58ba9ecc34d5ba6c8dd4a8e7
                                                                  • Instruction Fuzzy Hash: 2B21F2B69002499FCB60CF9AD984ADEBFF4EB48310F108459E919A7251C375A954CFA1
                                                                  Function 0085D4BF Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744334229.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_85d000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                  • Instruction ID: 59d387b45d2e6dd009a24d0440a8ae53415bdf0d49e8df839ec36c1470b812eb
                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                  • Instruction Fuzzy Hash: 0111AF76504280CFCB16CF14D5C4B16BF72FB94318F24C6A9DC494B656C336D85ACBA1
                                                                  Function 06BBAFF0 Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bf9738e539b0bc3a1bb0f75c8b7ef6455f8bfd070690d21947a28080e765d21a
                                                                  • Instruction ID: 940190714657bc9e0fb07f3e06a7bbd349ff7f761533f614418c9ea322c03920
                                                                  • Opcode Fuzzy Hash: bf9738e539b0bc3a1bb0f75c8b7ef6455f8bfd070690d21947a28080e765d21a
                                                                  • Instruction Fuzzy Hash: 66112BB0D056588BEB18CF6BD8046DEFEF7AFC9300F14C4AAD409A6264DA740A468F90
                                                                  Function 0086D017 Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744364111.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_86d000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                  • Instruction ID: a06d5106fe836e7a02a9a57f24e364fd5c1bf2f361d96458a5cd7e03b3d16fdc
                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                  • Instruction Fuzzy Hash: D0118E75A04780DFDB15CF14D5C4B15BB62FB84314F24C6AAD8498B656C33AD84ACB62
                                                                  Function 0086D1CF Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744364111.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_86d000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                  • Instruction ID: 7949f247dc39ebdb4d1bf9f3229a1530ebe9a7e328a1bcfc627a06fc489f5c4c
                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                  • Instruction Fuzzy Hash: 12118E75A04340DFDB15CF14D5D4B15BB61FB84314F28C6A9D8498B756C33AE84ACB51
                                                                  Function 06BBB000 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7a16415b464ddee24ef6280a1f7e2507087b60481b621333d598389586615225
                                                                  • Instruction ID: f67416dbd8f53ea6949ba0cebe99a3edc47280248dcc66a37fe060c06b524dfa
                                                                  • Opcode Fuzzy Hash: 7a16415b464ddee24ef6280a1f7e2507087b60481b621333d598389586615225
                                                                  • Instruction Fuzzy Hash: 0F11A5B1D016188BEB58CF6BD9447EEFAF7AFC8310F14D4BA940966264DA740A468F90
                                                                  Function 0085D745 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744334229.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_85d000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1ee47bd6a63e7ab8764cac0a55fef7bd2ba3abf087165b71874112d77a4a5420
                                                                  • Instruction ID: b6de5b9cb39f43815badb5245759fc000bfcd51377c93cb38370108c521c8205
                                                                  • Opcode Fuzzy Hash: 1ee47bd6a63e7ab8764cac0a55fef7bd2ba3abf087165b71874112d77a4a5420
                                                                  • Instruction Fuzzy Hash: 2E012B310083449AE7308F25CDC4B67BF9CFF49325F18C52AED098E286D239D849C671
                                                                  Function 06BB75D0 Relevance: .0, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8d84ae7be17bf921d9e1e88b2facdc1a0af93269d1e14753fb80590ef7574a26
                                                                  • Instruction ID: b583e258ef58796c0e4383dba6a688fc4aa64ee2230dabf76a735f97ab0a760a
                                                                  • Opcode Fuzzy Hash: 8d84ae7be17bf921d9e1e88b2facdc1a0af93269d1e14753fb80590ef7574a26
                                                                  • Instruction Fuzzy Hash: D201D6B0E052559FC3405B2994182E53B95EF86345F5895FAD009CF142DE7BC887CB52
                                                                  Function 06BBB098 Relevance: .0, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3c75043924053b308453ab0206da801a157a94b61b2b095fcc9715dd0c6c399d
                                                                  • Instruction ID: 266ffe224bc0c733db259c0da7d03ee7127accce9aee8ef5efedb55eea008a8d
                                                                  • Opcode Fuzzy Hash: 3c75043924053b308453ab0206da801a157a94b61b2b095fcc9715dd0c6c399d
                                                                  • Instruction Fuzzy Hash: 5611C9B5D05609CBEB58CF57C8802EEFFF7AFC8204F14D066C409A6215DB7449428F91
                                                                  Function 06BB5E51 Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 07a026c4cef41d2fec9494e283c5af65144ea2f40d0dec7caf27500cbe927f82
                                                                  • Instruction ID: d5911cd008a3d7f98d9f574089a6bec73861d926db27794cb22a46c37ebcb909
                                                                  • Opcode Fuzzy Hash: 07a026c4cef41d2fec9494e283c5af65144ea2f40d0dec7caf27500cbe927f82
                                                                  • Instruction Fuzzy Hash: 90F028F35041146FDBA5CF74DC419FE7FA5DF45210B0590EAE444E7211D671DA05CBA0
                                                                  Function 06BBBE40 Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 25ceca1ba9a7e69cc9b6f60d47c1ccf44de533dfd323b3b4352a001c37d81093
                                                                  • Instruction ID: 765f84c5d381bfb5ce4d6efc8819dbcb71bf84b2e5b5ac3afda1e335a4e1086f
                                                                  • Opcode Fuzzy Hash: 25ceca1ba9a7e69cc9b6f60d47c1ccf44de533dfd323b3b4352a001c37d81093
                                                                  • Instruction Fuzzy Hash: 41F037B0A18208DFDB44CF5AC5409FDBBB9EB4A340F10B9E595095B231DBB09A44EB80
                                                                  Function 0085D744 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744334229.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_85d000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d3be1dc58c3237de932f7cf5d6837342d908d640b50b701bff67e73fbbf7430f
                                                                  • Instruction ID: 0ca6111127f21de4866f3152f6fa090a532fc750f9ca9e0b02aafb084c3f4725
                                                                  • Opcode Fuzzy Hash: d3be1dc58c3237de932f7cf5d6837342d908d640b50b701bff67e73fbbf7430f
                                                                  • Instruction Fuzzy Hash: C1F062714043449AE7208E16CCC8B62FFA8EB95735F18C45AED084A286C2799844CAB1
                                                                  Function 06BB9CFB Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e404f1cbe0a5482f5855e778951fd09d44251655a19dce6409f9271793fdb019
                                                                  • Instruction ID: 1e3a4a7865dc7f7f2bff9c22531dffc9649d1b49371f5672cb9df18bef306bf8
                                                                  • Opcode Fuzzy Hash: e404f1cbe0a5482f5855e778951fd09d44251655a19dce6409f9271793fdb019
                                                                  • Instruction Fuzzy Hash: 6F0136B0905224CFD764EF79D9C47EDBBB6EB46304F1064EAD60993205D7B45A85CF01
                                                                  Function 06BB74E9 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e94eef3b24cacde3b377b105d52c5f111eda052a5b7e45a8c48e1e5f01ef38bd
                                                                  • Instruction ID: 84079295b87c3857a9cca6e731afc4df43cf21431fffadcd6cb2175d4c8abfc5
                                                                  • Opcode Fuzzy Hash: e94eef3b24cacde3b377b105d52c5f111eda052a5b7e45a8c48e1e5f01ef38bd
                                                                  • Instruction Fuzzy Hash: 27F0F4B0D0020A9FDB94DFA9C851AEEBFF1EB48610F1089A9E515E7341DBB0C641CF90
                                                                  Function 06BB74F8 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 40a75c81912dfdcf4dc924ce5e85dbf357c91bfb0c1dd9cda4effefd5a892a21
                                                                  • Instruction ID: 0a8594c10dca077c4699902539cda923a076fca6aaafe694eced73fb42429265
                                                                  • Opcode Fuzzy Hash: 40a75c81912dfdcf4dc924ce5e85dbf357c91bfb0c1dd9cda4effefd5a892a21
                                                                  • Instruction Fuzzy Hash: 8BF0B7B0D0420A9FDB44DFA9C841ABEBBF4EB48600F1085A9D918E7341DB70D640CF94
                                                                  Function 06BBECE8 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 462dc4174ede63946c19cf9e92466b2d849cb53b0e303c3e9185874cd27f5b5d
                                                                  • Instruction ID: d38917e0b54e87a4ad5b4990d913732dddf760f116598e9bd67577c80ad155b5
                                                                  • Opcode Fuzzy Hash: 462dc4174ede63946c19cf9e92466b2d849cb53b0e303c3e9185874cd27f5b5d
                                                                  • Instruction Fuzzy Hash: 4CF01574E0020CABCB50EFA8D40469DBBB5EB88311F10C0AAE91893350DA349B50DF81
                                                                  Function 06BB748F Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dbc85df6ebe32a6fe394c8e03356c9e7cc24d45f942fc042f718ec73574cd656
                                                                  • Instruction ID: 2d66a5ce9e1fd662c959692cb4768eef5afa21fdf090f5af1762c9b363e0d4cf
                                                                  • Opcode Fuzzy Hash: dbc85df6ebe32a6fe394c8e03356c9e7cc24d45f942fc042f718ec73574cd656
                                                                  • Instruction Fuzzy Hash: 31E039B1D002059FDB90DF78C904AEEBFF1AB08210F5184A5C415F7311E7B04A068F90
                                                                  Function 06BB74A0 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ebdcf4cdb9da53d6a82dcb91f3009c7d0904af3a80709b8dd3595b815550ea7c
                                                                  • Instruction ID: 3bc10519ed9da9542a444af3e027f6c84e3aa78e9915a8ecacc3f4e63511c87d
                                                                  • Opcode Fuzzy Hash: ebdcf4cdb9da53d6a82dcb91f3009c7d0904af3a80709b8dd3595b815550ea7c
                                                                  • Instruction Fuzzy Hash: 65E09AB0D44209DFD780DF69C505A9EBFF1AB48200F1185A5D015E7221EBB49A058F91
                                                                  Function 06BBF6D0 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8ddb08a23736a40261abbe106ae84941ff1196e212df35512638487d3c70985e
                                                                  • Instruction ID: f76fd71ce563e8b8c3a3a36a76a90724cdd2630757c7a6e520af5742dbcdc703
                                                                  • Opcode Fuzzy Hash: 8ddb08a23736a40261abbe106ae84941ff1196e212df35512638487d3c70985e
                                                                  • Instruction Fuzzy Hash: 78E0EC7090520CDBCB54EBA8E5152ADBBB5EB48352F1041F9E90557390DA701F54DB92
                                                                  Function 06BB7598 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c9ef5d9a9aedde059c8a70d51f5cf27c41dd94224c3b9d6cec117adbce17d891
                                                                  • Instruction ID: 0b2232eb11aba26ca858c784bdc9ae09dc9a21fc482dadd67691df2db68be1b7
                                                                  • Opcode Fuzzy Hash: c9ef5d9a9aedde059c8a70d51f5cf27c41dd94224c3b9d6cec117adbce17d891
                                                                  • Instruction Fuzzy Hash: 2CD012372542085E8BC0EEA5EC40DA27BDCFB546007409472E504CB021EB61E534DB51
                                                                  Function 06BB5510 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 126bf6ecdb7a518c49eb989823f093b6948a05982ff92b545c87d292b843e2a9
                                                                  • Instruction ID: 558a9479b0e8420354ea2abe2ebaf1d8de98bcef875c09fb932289d2da464eee
                                                                  • Opcode Fuzzy Hash: 126bf6ecdb7a518c49eb989823f093b6948a05982ff92b545c87d292b843e2a9
                                                                  • Instruction Fuzzy Hash: FCC08C24B4020847C61427BAA68831A3ADAE785A22F104820E58ACB3CDED6AACA08351
                                                                  Function 06BB30E9 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e32011bebcb54c41b29a28c87e9cf0f38c75bdb20a7d68d663b6db21e56dfe83
                                                                  • Instruction ID: 869356099e62abcd3c7f2f1fa21ba29352acdefe4b3774311f66611062128f89
                                                                  • Opcode Fuzzy Hash: e32011bebcb54c41b29a28c87e9cf0f38c75bdb20a7d68d663b6db21e56dfe83
                                                                  • Instruction Fuzzy Hash: 7AC012A7C040509FEB028B008A443852B45AB94312F9A84A489444B651C52A1D138742
                                                                  Function 06BB4739 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 446996ee3fc6ae980daf4837c5446687df7b2ea01ddc0e6328880885a4754fb3
                                                                  • Instruction ID: a7c7a91f6a8a819eed54185a77bd408c2e1313039fa2d71066adf34161407d7b
                                                                  • Opcode Fuzzy Hash: 446996ee3fc6ae980daf4837c5446687df7b2ea01ddc0e6328880885a4754fb3
                                                                  • Instruction Fuzzy Hash: 51C08CABE441600FE30305280CD020B06826B8E200FCB00FA0409EF3CAF619CC0F52A2
                                                                  Function 06BB9718 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c26f790412bca579e426e25964329e3116126c7a345395e9b7fe02ad7fe24bb9
                                                                  • Instruction ID: 16289371cf96a1f7f47b925a6a2dcd910ed37675e0744ce51bf4d60e6c423cba
                                                                  • Opcode Fuzzy Hash: c26f790412bca579e426e25964329e3116126c7a345395e9b7fe02ad7fe24bb9
                                                                  • Instruction Fuzzy Hash: 9DC08CB100170C8BC2202BA8B50C3643ABAF70E622F0820A0F709025518FB40150CB11
                                                                  Function 06BB4B34 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c8d805c4491ced64c40929bf65786501be151efdd3c812e94ad4a598c9940fb7
                                                                  • Instruction ID: 460d8dc0d08bacc20b95fd7117c23c67b402ecdd03d2bbdba525c3fb1757994c
                                                                  • Opcode Fuzzy Hash: c8d805c4491ced64c40929bf65786501be151efdd3c812e94ad4a598c9940fb7
                                                                  • Instruction Fuzzy Hash: 6CB012B71D6105A596DC6B784ED0D7FF440FBB2700B40BC9573295009884E08474A66B
                                                                  Function 06BB4B23 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ed0711046e40e6a6fe26cdef5c91f3ad7720be2488fc3603f09fb32f0605cce4
                                                                  • Instruction ID: ba1561a6473a1e8cdbf37e07ad2cfaf286cf1e2626bbd287f4c5b06fd6ffa91e
                                                                  • Opcode Fuzzy Hash: ed0711046e40e6a6fe26cdef5c91f3ad7720be2488fc3603f09fb32f0605cce4
                                                                  • Instruction Fuzzy Hash: 71B0920100F3E01EC3036B3C1D344C67F240C1310030E00CBD0D08E0A3C0485A8CC3BA

                                                                  Non-executed Functions

                                                                  Function 0262A538 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID: 0-3916222277
                                                                  • Opcode ID: cf6d5b294c11d938e43a4e70fe82c9b968e378924134e7cc14fce49ec617b222
                                                                  • Instruction ID: 665e1f14599b0faadc19c71b740a157f18f80586e50073d4681e557d7a129aff
                                                                  • Opcode Fuzzy Hash: cf6d5b294c11d938e43a4e70fe82c9b968e378924134e7cc14fce49ec617b222
                                                                  • Instruction Fuzzy Hash: 1F51EF31F405158FCB14CBADD8845AEBBF2FBC8211B25857AD509DB359EB30EC5A8B90
                                                                  Function 06BBE478 Relevance: .3, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1748695e83a2ae05c667cc329444325c85fba336c2ca5c867a2cb51b4a0f5ffb
                                                                  • Instruction ID: 35927b5b62f9476759d390a5489e6b37a5e27de22423471895b36d3e3e6cddf6
                                                                  • Opcode Fuzzy Hash: 1748695e83a2ae05c667cc329444325c85fba336c2ca5c867a2cb51b4a0f5ffb
                                                                  • Instruction Fuzzy Hash: 1CE1FAB4E102198FCB14DFA9C5809AEFBB2FF88344F24D1A9D415AB356D770A942CF61
                                                                  Function 06BBE040 Relevance: .3, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 319927da6a51ed290609240362c0577d16eaf7d190b8030727460edb909da154
                                                                  • Instruction ID: 14136e027ba25955a9f1814f7228d06265bb4903fcfb8ff9bea5b148d64b119e
                                                                  • Opcode Fuzzy Hash: 319927da6a51ed290609240362c0577d16eaf7d190b8030727460edb909da154
                                                                  • Instruction Fuzzy Hash: 38E1FAB4E002198FCB14DFA9C5809AEBBB2FF49344F24D1A9E415AB355D770A942CF61
                                                                  Function 06BBE8B0 Relevance: .3, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d223e22b040000e6a529cc2ca24ff95bb70600a1730a482d1defa1b1a1894324
                                                                  • Instruction ID: e6989b97f8768ec2491c52f93ef189cf53b02058f449ed6c880ff046cd878784
                                                                  • Opcode Fuzzy Hash: d223e22b040000e6a529cc2ca24ff95bb70600a1730a482d1defa1b1a1894324
                                                                  • Instruction Fuzzy Hash: E7E1E8B4E002598FCB54DFA9C5809AEBBB2FF48344F24D1A9D415AB356D770A942CFA0
                                                                  Function 06FF0478 Relevance: .3, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e407087251487246c7df6d1ead681d81b1a5e9d6c7a785d3b0504e82abdad04a
                                                                  • Instruction ID: 4d22621dc42d730f1baa1240f13a2065eaecb481a3f8136dd3ad0dcd0e355562
                                                                  • Opcode Fuzzy Hash: e407087251487246c7df6d1ead681d81b1a5e9d6c7a785d3b0504e82abdad04a
                                                                  • Instruction Fuzzy Hash: 77E10B74E102598FCB14DFA9C5909AEFBB2BF89304F24C169E515A7356DB30AD41CFA0
                                                                  Function 06FF0040 Relevance: .3, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2def1270f03e31c7bfc9bf14290fc69d45c81ded6154d23510141a9bcd3f60f7
                                                                  • Instruction ID: 349383a021ebef8491f49783b6ab0d4d62f99b8a0750df4380c3028c5f5bdd42
                                                                  • Opcode Fuzzy Hash: 2def1270f03e31c7bfc9bf14290fc69d45c81ded6154d23510141a9bcd3f60f7
                                                                  • Instruction Fuzzy Hash: C6E12B74E102598FCB54DFA9C5909AEFBB2BF49304F24C269E515AB316DB30AD41CF60
                                                                  Function 0262D8F3 Relevance: .3, Instructions: 265COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 19139b68316d2f9a4b94bb3ea6b2a55cc726d2e60ad3d392f0497279c9c056a5
                                                                  • Instruction ID: 1e323c69c5d14d978be6af0f1ba3bfbb9cce616ef123bc390d38c0ec25545ddb
                                                                  • Opcode Fuzzy Hash: 19139b68316d2f9a4b94bb3ea6b2a55cc726d2e60ad3d392f0497279c9c056a5
                                                                  • Instruction Fuzzy Hash: BAD11731C1075A8ACB01EBA4D990A9DF771FF95304F20C79AD4097B255EFB0AAD8CB81
                                                                  Function 0262D8F8 Relevance: .3, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2d7a79fa8e094b25c25959662a2e7c12c4643340f4187390f2a0ec1ab320eef8
                                                                  • Instruction ID: 66a822affabc7612f12e40059d39e212c4d4c5c94a2d0dbb41c2fde3ab12cabd
                                                                  • Opcode Fuzzy Hash: 2d7a79fa8e094b25c25959662a2e7c12c4643340f4187390f2a0ec1ab320eef8
                                                                  • Instruction Fuzzy Hash: 60D11731C1075A8ACB01EBA4D990A9DF771FF95304F20C79AD4097B255EF70AAD8CB81
                                                                  Function 00A2E714 Relevance: .3, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1744581082.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a20000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fea2252efb221c414c5aec9027acdb5685ef77431b836b67e7169f097b70be6
                                                                  • Instruction ID: 97582931c377f08be72ab8ef352fd5445b80a02268e57660978dd0b9a0a0e1a6
                                                                  • Opcode Fuzzy Hash: 9fea2252efb221c414c5aec9027acdb5685ef77431b836b67e7169f097b70be6
                                                                  • Instruction Fuzzy Hash: CCA16E36E002258FCF09DFB9D98059EB7B2FF84304B15857AE805AB265DB71E955CB80
                                                                  Function 0262A210 Relevance: .2, Instructions: 235COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9f4de915ce3e959ea29eb7e23d9bdd6491f5a4623b61e9cb9e5188c1e3c23805
                                                                  • Instruction ID: 848e4945a27c77e59e2fb8e5806b064faae9579585c56eb46bed23bff556d891
                                                                  • Opcode Fuzzy Hash: 9f4de915ce3e959ea29eb7e23d9bdd6491f5a4623b61e9cb9e5188c1e3c23805
                                                                  • Instruction Fuzzy Hash: A4817C32F105258FD714DB69D884A5EB7E3AFC8714F1A8168E40AEB365DF75EC058B80
                                                                  Function 0262A2B1 Relevance: .2, Instructions: 188COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f2f91ac4eb6d040431788cfa970c6be58b1336f3166119fa35f3e53ad1df1a70
                                                                  • Instruction ID: 50e160addd67398c117c9181428ca2cdd1bce63c8dfb14bb7aff13f5a48b4e99
                                                                  • Opcode Fuzzy Hash: f2f91ac4eb6d040431788cfa970c6be58b1336f3166119fa35f3e53ad1df1a70
                                                                  • Instruction Fuzzy Hash: 52613B32F105258FD714DB69C884A5EB7E3AFC8714F1A8164E40AEB365DE74EC058B80
                                                                  Function 06FF0007 Relevance: .2, Instructions: 159COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4c36cd4756b6c446fd54ecc96f2d8defaecffcebf55e09b6a34e801d14756407
                                                                  • Instruction ID: c06e05a06e94f83a503026ab892e2a1355fe46bfbdd8daa083293ac1d68f241d
                                                                  • Opcode Fuzzy Hash: 4c36cd4756b6c446fd54ecc96f2d8defaecffcebf55e09b6a34e801d14756407
                                                                  • Instruction Fuzzy Hash: 37618C70E002598FCB15CF69C9905AEBBF2FF89304F24C1AAD408AB216DB349D41CF61
                                                                  Function 06FF0468 Relevance: .1, Instructions: 136COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748619529.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d0961aa18bbf7dbb898709cc2fa7c78335262140ab618afe33676dc18d80d1f3
                                                                  • Instruction ID: b1866dfdfbe762aef0a586c6928c334c106d75c71da88598f38aa233a7a32e09
                                                                  • Opcode Fuzzy Hash: d0961aa18bbf7dbb898709cc2fa7c78335262140ab618afe33676dc18d80d1f3
                                                                  • Instruction Fuzzy Hash: 0A511CB4E102198FDB14CFA9C9905AEFBF2BF89304F24C169D418A7356DB319941CFA1
                                                                  Function 02624437 Relevance: .1, Instructions: 105COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1745334249.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2620000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2fd0e2ab1cbccb3c058e93e3636a302992901687526adba2057169f5ea9cdc7f
                                                                  • Instruction ID: 9ab37aada91c66465d3fe70fa323ad7b347802dadb5f1cb0e4d3a815247d9992
                                                                  • Opcode Fuzzy Hash: 2fd0e2ab1cbccb3c058e93e3636a302992901687526adba2057169f5ea9cdc7f
                                                                  • Instruction Fuzzy Hash: 6631FB03CA0D2A87DB8054D258A12C62382D77B13CF2AA764D62C377E2F99D8D87C685
                                                                  Function 06BB4CE0 Relevance: 6.5, Strings: 5, Instructions: 269COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1748200692.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6bb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LR^q$LR^q$$^q$$^q$$^q
                                                                  • API String ID: 0-1346149845
                                                                  • Opcode ID: 82c9ecfb056de5777ffecd9b2c5bb7b47bee4b2d35da6a2c3f63e4e584919f92
                                                                  • Instruction ID: ac0f8fb05a35d9361616b91a54974486f681efa259a9e20185b6e14ed8e7f502
                                                                  • Opcode Fuzzy Hash: 82c9ecfb056de5777ffecd9b2c5bb7b47bee4b2d35da6a2c3f63e4e584919f92
                                                                  • Instruction Fuzzy Hash: 85B129B1E00128CFDB58CF98D580AFDB7F2FB48300F299596E906AB255D7749C81CB92

                                                                  Execution Graph

                                                                  Execution Coverage:0.8%
                                                                  Dynamic/Decrypted Code Coverage:6.8%
                                                                  Signature Coverage:10.7%
                                                                  Total number of Nodes:103
                                                                  Total number of Limit Nodes:8
                                                                  execution_graph 92111 4253a3 92116 4253bc 92111->92116 92112 425449 92113 425404 92119 42ed53 92113->92119 92116->92112 92116->92113 92117 425444 92116->92117 92118 42ed53 RtlFreeHeap 92117->92118 92118->92112 92122 42d023 92119->92122 92121 425414 92123 42d040 92122->92123 92124 42d051 RtlFreeHeap 92123->92124 92124->92121 92125 42ff23 92126 42fe93 92125->92126 92128 42fef0 92126->92128 92131 42ee33 92126->92131 92129 42fecd 92130 42ed53 RtlFreeHeap 92129->92130 92130->92128 92134 42cfd3 92131->92134 92133 42ee4e 92133->92129 92135 42cfed 92134->92135 92136 42cffe RtlAllocateHeap 92135->92136 92136->92133 92204 42c2d3 92205 42c2ed 92204->92205 92208 1022df0 LdrInitializeThunk 92205->92208 92206 42c315 92208->92206 92209 42fdf3 92210 42fe03 92209->92210 92211 42fe09 92209->92211 92212 42ee33 RtlAllocateHeap 92211->92212 92213 42fe2f 92212->92213 92214 425013 92215 42502f 92214->92215 92216 425057 92215->92216 92217 42506b 92215->92217 92218 42ccc3 NtClose 92216->92218 92219 42ccc3 NtClose 92217->92219 92220 425060 92218->92220 92221 425074 92219->92221 92224 42ee73 RtlAllocateHeap 92221->92224 92223 42507f 92224->92223 92137 1022b60 LdrInitializeThunk 92225 414373 92226 414393 92225->92226 92228 4143fc 92226->92228 92230 41bad3 RtlFreeHeap LdrInitializeThunk 92226->92230 92229 4143f2 92230->92229 92231 414193 92234 42cf33 92231->92234 92235 42cf4d 92234->92235 92238 1022c70 LdrInitializeThunk 92235->92238 92236 4141b5 92238->92236 92239 417eb3 92240 417ed7 92239->92240 92241 417f13 LdrLoadDll 92240->92241 92242 417ede 92240->92242 92241->92242 92138 401d0d 92139 401d17 92138->92139 92142 4302c3 92139->92142 92145 42e903 92142->92145 92146 42e929 92145->92146 92155 407703 92146->92155 92148 42e93f 92149 401e16 92148->92149 92158 41b7c3 92148->92158 92151 42e95e 92152 42e973 92151->92152 92153 42d073 ExitProcess 92151->92153 92169 42d073 92152->92169 92153->92152 92172 416b73 92155->92172 92157 407710 92157->92148 92159 41b7ef 92158->92159 92190 41b6b3 92159->92190 92162 41b81c 92167 41b827 92162->92167 92196 42ccc3 92162->92196 92164 41b834 92165 42ccc3 NtClose 92164->92165 92166 41b850 92164->92166 92168 41b846 92165->92168 92166->92151 92167->92151 92168->92151 92170 42d090 92169->92170 92171 42d0a1 ExitProcess 92170->92171 92171->92149 92173 416b8d 92172->92173 92175 416ba6 92173->92175 92176 42d6f3 92173->92176 92175->92157 92178 42d70d 92176->92178 92177 42d73c 92177->92175 92178->92177 92183 42c323 92178->92183 92181 42ed53 RtlFreeHeap 92182 42d7b5 92181->92182 92182->92175 92184 42c340 92183->92184 92187 1022c0a 92184->92187 92185 42c36c 92185->92181 92188 1022c11 92187->92188 92189 1022c1f LdrInitializeThunk 92187->92189 92188->92185 92189->92185 92191 41b7a9 92190->92191 92192 41b6cd 92190->92192 92191->92162 92191->92164 92199 42c3c3 92192->92199 92195 42ccc3 NtClose 92195->92191 92197 42ccdd 92196->92197 92198 42ccee NtClose 92197->92198 92198->92167 92200 42c3dd 92199->92200 92203 10235c0 LdrInitializeThunk 92200->92203 92201 41b79d 92201->92195 92203->92201

                                                                  Executed Functions

                                                                  Function 00417EB3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 96 417eb3-417ecf 97 417ed7-417edc 96->97 98 417ed2 call 42f933 96->98 99 417ee2-417ef0 call 42ff33 97->99 100 417ede-417ee1 97->100 98->97 103 417f00-417f11 call 42e3d3 99->103 104 417ef2-417efd call 4301d3 99->104 109 417f13-417f27 LdrLoadDll 103->109 110 417f2a-417f2d 103->110 104->103 109->110
                                                                  APIs
                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417F25
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_3FG4bsfkEwmxFYY.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Load
                                                                  • String ID:
                                                                  • API String ID: 2234796835-0
                                                                  • Opcode ID: 54fb147e668d09699b38c2b31a46252e66a45ffa0a78401e78df278bd00db131
                                                                  • Instruction ID: 74b1a67ad7a1e6c5496c2b823323dd79b328b320fcbdb6ab911308b9a49c7e9b
                                                                  • Opcode Fuzzy Hash: 54fb147e668d09699b38c2b31a46252e66a45ffa0a78401e78df278bd00db131
                                                                  • Instruction Fuzzy Hash: 65011EB5E4020DABDF10DAA5DC42FDEB3B8AB54308F0041AAED0897241F675EB598B95
                                                                  Function 0042CCC3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 121 42ccc3-42ccfc call 404b43 call 42ded3 NtClose
                                                                  APIs
                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCF7
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_3FG4bsfkEwmxFYY.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID:
                                                                  • API String ID: 3535843008-0
                                                                  • Opcode ID: 6ccdd4b3c537907601f230bce43c5b9176195eb5b89fb8544d878d0038bffd2d
                                                                  • Instruction ID: 7dd1565d8f3dbc3bc04d904a055674cb4cb7d7fe92152ebc39fafefd714ea547
                                                                  • Opcode Fuzzy Hash: 6ccdd4b3c537907601f230bce43c5b9176195eb5b89fb8544d878d0038bffd2d
                                                                  • Instruction Fuzzy Hash: A8E04F316006147BE610AA6ADC41FD7776CDFC5714F408419FA08A7181C670B91187F4
                                                                  Function 01022B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 135 1022b60-1022b6c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 1f62efa9b9cbba44a136b5f50d7abc1a85674faafdddbf3a2ffbac3301378560
                                                                  • Instruction ID: cc88e656ca63e523141e2f60e75dc7170723d5a865119ed48ccdf773464f49a8
                                                                  • Opcode Fuzzy Hash: 1f62efa9b9cbba44a136b5f50d7abc1a85674faafdddbf3a2ffbac3301378560
                                                                  • Instruction Fuzzy Hash: 8590026120280003510571588414616401E97E0201B55C162F1418590DC52589927225
                                                                  Function 01022DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 137 1022df0-1022dfc LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: c86dee6c68fbfd4b228d4842a968a70d7380e559e2074e6bd2ac922e68a3cbc4
                                                                  • Instruction ID: f4bf65beb5276a6559fbbdc01e3a5af35e5b4ea5709409326936319f78686d7d
                                                                  • Opcode Fuzzy Hash: c86dee6c68fbfd4b228d4842a968a70d7380e559e2074e6bd2ac922e68a3cbc4
                                                                  • Instruction Fuzzy Hash: 8790023120180413E11171588504707001D97D0241F95C553B0828558DD6568A53B221
                                                                  Function 01022C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 136 1022c70-1022c7c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: f0c28cf5c6928d7e84b8cf99175084e18d1bfdae93897beb3b7b242470beb994
                                                                  • Instruction ID: 72ff88da6cb9ee299355fdf36825d6d36ebbdbeaad8fd9c7f72827049d479778
                                                                  • Opcode Fuzzy Hash: f0c28cf5c6928d7e84b8cf99175084e18d1bfdae93897beb3b7b242470beb994
                                                                  • Instruction Fuzzy Hash: 8090023120188802E1107158C40474A001997D0301F59C552B4828658DC69589927221
                                                                  Function 010235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 138 10235c0-10235cc LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: f6bc83b15daa1cb5b364796d2984b76606856db6a772b2a2ec2520a9bbf17010
                                                                  • Instruction ID: 31423587124eaa862d86048d560ddacb62efffba1a6d8b3b27adb251a9e3b184
                                                                  • Opcode Fuzzy Hash: f6bc83b15daa1cb5b364796d2984b76606856db6a772b2a2ec2520a9bbf17010
                                                                  • Instruction Fuzzy Hash: 1990023160590402E10071588514706101997D0201F65C552B0828568DC7958A5276A2
                                                                  Function 0042D023 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 116 42d023-42d067 call 404b43 call 42ded3 RtlFreeHeap
                                                                  APIs
                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,4E8B0446,00000007,00000000,00000004,00000000,00417735,000000F4), ref: 0042D062
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_3FG4bsfkEwmxFYY.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FreeHeap
                                                                  • String ID:
                                                                  • API String ID: 3298025750-0
                                                                  • Opcode ID: e3bcd0732160e3b6f71be127c7a65e4ca80d18ba13c7f5289b9116d8d7022430
                                                                  • Instruction ID: b1f67ff1680508f6b48a13b8e8d45400879f8c202f5ac700e6df5a6440d7a715
                                                                  • Opcode Fuzzy Hash: e3bcd0732160e3b6f71be127c7a65e4ca80d18ba13c7f5289b9116d8d7022430
                                                                  • Instruction Fuzzy Hash: B9E06D72604204BBD610EE59EC41F9B77ACDFC5714F004419FA08AB242D770B91086B8
                                                                  Function 0042CFD3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 111 42cfd3-42d014 call 404b43 call 42ded3 RtlAllocateHeap
                                                                  APIs
                                                                  • RtlAllocateHeap.NTDLL(?,0041EC5B,?,?,00000000,?,0041EC5B,?,?,?), ref: 0042D00F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_3FG4bsfkEwmxFYY.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocateHeap
                                                                  • String ID:
                                                                  • API String ID: 1279760036-0
                                                                  • Opcode ID: 73b2d8e897333f4cbf0dabf0c85a12c2b34041909e0ddd2ad4c4f879b0146da9
                                                                  • Instruction ID: 7b03c5464cd71f7b56b57a232ca469f330cc0886600393034a38dfef118b4b2f
                                                                  • Opcode Fuzzy Hash: 73b2d8e897333f4cbf0dabf0c85a12c2b34041909e0ddd2ad4c4f879b0146da9
                                                                  • Instruction Fuzzy Hash: 9AE09AB6700208BBD610EE59EC41F9B77ACEFC9710F004419FE09AB242D670B9108BB8
                                                                  Function 0042D073 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 126 42d073-42d0af call 404b43 call 42ded3 ExitProcess
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2217616063.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_3FG4bsfkEwmxFYY.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExitProcess
                                                                  • String ID:
                                                                  • API String ID: 621844428-0
                                                                  • Opcode ID: 815f97d0ad3e5c06b9465586eede46200b738d80c520c3a1271a43bb1a3d3db6
                                                                  • Instruction ID: 46dd625dd64cb4bfb7d8af5c768814de95ff13fe0ff90786c18fe221300a3b06
                                                                  • Opcode Fuzzy Hash: 815f97d0ad3e5c06b9465586eede46200b738d80c520c3a1271a43bb1a3d3db6
                                                                  • Instruction Fuzzy Hash: 07E04F322002147BD510AA5ADC41FDBB7ACDBC5710F014419FA08A7182DAB0BA0187E4
                                                                  Function 01022C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 131 1022c0a-1022c0f 132 1022c11-1022c18 131->132 133 1022c1f-1022c26 LdrInitializeThunk 131->133
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: e76998d2c3a54d18d7dd151c7c0ef64fe9101d9bf36dbf610f5304d6736eccd8
                                                                  • Instruction ID: 57cc7a6a383508bd5361aa5cf3e49bde2ff89d04a1ccd148db5bde39707e9594
                                                                  • Opcode Fuzzy Hash: e76998d2c3a54d18d7dd151c7c0ef64fe9101d9bf36dbf610f5304d6736eccd8
                                                                  • Instruction Fuzzy Hash: 97B09B719019D5C5EA51E7A44608717795477D0701F25C1A2E2474741F4738C1D1F275

                                                                  Non-executed Functions

                                                                  Function 01098D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 01098E02
                                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01098DB5
                                                                  • The resource is owned exclusively by thread %p, xrefs: 01098E24
                                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01098F2D
                                                                  • an invalid address, %p, xrefs: 01098F7F
                                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 01098F3F
                                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01098DD3
                                                                  • *** enter .cxr %p for the context, xrefs: 01098FBD
                                                                  • *** enter .exr %p for the exception record, xrefs: 01098FA1
                                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01098DA3
                                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01098F34
                                                                  • *** Inpage error in %ws:%s, xrefs: 01098EC8
                                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01098E86
                                                                  • write to, xrefs: 01098F56
                                                                  • The resource is owned shared by %d threads, xrefs: 01098E2E
                                                                  • <unknown>, xrefs: 01098D2E, 01098D81, 01098E00, 01098E49, 01098EC7, 01098F3E
                                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01098D8C
                                                                  • *** then kb to get the faulting stack, xrefs: 01098FCC
                                                                  • Go determine why that thread has not released the critical section., xrefs: 01098E75
                                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01098E3F
                                                                  • read from, xrefs: 01098F5D, 01098F62
                                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01098DC4
                                                                  • The instruction at %p referenced memory at %p., xrefs: 01098EE2
                                                                  • The critical section is owned by thread %p., xrefs: 01098E69
                                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01098E4B
                                                                  • The instruction at %p tried to %s , xrefs: 01098F66
                                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01098FEF
                                                                  • This failed because of error %Ix., xrefs: 01098EF6
                                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01098F26
                                                                  • a NULL pointer, xrefs: 01098F90
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                  • API String ID: 0-108210295
                                                                  • Opcode ID: 4dab6c0105bfdb4a9f4ac4aeb7d8707bae37fcf5260e89399e2ace9b6c6ab609
                                                                  • Instruction ID: 6b1c50ab923390e69016edae9c57d1173c1179b38e48d943d63464b4d892e791
                                                                  • Opcode Fuzzy Hash: 4dab6c0105bfdb4a9f4ac4aeb7d8707bae37fcf5260e89399e2ace9b6c6ab609
                                                                  • Instruction Fuzzy Hash: 15812775A0020ABFDF159B199C65EAB3B7ADF57B10F044096F2446F352E3B1C501EA63
                                                                  Function 01062349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-2160512332
                                                                  • Opcode ID: 5f5c483f6c00a090bca197aa95942072b9ee6e3e30d1558a66b0ec4c446894a8
                                                                  • Instruction ID: 8c2cb9fba5bb607a014e74ec76680e4ed97a67c43924d93b90a5127ff3917e56
                                                                  • Opcode Fuzzy Hash: 5f5c483f6c00a090bca197aa95942072b9ee6e3e30d1558a66b0ec4c446894a8
                                                                  • Instruction Fuzzy Hash: 73927C71608342AFE721DF28C881B6BB7E8BB84754F04492DFAD5DB291D774E844CB92
                                                                  Function 01018620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • Invalid debug info address of this critical section, xrefs: 010554B6
                                                                  • Critical section address., xrefs: 01055502
                                                                  • double initialized or corrupted critical section, xrefs: 01055508
                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01055543
                                                                  • Critical section address, xrefs: 01055425, 010554BC, 01055534
                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0105540A, 01055496, 01055519
                                                                  • 8, xrefs: 010552E3
                                                                  • Critical section debug info address, xrefs: 0105541F, 0105552E
                                                                  • undeleted critical section in freed memory, xrefs: 0105542B
                                                                  • Address of the debug info found in the active list., xrefs: 010554AE, 010554FA
                                                                  • corrupted critical section, xrefs: 010554C2
                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010554E2
                                                                  • Thread identifier, xrefs: 0105553A
                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010554CE
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                  • API String ID: 0-2368682639
                                                                  • Opcode ID: 2cc3e5bf3398ae7d35319febcab31d3fe74a8975e2e78d7d0afb035046ecc764
                                                                  • Instruction ID: f105025483283ac36d2915941a17b7f0037e0e11f0be20922277f10c135d2ab2
                                                                  • Opcode Fuzzy Hash: 2cc3e5bf3398ae7d35319febcab31d3fe74a8975e2e78d7d0afb035046ecc764
                                                                  • Instruction Fuzzy Hash: 7F81ABB0A00359AFDB60CF98CD42FAEBBF5BB08B14F14815AF944B7281D779A941CB50
                                                                  Function 010129F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01052409
                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01052412
                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01052602
                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010525EB
                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01052498
                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01052624
                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010522E4
                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 0105261F
                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010524C0
                                                                  • @, xrefs: 0105259B
                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01052506
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                  • API String ID: 0-4009184096
                                                                  • Opcode ID: d68e52141bf9387ee34cc96c279dda0a295dfc0c2df5b4e2bb258e8e0da56f05
                                                                  • Instruction ID: 7264fb8cae4ca109b5091e8097760edc04364c8fd278810e7172cbef367d0551
                                                                  • Opcode Fuzzy Hash: d68e52141bf9387ee34cc96c279dda0a295dfc0c2df5b4e2bb258e8e0da56f05
                                                                  • Instruction Fuzzy Hash: D80260B1D002299BDB61DB54CD80BEEB7B8AF54304F1041EAEB89A7241DB749F84CF59
                                                                  Function 01088B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                  • API String ID: 0-2515994595
                                                                  • Opcode ID: 064db5b40d4c82a5fa2434676b6cf58ab72ae510f3be12e280fe3dd4aceca753
                                                                  • Instruction ID: 959f9927b6cd0c36197764a791b63293140405fb27f5998d0c4ef2a5bc45d226
                                                                  • Opcode Fuzzy Hash: 064db5b40d4c82a5fa2434676b6cf58ab72ae510f3be12e280fe3dd4aceca753
                                                                  • Instruction Fuzzy Hash: 8351CE715083559BC325EF198848BABBBE8BF94350F54891EE9D8C3285E770D604CB92
                                                                  Function 01090274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                  • API String ID: 0-1700792311
                                                                  • Opcode ID: 708f1ccbee8de4aad9b85b0beb17dd9f59e252fd254a6384db67410a0876150b
                                                                  • Instruction ID: af1a6087ab806920d3c7f514bc8be75f52022f8e08feb3aac4779c46f752e452
                                                                  • Opcode Fuzzy Hash: 708f1ccbee8de4aad9b85b0beb17dd9f59e252fd254a6384db67410a0876150b
                                                                  • Instruction Fuzzy Hash: 23D1FE31500681DFDF22DF68C461AAEBBF6FF49710F09808AF9859B656C739D980EB11
                                                                  Function 010689B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • HandleTraces, xrefs: 01068C8F
                                                                  • AVRF: -*- final list of providers -*- , xrefs: 01068B8F
                                                                  • VerifierDlls, xrefs: 01068CBD
                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01068A67
                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01068A3D
                                                                  • VerifierDebug, xrefs: 01068CA5
                                                                  • VerifierFlags, xrefs: 01068C50
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                  • API String ID: 0-3223716464
                                                                  • Opcode ID: 8a5c0213a75f327f7259f4248556d2a2e8a84fb4511a7ba5ca3a75df08096500
                                                                  • Instruction ID: dcbfc3718875175d0e1b7174ca89cca4d8ea71b52d5f4558d9d9b9b89e6a1285
                                                                  • Opcode Fuzzy Hash: 8a5c0213a75f327f7259f4248556d2a2e8a84fb4511a7ba5ca3a75df08096500
                                                                  • Instruction Fuzzy Hash: 30912572601316AFD721EF68CC81B6A77ECAB55714F04845AFEC06B285C739EC04CBA2
                                                                  Function 00FEEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                  • API String ID: 0-1109411897
                                                                  • Opcode ID: 1c79444e9e896a3aa9d541dc7444d7dc300823d0eb61404293d9e377db793048
                                                                  • Instruction ID: 8516100dc067a4bfd4941f2ccac110b8127587fc582241de76d06aa2f4d67112
                                                                  • Opcode Fuzzy Hash: 1c79444e9e896a3aa9d541dc7444d7dc300823d0eb61404293d9e377db793048
                                                                  • Instruction Fuzzy Hash: 54A259B1E0566A8FDB64DF19CC887ADB7B1AF85310F2442E9D84DA7290DB349E85DF00
                                                                  Function 010163FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-792281065
                                                                  • Opcode ID: 4a581572086fab8f309449fc2353bd6382cbfb1ec0cbaf752557ea42b2dd901e
                                                                  • Instruction ID: ee76a8fcc6e160ec284dfcb1790d70a631fc863be91c3959828b7027a2869e7e
                                                                  • Opcode Fuzzy Hash: 4a581572086fab8f309449fc2353bd6382cbfb1ec0cbaf752557ea42b2dd901e
                                                                  • Instruction Fuzzy Hash: B1912571A413259BEBB5DF58DC45BEE7BB1BF40B14F000168EDC0AB285EBBA9841C791
                                                                  Function 00FD645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • LdrpInitShimEngine, xrefs: 010399F4, 01039A07, 01039A30
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01039A11, 01039A3A
                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 010399ED
                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01039A01
                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01039A2A
                                                                  • apphelp.dll, xrefs: 00FD6496
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-204845295
                                                                  • Opcode ID: 61f0a486a184794d92ba600d81e9d5461a1324ab789d7b1e5adeb5c498a0b54d
                                                                  • Instruction ID: 6bb139f8f7bc58bafebc85dec0dd6179c66836886f8c757ef6e4155ac7ed3efd
                                                                  • Opcode Fuzzy Hash: 61f0a486a184794d92ba600d81e9d5461a1324ab789d7b1e5adeb5c498a0b54d
                                                                  • Instruction Fuzzy Hash: 7051D0712087049FD720DF24D842BAB77E9FB84748F04091EF9C59B2A1DB75E904EB92
                                                                  Function 01012674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0105219F
                                                                  • SXS: %s() passed the empty activation context, xrefs: 01052165
                                                                  • RtlGetAssemblyStorageRoot, xrefs: 01052160, 0105219A, 010521BA
                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01052180
                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010521BF
                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01052178
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                  • API String ID: 0-861424205
                                                                  • Opcode ID: d966f8dbda51eb3b7b8b97171c59f06b9aafabb187aea37f407f515941a6831e
                                                                  • Instruction ID: e5059b6af99775cc4387d034facc4672cf34f4de0458e23c91a7f5c041a99577
                                                                  • Opcode Fuzzy Hash: d966f8dbda51eb3b7b8b97171c59f06b9aafabb187aea37f407f515941a6831e
                                                                  • Instruction Fuzzy Hash: 0831F836F40316B7E7219A9A9C45F9F7BB8EF64B50F150059BB44BB184D270DE00DBA1
                                                                  Function 0101C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • LdrpInitializeProcess, xrefs: 0101C6C4
                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01058181, 010581F5
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0101C6C3
                                                                  • LdrpInitializeImportRedirection, xrefs: 01058177, 010581EB
                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 010581E5
                                                                  • Loading import redirection DLL: '%wZ', xrefs: 01058170
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                  • API String ID: 0-475462383
                                                                  • Opcode ID: b8fbd9167f5ea7d63c900b6811f932943d09866bfe2f6d1e0dd7d20e4d3b17ae
                                                                  • Instruction ID: 859cccd048c20d9ceb0b1b84cc651c066835c557778f60b7fd683d85d86ff64e
                                                                  • Opcode Fuzzy Hash: b8fbd9167f5ea7d63c900b6811f932943d09866bfe2f6d1e0dd7d20e4d3b17ae
                                                                  • Instruction Fuzzy Hash: E131F1B17443069BD320EB68D946E6B7BE4AF94B10F044958FDC5AB2D1E624ED04CBA2
                                                                  Function 0102096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 01022DF0: LdrInitializeThunk.NTDLL ref: 01022DFA
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01020BA3
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01020BB6
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01020D60
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01020D74
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 1404860816-0
                                                                  • Opcode ID: 64ba11d630762fabcff5df1cd761153bfb47917bd0ae804dac4022c4c371212a
                                                                  • Instruction ID: fb67573b6f1493f58407f54f306906f12a373c446aaa005109ddd5d525cd67ac
                                                                  • Opcode Fuzzy Hash: 64ba11d630762fabcff5df1cd761153bfb47917bd0ae804dac4022c4c371212a
                                                                  • Instruction Fuzzy Hash: B8426B75900715DFDB61CF68C880BAAB7F5FF04314F1485AAE989EB245E770AA84CF60
                                                                  Function 00FEA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                  • API String ID: 0-379654539
                                                                  • Opcode ID: f87f527403b4519afa335b1dc4bcd5b172cf8562ae8d6e922e3340e64b7e7d76
                                                                  • Instruction ID: eb7026cf2f53ceec7f22b9193aecc8692f6cc8ca6c726475333ec73e9e5f31bb
                                                                  • Opcode Fuzzy Hash: f87f527403b4519afa335b1dc4bcd5b172cf8562ae8d6e922e3340e64b7e7d76
                                                                  • Instruction Fuzzy Hash: 44C1BE71608386CFC711DF5AC480B6AB7E4FF84704F04886AF8958B2A1E774EA45EB57
                                                                  Function 01018402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • LdrpInitializeProcess, xrefs: 01018422
                                                                  • @, xrefs: 01018591
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01018421
                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0101855E
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-1918872054
                                                                  • Opcode ID: 41adf30e3724699fdc72123756fa011d21c5f84c96916614af16823d074cf8b7
                                                                  • Instruction ID: 1887b66de69891b20e704a08b47708c240e4bfa6c334db6a365b44386b97268c
                                                                  • Opcode Fuzzy Hash: 41adf30e3724699fdc72123756fa011d21c5f84c96916614af16823d074cf8b7
                                                                  • Instruction Fuzzy Hash: FD91B971548345AFD722DF65CC40EABBAECFF88784F40492EFAC492155E738DA049B62
                                                                  Function 0101273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • SXS: %s() passed the empty activation context, xrefs: 010521DE
                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010522B6
                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010521D9, 010522B1
                                                                  • .Local, xrefs: 010128D8
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                  • API String ID: 0-1239276146
                                                                  • Opcode ID: 871e8e324c0b2a3aae34b97cc4c192816be9ce98f8063b828a6fdcb7217b14ca
                                                                  • Instruction ID: f2554680526414a51f3fbf7dabd1852f47efa6a3857914ae23a6044974ef9094
                                                                  • Opcode Fuzzy Hash: 871e8e324c0b2a3aae34b97cc4c192816be9ce98f8063b828a6fdcb7217b14ca
                                                                  • Instruction Fuzzy Hash: 8AA1E13590022ADFDB64CF68DC84BAAB7B1BF58354F2541E9D988A7255D7349EC0CF80
                                                                  Function 01014AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RtlDeactivateActivationContext, xrefs: 01053425, 01053432, 01053451
                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0105342A
                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01053437
                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01053456
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                  • API String ID: 0-1245972979
                                                                  • Opcode ID: 3c9c145fc5c86bf1fda487ce92ef61269225e5f149dab81b02ce22ea743ee635
                                                                  • Instruction ID: b7366ce1998b7c35db3708812effb88e91a29754599bd23267280e04e3d99728
                                                                  • Opcode Fuzzy Hash: 3c9c145fc5c86bf1fda487ce92ef61269225e5f149dab81b02ce22ea743ee635
                                                                  • Instruction Fuzzy Hash: D5611532600B129BD7A28F1CC882B2BBBE4BF80B50F158599E8D5DF251CB74F841CB91
                                                                  Function 00FE64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0104106B
                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01040FE5
                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01041028
                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 010410AE
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                  • API String ID: 0-1468400865
                                                                  • Opcode ID: 0ffee3ba6b483a5744e3660707aa705bc83d1c9563db366991762c8c63213ee0
                                                                  • Instruction ID: fca1bbd119960d23f8fe2dc45face9d89222a3f0a89ceae7f0dc7b9fb795cf78
                                                                  • Opcode Fuzzy Hash: 0ffee3ba6b483a5744e3660707aa705bc83d1c9563db366991762c8c63213ee0
                                                                  • Instruction Fuzzy Hash: 2D71F4B1A043599FCB20DF15C884F977FA8AFA47A4F140469F9888B286D734D588DFD2
                                                                  Function 01014D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • LdrpFindDllActivationContext, xrefs: 01053636, 01053662
                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 01053640, 0105366C
                                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 0105365C
                                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0105362F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                  • API String ID: 0-3779518884
                                                                  • Opcode ID: 9f69763ff4e836dd50fb2c9a2c50329b4572595edecbdfc0e7ff20c6ba3de9ca
                                                                  • Instruction ID: 55cb5e6b8b93d2967e9201e00e74a64aa145289c114f8021b7724cee14a12ddd
                                                                  • Opcode Fuzzy Hash: 9f69763ff4e836dd50fb2c9a2c50329b4572595edecbdfc0e7ff20c6ba3de9ca
                                                                  • Instruction Fuzzy Hash: 45315031900211AADF71BB0CD849F6676F4BB01758F8640A9EDC8DB179D76CDD808792
                                                                  Function 0100245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0104A9A2
                                                                  • LdrpDynamicShimModule, xrefs: 0104A998
                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0104A992
                                                                  • apphelp.dll, xrefs: 01002462
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-176724104
                                                                  • Opcode ID: ac9b0a8e7ae0a92950beaef21f6a339a9d5c69a0f4bc35a1308d065a484e0020
                                                                  • Instruction ID: 3137841bbf505d620db823d3e40b739008603a346149c6d2cc4b75efa10010e2
                                                                  • Opcode Fuzzy Hash: ac9b0a8e7ae0a92950beaef21f6a339a9d5c69a0f4bc35a1308d065a484e0020
                                                                  • Instruction Fuzzy Hash: 513148B5740301EBEB319F59D886A6EB7F4FB84704F160069FD816B245CB759981C740
                                                                  Function 00FF29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • HEAP[%wZ]: , xrefs: 00FF3255
                                                                  • HEAP: , xrefs: 00FF3264
                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00FF327D
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                  • API String ID: 0-617086771
                                                                  • Opcode ID: 4d919b26a4520d498302520ec481daf06d5c58459895dd8186bc33eb68fab561
                                                                  • Instruction ID: baf250fd84d7526d97d365822106fd1da9019bc2a47263bd774d0557e49fd096
                                                                  • Opcode Fuzzy Hash: 4d919b26a4520d498302520ec481daf06d5c58459895dd8186bc33eb68fab561
                                                                  • Instruction Fuzzy Hash: 8F92AB71E042499FDB25CF68C440BBDBBF1BF48310F188099E995AB3A1D739AA45EF50
                                                                  Function 00FF0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                  • API String ID: 0-4253913091
                                                                  • Opcode ID: 297180f3c0c4af5206a8fc0ac7bc3da996ab7a5a0045a14141c9e3ae9dd16089
                                                                  • Instruction ID: 15cdab9b3102c78a3a2c73ecf3df9ec89bb864021fa7671ebc337e72e2b3804e
                                                                  • Opcode Fuzzy Hash: 297180f3c0c4af5206a8fc0ac7bc3da996ab7a5a0045a14141c9e3ae9dd16089
                                                                  • Instruction Fuzzy Hash: 77F1C071A0060ADFDB25CF68C890B7AB7F5FF45300F1481A9E6469B3A2DB74E941DB90
                                                                  Function 01006962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $@
                                                                  • API String ID: 0-1077428164
                                                                  • Opcode ID: 16ff902ba6bda07b4e519a29364312eeeef4accb14efc005e16e7dc5628d3cf8
                                                                  • Instruction ID: 0beff594754e7adda69555e5ff4da0fd6c87779bc485b639f6fd7b6d12a7a4b8
                                                                  • Opcode Fuzzy Hash: 16ff902ba6bda07b4e519a29364312eeeef4accb14efc005e16e7dc5628d3cf8
                                                                  • Instruction Fuzzy Hash: 6FC280716093419FE766CF28C881BABBBE5BF88754F04896DF9C987281D735E804CB52
                                                                  Function 00FDA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                  • API String ID: 0-2779062949
                                                                  • Opcode ID: e258c87f774eada631d8e591ae2a2bd2491bf093ef08226714fea0a14d166e20
                                                                  • Instruction ID: d013d62b19aa7e60e6060b32c59ef694d4f694ed88f5489758aade749676ab04
                                                                  • Opcode Fuzzy Hash: e258c87f774eada631d8e591ae2a2bd2491bf093ef08226714fea0a14d166e20
                                                                  • Instruction Fuzzy Hash: E0A17C759012299BEB31DF68CD88BEAB7B8EF44710F1041EAE949E7250DB359E84CF50
                                                                  Function 01000BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0104A121
                                                                  • LdrpCheckModule, xrefs: 0104A117
                                                                  • Failed to allocated memory for shimmed module list, xrefs: 0104A10F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-161242083
                                                                  • Opcode ID: 982ed21bcb70afba92804fad1e3b3ff5d9ca6d618ae3091858de5518a4bbfe93
                                                                  • Instruction ID: a10f91bc9c9906df565f510c506be2c1abeea2e721e4e6ba0444b7eb317d0193
                                                                  • Opcode Fuzzy Hash: 982ed21bcb70afba92804fad1e3b3ff5d9ca6d618ae3091858de5518a4bbfe93
                                                                  • Instruction Fuzzy Hash: 9771C0B0A00209DFEB26DF68C981BAEB7F4FF44344F14406DE98697255E739A941CB50
                                                                  Function 00FF0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                  • API String ID: 0-1334570610
                                                                  • Opcode ID: f73e05bd05c2634dde0ed990684d50b7519dc4e66a72e8d47d180f5d86aea463
                                                                  • Instruction ID: e131aead5759678f03046da70d214a8ddcac1abe12f0c27eab5d221979c29380
                                                                  • Opcode Fuzzy Hash: f73e05bd05c2634dde0ed990684d50b7519dc4e66a72e8d47d180f5d86aea463
                                                                  • Instruction Fuzzy Hash: 9261B171600305DFDB29CF28C880B7ABBE1FF45704F1485AAE695CB2A6DB74E841DB91
                                                                  Function 00FDCCC8 Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • InstallLanguageFallback, xrefs: 00FDCD7F
                                                                  • @, xrefs: 00FDCD63
                                                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00FDCD34
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                  • API String ID: 0-1757540487
                                                                  • Opcode ID: 6aee709ba1e763855c9682cb4707003164a76dd68f489048201d4e29dcfecbdb
                                                                  • Instruction ID: ab328ec4dd7b7b2c9a04e94febd69bae9ed3a86436b2fe03a31464061c693b48
                                                                  • Opcode Fuzzy Hash: 6aee709ba1e763855c9682cb4707003164a76dd68f489048201d4e29dcfecbdb
                                                                  • Instruction Fuzzy Hash: F651CC76604356DBC711DF68C844AAAB7E9AFC8714F04096EFAC4D7240EB34DA05DBA2
                                                                  Function 0101C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 010582E8
                                                                  • Failed to reallocate the system dirs string !, xrefs: 010582D7
                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 010582DE
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-1783798831
                                                                  • Opcode ID: 63f5ab751b42a2948278ee3c7c33cec1ace199c41ab762f7d4fcff7299743311
                                                                  • Instruction ID: 3e8e9e6bb27fdb2d9f62e80641b0fef85e0d80878c6a34c87da1aad3d770f0ec
                                                                  • Opcode Fuzzy Hash: 63f5ab751b42a2948278ee3c7c33cec1ace199c41ab762f7d4fcff7299743311
                                                                  • Instruction Fuzzy Hash: D4411171545300ABE761EB68DD45BAB7BE8FF48750F04482AFEC4D32A5E7B9D8008B91
                                                                  Function 0109C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • PreferredUILanguages, xrefs: 0109C212
                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0109C1C5
                                                                  • @, xrefs: 0109C1F1
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                  • API String ID: 0-2968386058
                                                                  • Opcode ID: ffc012975cdd3d5756ea20f53008f02bb92f36d2a254e91f8fe844c9cfe62346
                                                                  • Instruction ID: 461e130ac42982098f6ea3731165a5bd9e459193a0a422363be557155e12472f
                                                                  • Opcode Fuzzy Hash: ffc012975cdd3d5756ea20f53008f02bb92f36d2a254e91f8fe844c9cfe62346
                                                                  • Instruction Fuzzy Hash: 17416271E00219EBEF51DBD8C961FEEBBF8AB15700F1440AAE649F7280D7749E449B90
                                                                  Function 01074144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                  • API String ID: 0-1373925480
                                                                  • Opcode ID: 5a9207d02cf54a73679a8335887543975e221dab9e0e66236bac19dc2aa55777
                                                                  • Instruction ID: 5cd5078605b3f0a4bf0ccc7125fb2f84ad86fd40466d4fd1bf0dd903c2147a38
                                                                  • Opcode Fuzzy Hash: 5a9207d02cf54a73679a8335887543975e221dab9e0e66236bac19dc2aa55777
                                                                  • Instruction Fuzzy Hash: E0412471E043488FEB22EBD8D840BADBBF8EF55340F140499D981EB792D7749901CB14
                                                                  Function 01064755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01064899
                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01064888
                                                                  • LdrpCheckRedirection, xrefs: 0106488F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                  • API String ID: 0-3154609507
                                                                  • Opcode ID: 7ae529bb58fd4d30365312256b87df6ddaa029d73ce46484e619522c8767720e
                                                                  • Instruction ID: 56c0243d2d439b81d5e14bbd1195220ae7006e3b05bb968dcf9ae311c9673674
                                                                  • Opcode Fuzzy Hash: 7ae529bb58fd4d30365312256b87df6ddaa029d73ce46484e619522c8767720e
                                                                  • Instruction Fuzzy Hash: DF41D132A047519FCB61CE6CD940A6ABBECFF8AA50F0605A9EDC8D7351D735E800CB91
                                                                  Function 00FF0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                  • API String ID: 0-2558761708
                                                                  • Opcode ID: 58b27b3ab84de1bf5397d0cacd916f12dc9347654d4ab8a56207c96455a14794
                                                                  • Instruction ID: 82a2e4713f4e9e7d507d19432e3e9ae3cead69739bdeb575070798e6ff525ce1
                                                                  • Opcode Fuzzy Hash: 58b27b3ab84de1bf5397d0cacd916f12dc9347654d4ab8a56207c96455a14794
                                                                  • Instruction Fuzzy Hash: 1911D271315145DFDB28DB14CC91B79B3A5EF80B2AF18816AE646CF262DF34D840D751
                                                                  Function 010620DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • LdrpInitializationFailure, xrefs: 010620FA
                                                                  • Process initialization failed with status 0x%08lx, xrefs: 010620F3
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01062104
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-2986994758
                                                                  • Opcode ID: b267db51af03fd596a6f60bdba05fa6a2864c7a7f112d4d62eb057dfb3e0965b
                                                                  • Instruction ID: 055d4d2aa72c77f78efd3dea992345348a1651304e87759cc3e4c08b938c9f5c
                                                                  • Opcode Fuzzy Hash: b267db51af03fd596a6f60bdba05fa6a2864c7a7f112d4d62eb057dfb3e0965b
                                                                  • Instruction Fuzzy Hash: B7F02274640309ABE724E60CCD07FDA37ACFB40B04F100069FB80BB2C1D2B0A910DA82
                                                                  Function 00FF03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: #%u
                                                                  • API String ID: 48624451-232158463
                                                                  • Opcode ID: 1be6f609aabd301437b0b71ca043bce163175319b4e7cb4079044048842373d5
                                                                  • Instruction ID: 7e6c7b3a5c6ddc620014c9e3c4e49bf4d76a3d9226732277d5419ddd1baa8e22
                                                                  • Opcode Fuzzy Hash: 1be6f609aabd301437b0b71ca043bce163175319b4e7cb4079044048842373d5
                                                                  • Instruction Fuzzy Hash: 3C712CB1A0014E9FDB05DF98C991FAEB7F8AF08704F144065EA45E7252EA38EE01DB60
                                                                  Function 00FEA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • LdrResSearchResource Enter, xrefs: 00FEAA13
                                                                  • LdrResSearchResource Exit, xrefs: 00FEAA25
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                  • API String ID: 0-4066393604
                                                                  • Opcode ID: ba72ac7f1641ea45d6f33b7cfb8d91fd5a6d183d4f0b29f48f33040d41b28ac1
                                                                  • Instruction ID: ed4912926edc60b9262b1bc1dcb1ff850db2e2440201c8ee03d4429ff3f28185
                                                                  • Opcode Fuzzy Hash: ba72ac7f1641ea45d6f33b7cfb8d91fd5a6d183d4f0b29f48f33040d41b28ac1
                                                                  • Instruction Fuzzy Hash: 98E1B0B1E00259EBEB21DE9ADD80BAEB7B9BF54710F104076F941EB251D738E940EB11
                                                                  Function 010AA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: `$`
                                                                  • API String ID: 0-197956300
                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                  • Instruction ID: 43e249dd618091d764adb898aacc5de0af773f5d61b2192bd38aa4c01bb2192c
                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                  • Instruction Fuzzy Hash: B8C1AC313043469BEB25CEA8C841B6BBBE5AFC8318F484A2DF6D68B2D0D775D505CB51
                                                                  Function 0105E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID: Legacy$UEFI
                                                                  • API String ID: 2994545307-634100481
                                                                  • Opcode ID: e287a616fa2a0ccf4c40e7898d4574f56e8de0f304b8131bbe99154c98affe53
                                                                  • Instruction ID: e6bc195a8efcba6d64d69b305fcd5d5b19496eb4917bdfa8c22f18780550fa09
                                                                  • Opcode Fuzzy Hash: e287a616fa2a0ccf4c40e7898d4574f56e8de0f304b8131bbe99154c98affe53
                                                                  • Instruction Fuzzy Hash: 5B611B71E006199FDB55DFA8C940BBEFBB9FB48700F144069EA99EB291D731AA40CB50
                                                                  Function 010843D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$MUI
                                                                  • API String ID: 0-17815947
                                                                  • Opcode ID: 9bf027e2bb7b324bfb70c953eb996d3b7d6ff520ca450d6e51698df9ed1f4e9d
                                                                  • Instruction ID: c8c40990e46104db70e63bb826ab501927eddc65a81ea4bccd72dcacc133ed3a
                                                                  • Opcode Fuzzy Hash: 9bf027e2bb7b324bfb70c953eb996d3b7d6ff520ca450d6e51698df9ed1f4e9d
                                                                  • Instruction Fuzzy Hash: 8B514871D0021EAEDB11EFA9CC80BEEBBB8EB14754F100169E690F7291D7349A05CB60
                                                                  Function 00FE04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • kLsE, xrefs: 00FE0540
                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00FE063D
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                  • API String ID: 0-2547482624
                                                                  • Opcode ID: a7c933cb40891f7e5fcd106d78fce1710a957edeab46f2e6e441182765828f23
                                                                  • Instruction ID: b1a7f3cfbb6650304b6ced8336a2e723c8cb22d1e59f0143aa0342a09e291c53
                                                                  • Opcode Fuzzy Hash: a7c933cb40891f7e5fcd106d78fce1710a957edeab46f2e6e441182765828f23
                                                                  • Instruction Fuzzy Hash: 7451BF719047869FC724EF66C4407A7B7E4AF84314F04483EE9EA87240EBB4E985DF92
                                                                  Function 00FEA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 00FEA309
                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 00FEA2FB
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                  • API String ID: 0-2876891731
                                                                  • Opcode ID: d214d75c31d673c56abdebc5f5871a86e34fe8d71b256eec217cf6ea93761851
                                                                  • Instruction ID: 3ff0bab681b002f5416bd5f5738c3ef40d207b13f7e9017776ca7bb2e55a0dee
                                                                  • Opcode Fuzzy Hash: d214d75c31d673c56abdebc5f5871a86e34fe8d71b256eec217cf6ea93761851
                                                                  • Instruction Fuzzy Hash: A241BE71A00689DFDB11CF5AD880BAEB7F4EF84710F2440A5E954DB2A1E376EA40DB91
                                                                  Function 0101A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID: Cleanup Group$Threadpool!
                                                                  • API String ID: 2994545307-4008356553
                                                                  • Opcode ID: 16bd180c18418127552b515fcd8e35079da2d6e77d23d5dedc761c7387da20f5
                                                                  • Instruction ID: b74ef76add5f712e52def4be399f5d6c11b43983b1b99f4dbdba7029a4f8e6ca
                                                                  • Opcode Fuzzy Hash: 16bd180c18418127552b515fcd8e35079da2d6e77d23d5dedc761c7387da20f5
                                                                  • Instruction Fuzzy Hash: 7501F4B2245740EFE311DF14CD45F5677E8E798B25F048939E688C7194E739E804CB46
                                                                  Function 00FEC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: MUI
                                                                  • API String ID: 0-1339004836
                                                                  • Opcode ID: 93291c969467e5194eb0f4862a9fe915edb15d953eb355b6142b105dcf968dd4
                                                                  • Instruction ID: 3f7db3c1bb815d2dc73bd7ce22bfa28979d23de5230940035152ae7f268670dd
                                                                  • Opcode Fuzzy Hash: 93291c969467e5194eb0f4862a9fe915edb15d953eb355b6142b105dcf968dd4
                                                                  • Instruction Fuzzy Hash: CB827F75E002988FDB24CFAAC980BEDB7B5BF44710F248169E859AB790D7349D42EF50
                                                                  Function 01066420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID: 0-3916222277
                                                                  • Opcode ID: 147a10ff1a67c0a1a56304292d3d242684ca21ab870ff6f6388169d8e2e85f46
                                                                  • Instruction ID: be8c0424f6600ecc297bcc0e04b45c7c86d5fd79a454f9e30d0e35f217f92efa
                                                                  • Opcode Fuzzy Hash: 147a10ff1a67c0a1a56304292d3d242684ca21ab870ff6f6388169d8e2e85f46
                                                                  • Instruction Fuzzy Hash: 49916F71A00619AFEB22DF94DD85FEEBBB8EF08B50F104065F640AB191D775AD00CBA0
                                                                  Function 0108E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID: 0-3916222277
                                                                  • Opcode ID: d94198a39e15344a9f073971b73b9676d8f4537605281b57b9be81028610bf72
                                                                  • Instruction ID: 85487442953544071739e39f1c145c438c2d4b2ee7f127ef3bf0d9f3eea7bf0f
                                                                  • Opcode Fuzzy Hash: d94198a39e15344a9f073971b73b9676d8f4537605281b57b9be81028610bf72
                                                                  • Instruction Fuzzy Hash: 1A919E31905619BEDB22ABA4DC84FEFBBB9EF45750F100029F681A7261DB759901CB90
                                                                  Function 0101A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: GlobalTags
                                                                  • API String ID: 0-1106856819
                                                                  • Opcode ID: 1c2b71d8974ff961db82c2814d34508f79dd40faecf1bfa3537af591465fca8c
                                                                  • Instruction ID: c48baa3c0ca473e6ebd2addd60df9e331ae2ac872767a0cb6756c5eb59c4c60d
                                                                  • Opcode Fuzzy Hash: 1c2b71d8974ff961db82c2814d34508f79dd40faecf1bfa3537af591465fca8c
                                                                  • Instruction Fuzzy Hash: D3718FB5E0020ADFDFA8DF9CC5906EEBBF1BF48710F54816AE985A7241E7368841CB50
                                                                  Function 01084978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: .mui
                                                                  • API String ID: 0-1199573805
                                                                  • Opcode ID: 04ec98d513cb8903968bb6873b6ea6726a5bd2c010915335f9847fbcc0a5c096
                                                                  • Instruction ID: 4e8c55738f2e3f09fb5e36ecd1e42164c249cbcb69fb6d2a6232c7023fbe5187
                                                                  • Opcode Fuzzy Hash: 04ec98d513cb8903968bb6873b6ea6726a5bd2c010915335f9847fbcc0a5c096
                                                                  • Instruction Fuzzy Hash: 48519372D0422ADBDF10EF99D840BEEFBB4AF44B14F054169EA91FB250D7789901CBA4
                                                                  Function 00FFE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: EXT-
                                                                  • API String ID: 0-1948896318
                                                                  • Opcode ID: c412b9af8e0175d53f3bfb7785665ac633a14ed3d8b7b68cc074049dcc996f56
                                                                  • Instruction ID: 242732a0173024e3f8ab0c8f1af9dbe2aa87c8659f7d47b7cae90c14137950a0
                                                                  • Opcode Fuzzy Hash: c412b9af8e0175d53f3bfb7785665ac633a14ed3d8b7b68cc074049dcc996f56
                                                                  • Instruction Fuzzy Hash: 3841C37250831A9BD710EA75C880BBBB7D8AF88714F04092DF694E71B0E778DA04E797
                                                                  Function 0105C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: BinaryHash
                                                                  • API String ID: 0-2202222882
                                                                  • Opcode ID: 2de8ed794eeaff938edd0f38f637d9e79199199638eba525aa98acd320cd84ad
                                                                  • Instruction ID: 3c9d3671004538308fe7d0c0513dd1ab22742bed5f218500eaeb1da98a3f8b76
                                                                  • Opcode Fuzzy Hash: 2de8ed794eeaff938edd0f38f637d9e79199199638eba525aa98acd320cd84ad
                                                                  • Instruction Fuzzy Hash: F04132B1D0062DAAEB61DB50CD84FEFB77CAB45714F0045E5EA48AB140DB709E89CFA4
                                                                  Function 01076B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #
                                                                  • API String ID: 0-1885708031
                                                                  • Opcode ID: 5dda1d9256dae3e5b709ab34a02c98c0d5d152d5b1166de2809eebeebab68a8c
                                                                  • Instruction ID: 9b535a83d9f5eae3adb895690df507cd78449621eb5eb13c84b7ae2751694e26
                                                                  • Opcode Fuzzy Hash: 5dda1d9256dae3e5b709ab34a02c98c0d5d152d5b1166de2809eebeebab68a8c
                                                                  • Instruction Fuzzy Hash: 6531FC31E00B5D9AFB22DB69C850BFE7BE8DF05704F144068EA829B282D776E945CB54
                                                                  Function 0105CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: BinaryName
                                                                  • API String ID: 0-215506332
                                                                  • Opcode ID: 6a9491f2b9385e665e17c8134780c8072c4b836a584cefe1d18d4ad77a2e8976
                                                                  • Instruction ID: 93c50c5f1f9f378f850dc5949d79c61095e6f66d6b42278a2dab570e7b969d62
                                                                  • Opcode Fuzzy Hash: 6a9491f2b9385e665e17c8134780c8072c4b836a584cefe1d18d4ad77a2e8976
                                                                  • Instruction Fuzzy Hash: 9F313636900619AFFB56DB58CA55EBFBBB8EF80720F014169ED41A7251D7319E00EBE0
                                                                  Function 0106892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0106895E
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                  • API String ID: 0-702105204
                                                                  • Opcode ID: 98ef5f41f6455d67f803f0fa9f92cd13deebbcb1b430725f1fb6ce48cf2aac70
                                                                  • Instruction ID: df0c69c93922b49cd876a7ec445712d5ff268155a54d2ad9f1c08e98c8524f46
                                                                  • Opcode Fuzzy Hash: 98ef5f41f6455d67f803f0fa9f92cd13deebbcb1b430725f1fb6ce48cf2aac70
                                                                  • Instruction Fuzzy Hash: 6501F7312013019FE6345E55DC85B6A7BA9EF86394B0C002EFAC106552CB25A844C7A6
                                                                  Function 01082000 Relevance: .8, Instructions: 757COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f7bc39fad0bdc2fb9f26e85a7447fe9e7aef68f9e17a365cfa0bd41a0923f460
                                                                  • Instruction ID: d4fadcbbd7b1d4d549c57ad81a05bac08c4d2b5bf2b1293c886239b6b0f96f7e
                                                                  • Opcode Fuzzy Hash: f7bc39fad0bdc2fb9f26e85a7447fe9e7aef68f9e17a365cfa0bd41a0923f460
                                                                  • Instruction Fuzzy Hash: 1642CE3260C3419BEB65EF68C890A6FBBE5BF98300F58496DFAC297250D731D845CB52
                                                                  Function 01078158 Relevance: .6, Instructions: 617COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0cdac17502a6e7e60d4bf4e8382986a5b17aa85ead4c404359d30764d02a2a69
                                                                  • Instruction ID: 6ca11c90532c2d25205adb29d19ef6baf5ea3e2697a4fecd3a81be07a3c169c9
                                                                  • Opcode Fuzzy Hash: 0cdac17502a6e7e60d4bf4e8382986a5b17aa85ead4c404359d30764d02a2a69
                                                                  • Instruction Fuzzy Hash: C6426E75E002199FEB65CF69C845BADBBF5BF48300F14C09AE989EB241DB34A981CF54
                                                                  Function 00FF2840 Relevance: .6, Instructions: 605COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a58ef12186e62c378a129c5a31c0e318b8887177abf671bd043635d0f7db7a57
                                                                  • Instruction ID: 8837c4786b9d52264c4596c029a144714bb316abce8315989b1d892b897b401a
                                                                  • Opcode Fuzzy Hash: a58ef12186e62c378a129c5a31c0e318b8887177abf671bd043635d0f7db7a57
                                                                  • Instruction Fuzzy Hash: 963216B0A007558FEB64CF69C8847BEBBF2BF86300F14416DD5C69B285EB76A841DB50
                                                                  Function 0108A118 Relevance: .6, Instructions: 591COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f4278c3e06b75bb76c558571bdd0e87506e2126ab9ab59998632c491cdb0f6d5
                                                                  • Instruction ID: ccbab432ea7848c365017ea45c857fb5d9af0266d951a7b4a5b3d9f3e1a5b0fb
                                                                  • Opcode Fuzzy Hash: f4278c3e06b75bb76c558571bdd0e87506e2126ab9ab59998632c491cdb0f6d5
                                                                  • Instruction Fuzzy Hash: FA22BF70708661CBEB65EF2DC450376BBE1BF44304F08849BE9C68BA86E775D492DB60
                                                                  Function 00FE6A50 Relevance: .5, Instructions: 548COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3d5bf9d969dd1c0bf083437b183f2b5eb387013bcfacb5e1217d4f256e681d9a
                                                                  • Instruction ID: 4a16fe379d865f4edbde754c36377770eecf1b7f73f0baf045f1033c3bc5ba00
                                                                  • Opcode Fuzzy Hash: 3d5bf9d969dd1c0bf083437b183f2b5eb387013bcfacb5e1217d4f256e681d9a
                                                                  • Instruction Fuzzy Hash: 2F32AE71A00249CFDB25CF69C880BAAB7F1FF98310F2485A9E995EB391D734E841DB50
                                                                  Function 01004A35 Relevance: .4, Instructions: 423COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                  • Instruction ID: 8f201f1c00b33f662f2c40ccf65bcba52dcbfdac6ca14a81196006fb9450d6be
                                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                  • Instruction Fuzzy Hash: 12F18170E0060A9BEF56DF99C980BAEBBF5BF48710F048169EA85EB280D774DD41CB54
                                                                  Function 0107892B Relevance: .4, Instructions: 386COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76417276c03a799d6847743912f8b4091975eabe258a0f3d3d68b251c02eb10e
                                                                  • Instruction ID: c0bac382a650fe5950746f3dae9eae7011d5b1c786c566e4d594f50f8bbdab7c
                                                                  • Opcode Fuzzy Hash: 76417276c03a799d6847743912f8b4091975eabe258a0f3d3d68b251c02eb10e
                                                                  • Instruction Fuzzy Hash: 8FD1F171E0060A9BEF05CF69C845AFEBBF1AF88304F18C16AD995E7241E735E905CB64
                                                                  Function 00FE65D0 Relevance: .4, Instructions: 383COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 201eeea6003ba2c26d3b7e34aae94a81aff8ff8aacd9e6be66153fbf0d3982d7
                                                                  • Instruction ID: efd9e3d0185d619b44a501d24e7d148aff6a4b38530a556268e5abd3d4ec27ec
                                                                  • Opcode Fuzzy Hash: 201eeea6003ba2c26d3b7e34aae94a81aff8ff8aacd9e6be66153fbf0d3982d7
                                                                  • Instruction Fuzzy Hash: D7E19D71A08385CFC714CF29C480A6ABBE0FFA8358F15896DE995CB351DB31E905DB92
                                                                  Function 00FD8397 Relevance: .4, Instructions: 380COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 545128e5d5c7f0c03df9c3f19d11949dee590c49b0e857c30cccd78e0cd324f6
                                                                  • Instruction ID: a3061d58a949aa312bdf2581976c9cd94385a421ba24e354ffd9e4e9ebbb9ab4
                                                                  • Opcode Fuzzy Hash: 545128e5d5c7f0c03df9c3f19d11949dee590c49b0e857c30cccd78e0cd324f6
                                                                  • Instruction Fuzzy Hash: 49D1D472A002069BCB14DF65CC81BBA77E6FF84358F18416AF955DB381EB34D942EB50
                                                                  Function 01068243 Relevance: .3, Instructions: 322COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                  • Instruction ID: bc08dc7ebacfe490a7a33d8e58cd44cedbdc5fb0ac4edaaceb2b6dc719814dac
                                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                  • Instruction Fuzzy Hash: 09B15074A00705AFDF64DB99C940AABBBFDBF84304F14846EAA8297794DB35E905CB10
                                                                  Function 00FF0535 Relevance: .3, Instructions: 300COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                  • Instruction ID: 91c443a59904e0faae016365342cabe80ca262c33702cb0e8a701235693c71eb
                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                  • Instruction Fuzzy Hash: 4FB12F72600649AFDB15DF68C890BBEBBF6AF44300F1801A5E691D7392DB74ED41EB50
                                                                  Function 00FE83C0 Relevance: .3, Instructions: 281COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c427ee7bdb18c1ec6130ea3de33d0426a6bb00ea6017691235817d1490a6623f
                                                                  • Instruction ID: bdd2c68f4b36a2102df29776503acec10fd8605614e45fe5c2f32c19ce6de6c9
                                                                  • Opcode Fuzzy Hash: c427ee7bdb18c1ec6130ea3de33d0426a6bb00ea6017691235817d1490a6623f
                                                                  • Instruction Fuzzy Hash: C9C188B46083818FD760DF19C484BAAB7E5FF88344F44496EE98987290DB74E949CF92
                                                                  Function 00FDC427 Relevance: .3, Instructions: 280COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b6a27bcb8cff8ea574758a344f0f8b364a30f1cdad8e372445bb642340c4e1e5
                                                                  • Instruction ID: 768103f1985a879380710ed244de2ea60892020b1658b4b8a40a216a0ae2bc9c
                                                                  • Opcode Fuzzy Hash: b6a27bcb8cff8ea574758a344f0f8b364a30f1cdad8e372445bb642340c4e1e5
                                                                  • Instruction Fuzzy Hash: F1B1A170A002668BDB64DF54C890BA9B3F6EF44700F1885EAD54AE7381EB34ED85DF60
                                                                  Function 0100E5E7 Relevance: .3, Instructions: 278COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d8c68c9c4dafb45ae0e8b29179ae39ebf23ed930bb03d1d94b93ba34d8c8f1ae
                                                                  • Instruction ID: 4d3b5ce7a092f65863512a4a9be2393d582e1b764f80589f68d69eda12c013c8
                                                                  • Opcode Fuzzy Hash: d8c68c9c4dafb45ae0e8b29179ae39ebf23ed930bb03d1d94b93ba34d8c8f1ae
                                                                  • Instruction Fuzzy Hash: 7FA1F571E0021A9FEB229B5CD984BAEBBE4BB04754F050565EAC0BB2D1D7789D40CBD1
                                                                  Function 01020185 Relevance: .3, Instructions: 276COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ed0755ea3f791cafc1715ef0102190a11c458571e837adf694bb5bf84b242ec3
                                                                  • Instruction ID: 702832939e9a4736ed1bebba8a9c98fdd33879662536b051940972568f4708c3
                                                                  • Opcode Fuzzy Hash: ed0755ea3f791cafc1715ef0102190a11c458571e837adf694bb5bf84b242ec3
                                                                  • Instruction Fuzzy Hash: 56A1C1B0B0072ADFDB65CF69C890BAAB7F5FF44314F008169EA8597285DB34E815CB50
                                                                  Function 010B4500 Relevance: .3, Instructions: 275COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 24d2a993b2b8b4d82b63d20cf46f9873005edc1272ea1d787b81d6af15ff6711
                                                                  • Instruction ID: 87c707f29940d2ac5b35905cb8a603fd7c7e3f4857521f86f4097839a7d307cd
                                                                  • Opcode Fuzzy Hash: 24d2a993b2b8b4d82b63d20cf46f9873005edc1272ea1d787b81d6af15ff6711
                                                                  • Instruction Fuzzy Hash: D0A1BF72A04611AFC711DF18C980BAAB7E9FF48704F450568F686DB662D739EE00CB91
                                                                  Function 010660E0 Relevance: .3, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dcc94b08e78828a37b12ed7107668ea66a11383b14e9616675b275d9a08c8c85
                                                                  • Instruction ID: b6e3335c3aa4284456efdc5cee773a40db190c345b1fd3c5961ad51314c7035a
                                                                  • Opcode Fuzzy Hash: dcc94b08e78828a37b12ed7107668ea66a11383b14e9616675b275d9a08c8c85
                                                                  • Instruction Fuzzy Hash: 4991C671D00626AFDB15CF58D890BBEBFB9AF48710F154159E690EB341D736DE009BA0
                                                                  Function 00FFE3F0 Relevance: .3, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5287f592f329e866a6089467f25ed4240714e6f6ef0488d35de4f7652d9266d2
                                                                  • Instruction ID: 8a63a3ac83c984882f8acd186fb33e76555a59c93c2ac8e73e1141e4482ece3e
                                                                  • Opcode Fuzzy Hash: 5287f592f329e866a6089467f25ed4240714e6f6ef0488d35de4f7652d9266d2
                                                                  • Instruction Fuzzy Hash: AC910776A00619CBDB24DB58C880B7EB7A1EF88718F1940B9EE45DB3B1E638DD01E751
                                                                  Function 01036ACC Relevance: .2, Instructions: 226COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f7ee203d37425883ea31a66e673050c1ca037a692c0464c344b2816125f97510
                                                                  • Instruction ID: ada87a84f3e28985a79973eb3b041d8ad18de47f389259330f713374c64471b4
                                                                  • Opcode Fuzzy Hash: f7ee203d37425883ea31a66e673050c1ca037a692c0464c344b2816125f97510
                                                                  • Instruction Fuzzy Hash: 87819671E00619AFDB18CF69D890ABEBBF9FB88700F04852EE585D7640E735DA41CB54
                                                                  Function 010AAB40 Relevance: .2, Instructions: 222COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                  • Instruction ID: dada368e76227e49c25e16514aa568965bca3efa9092d9bf27281260da5bde47
                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                  • Instruction Fuzzy Hash: 6B818071B00209DFDF19DF98C880AAEBBF6AF84310F588569D9969B385D734E901CB90
                                                                  Function 0101E284 Relevance: .2, Instructions: 212COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2bab21986c062ff52b28b6925739f90305a0d51e80fcfc17c351308f26c1cc79
                                                                  • Instruction ID: be67b11fcb25e7f5ff7dfe57bc77d38da0299abc1cd7842b0655f1076c05e1d0
                                                                  • Opcode Fuzzy Hash: 2bab21986c062ff52b28b6925739f90305a0d51e80fcfc17c351308f26c1cc79
                                                                  • Instruction Fuzzy Hash: B1818471A00609DFDB56CFA9C880BEEBBF9FF48314F108429E995A7254D734AC45CB60
                                                                  Function 00FFC640 Relevance: .2, Instructions: 206COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4333b5e99016d76bf72ae29e219018fd33aed0c710cecec91cfa5c15de038b24
                                                                  • Instruction ID: 89942795cc7a576a48ab6abd626ae1ce2aefc6d4c9569c01bfd5a0e06919531e
                                                                  • Opcode Fuzzy Hash: 4333b5e99016d76bf72ae29e219018fd33aed0c710cecec91cfa5c15de038b24
                                                                  • Instruction Fuzzy Hash: 7071E2B6C05629DBCB259F98C5807BEBBF0FF48710F14856AE982AB350D3349800DB90
                                                                  Function 01078D6B Relevance: .2, Instructions: 206COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e60460465c52301b036961ebf1f5feb5821262c263c5d2b981ea1d23f6bbd758
                                                                  • Instruction ID: 59d25295548a63b80add96e0d9b46e7e1fe2b23237e52ecefb421f07c3e4f4ca
                                                                  • Opcode Fuzzy Hash: e60460465c52301b036961ebf1f5feb5821262c263c5d2b981ea1d23f6bbd758
                                                                  • Instruction Fuzzy Hash: 9971AD74D042669FCB15DF59C844ABABBF5EF49300F08C4AAE9D8DB201E335EA45C7A4
                                                                  Function 010947A0 Relevance: .2, Instructions: 202COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1a1f453f6ed5ec8010c34d3465837f934482469adcc4d7d7809aab4ae520bf35
                                                                  • Instruction ID: bda44fa505bdc8f5382dccd812b43a2523777eb863a305cbfe3a426c054bf9b8
                                                                  • Opcode Fuzzy Hash: 1a1f453f6ed5ec8010c34d3465837f934482469adcc4d7d7809aab4ae520bf35
                                                                  • Instruction Fuzzy Hash: 97718070D01205EFDF20DF99DA60A9EBBF8FF85300F11419AEA90EB258C73A8945DB54
                                                                  Function 00FF260B Relevance: .2, Instructions: 201COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a95c35015c57bce891dcc3ab20abae94debd46c37dc14d44fe823ca66d9825f4
                                                                  • Instruction ID: 40a1b7aa19e7e1a4071e1d0490ef05080994eacc7c2a8f55cc9e8ee9226594a3
                                                                  • Opcode Fuzzy Hash: a95c35015c57bce891dcc3ab20abae94debd46c37dc14d44fe823ca66d9825f4
                                                                  • Instruction Fuzzy Hash: C771E272A046469FC751DF28C480B7AB7E5FF84310F0485AAE998CB362EB38DC45DB91
                                                                  Function 0106035C Relevance: .2, Instructions: 198COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                  • Instruction ID: 2033b522c2298fc990bbaef6838da57cb8a053dc24c914cbf755203db9a2af7b
                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                  • Instruction Fuzzy Hash: 40714C71A00619EFDB10DFA9C984AEEBBF9FF48700F104569E645EB251DB34EA41CB50
                                                                  Function 010762A0 Relevance: .2, Instructions: 198COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68249984a02f9eb9e67cad37b24dd4ac5157b94d81f17e2364085bbf5d9693e3
                                                                  • Instruction ID: 2127cd69d5d0ebee926240588f1231fbdf31946f500607f6c6e3a8a88f71bdf9
                                                                  • Opcode Fuzzy Hash: 68249984a02f9eb9e67cad37b24dd4ac5157b94d81f17e2364085bbf5d9693e3
                                                                  • Instruction Fuzzy Hash: 67710531600B01AFFB32DF58C844F6ABBF6EF44720F148458E696872A1DB76E944CB54
                                                                  Function 00FE8AA0 Relevance: .2, Instructions: 197COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 045009ca4af679359ac7416b4727475b3741d50c32a40483e048aaaa82493906
                                                                  • Instruction ID: eee04bcecddca86581b4a5882414eae72a0eb404ea2288b11ed45883b03a5e99
                                                                  • Opcode Fuzzy Hash: 045009ca4af679359ac7416b4727475b3741d50c32a40483e048aaaa82493906
                                                                  • Instruction Fuzzy Hash: 3A8101B2B05345CFDB24CF98E584BAD77F2BF88310F1541A9E944AB291CB399D01DB90
                                                                  Function 0109A250 Relevance: .2, Instructions: 184COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cd8e6984c7bb816967b46e576808f50b4244bfc33022a3e3cae3b1ad35ebec3b
                                                                  • Instruction ID: f5367c5f7f35de6836b020400cc353bacee9228c45f414c0c4f5ed47921db18e
                                                                  • Opcode Fuzzy Hash: cd8e6984c7bb816967b46e576808f50b4244bfc33022a3e3cae3b1ad35ebec3b
                                                                  • Instruction Fuzzy Hash: D751C172604712EFDB11DE68C894F5BBBE8EBC8750F014529BA90DB150DB31DD04CBA2
                                                                  Function 01088350 Relevance: .2, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 69c487f1feeb81bf5a122a2705ce294edc045ff92be54652f24c3b04d372105f
                                                                  • Instruction ID: e9bfd458a38e4a4716831cfdcc3c4915b1d5e47d7ec02518bca27cf23804aa58
                                                                  • Opcode Fuzzy Hash: 69c487f1feeb81bf5a122a2705ce294edc045ff92be54652f24c3b04d372105f
                                                                  • Instruction Fuzzy Hash: C051F171904709DFD721EF9AC880AABFBF9BF54710F50861EE2D2576A1CBB0A941CB50
                                                                  Function 0101E443 Relevance: .2, Instructions: 158COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4f7b964dfbb98b67f42188645f56f66a69931b39ab278405ba4454a6024f1bf6
                                                                  • Instruction ID: ef5ab607b72901d0322a3273dcc81811357e6ec576b245e458d81dc6ed6f78be
                                                                  • Opcode Fuzzy Hash: 4f7b964dfbb98b67f42188645f56f66a69931b39ab278405ba4454a6024f1bf6
                                                                  • Instruction Fuzzy Hash: F6516171640615DFCB62EFA8C990EAAB7FDFF04784F4104A9EA8297661D738ED40CB50
                                                                  Function 01084180 Relevance: .2, Instructions: 156COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 957871aa7faf292f3df96986e4d607087c095eae8c788f06b0fe066696a96b24
                                                                  • Instruction ID: ad0482a0d7f82d398b536fcae5982877436a4806ee908f7a58beaa44f4379a04
                                                                  • Opcode Fuzzy Hash: 957871aa7faf292f3df96986e4d607087c095eae8c788f06b0fe066696a96b24
                                                                  • Instruction Fuzzy Hash: 0B5189716083029FD754EF29C880A6BBBE5BFD8204F44892DF5C9C7250EB30D905CB96
                                                                  Function 010045B1 Relevance: .2, Instructions: 156COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                  • Instruction ID: cdb56877cc9c9eb3452bebce302b07a14783407af43e789b1cf8e39e1abdfd20
                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                  • Instruction Fuzzy Hash: 2951A571E0021A9BEF16DF94C840BEEBBB5BF49350F0440A9EA45EB280D774DD44CB94
                                                                  Function 0106E9E0 Relevance: .2, Instructions: 154COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                  • Instruction ID: 6f90c451a72a6cce90f3664872cd90747813eb78beea6121bf341688dfe1cd32
                                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                  • Instruction Fuzzy Hash: 8751A635D00319EFEF21DF94C884BAFBBBDAF00324F154665D69267191D7349E448BA0
                                                                  Function 010A8B28 Relevance: .2, Instructions: 152COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c7691c7a546ea33829dde6b907b4b3f6c35aaf8a48c20c93bf3e5c7f45018269
                                                                  • Instruction ID: 0eb604366d88dd786eb8211fb311d2aa6b57f5d21821b5068850332c39141024
                                                                  • Opcode Fuzzy Hash: c7691c7a546ea33829dde6b907b4b3f6c35aaf8a48c20c93bf3e5c7f45018269
                                                                  • Instruction Fuzzy Hash: 6D4108707016059BD769DBADC894BBFBBDAFF90621F88C25AE9D587280DB30D801C790
                                                                  Function 0106CBF0 Relevance: .1, Instructions: 148COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 33ef0425ff8cd62cfec966a8b6fc8a5df36deb4eb139cec9db9baaa149372d15
                                                                  • Instruction ID: 91eb6f7132f812502aa0874d19b946525e7a8844892865db02c429ef0d36e273
                                                                  • Opcode Fuzzy Hash: 33ef0425ff8cd62cfec966a8b6fc8a5df36deb4eb139cec9db9baaa149372d15
                                                                  • Instruction Fuzzy Hash: 0B519D71900219DFDB60DFA9CA809AEBBF9FF48358B144559E9C5A3305DB39AD01CB90
                                                                  Function 0101A430 Relevance: .1, Instructions: 139COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bb1c753dbec3f2829b3fbf083fe63b2e4dc59a7130b9a75ed6a46b3bf30b33ed
                                                                  • Instruction ID: b266f6de77560de89323d199d0fa9afef68aa0bbb8a1cdbc07d80b0fad4dd277
                                                                  • Opcode Fuzzy Hash: bb1c753dbec3f2829b3fbf083fe63b2e4dc59a7130b9a75ed6a46b3bf30b33ed
                                                                  • Instruction Fuzzy Hash: E8410671742241DBDB69EE68D881BBA36A5EB58708F41006DEEC19B249DBBFD800C760
                                                                  Function 010AA9D3 Relevance: .1, Instructions: 139COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                  • Instruction ID: 59026fd29355f68aafd79770c3b1ee62e38ad0d33964c4e800efcc9aab97821b
                                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                  • Instruction Fuzzy Hash: E9412B31700706DFDB25CF98C990A6AB7E9FF94310B44466EE9928B681EB30ED04C7D0
                                                                  Function 010101F8 Relevance: .1, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4ba0f3450256ef7bf1d02a802fef3a603eca1b85b6526c39eeb9b3f979727428
                                                                  • Instruction ID: d022c11f3dd9ce452d83b78d3aafd56d041e05e6e83c987fedd43aa458caefe3
                                                                  • Opcode Fuzzy Hash: 4ba0f3450256ef7bf1d02a802fef3a603eca1b85b6526c39eeb9b3f979727428
                                                                  • Instruction Fuzzy Hash: 1F41BD36A00219DBDB14DF98C440AEEBBB4BF48710F14816AF9D5FB258D7399D81CBA4
                                                                  Function 0100EBFC Relevance: .1, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 83addb6918e359e7219db1bb4f45e4f4eddb7342dc159510f18ca16855a782d1
                                                                  • Instruction ID: 1f13647ee2cd6cb7d1028117db974a7d8f1c37f8a612889e390ce2f8e77926e3
                                                                  • Opcode Fuzzy Hash: 83addb6918e359e7219db1bb4f45e4f4eddb7342dc159510f18ca16855a782d1
                                                                  • Instruction Fuzzy Hash: 7B41E6B12043059FE765EF28C880A6BB7E5FF88314F044C7AEAD6D7252DB36E4458B51
                                                                  Function 01022750 Relevance: .1, Instructions: 137COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                  • Instruction ID: 3e691c79fc77b33968e88a83593241d7348ba182592908c2d0bef593d2fd7c22
                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                  • Instruction Fuzzy Hash: 4C517C75A00219CFCB95CF98C480AAEFBF2FF84714F2482A9D995A7351D770AE41CB90
                                                                  Function 00FE6154 Relevance: .1, Instructions: 133COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bfdc69575cf54a3e9c87af92c5def0f082c3d6937315aea5d30fcd830930eece
                                                                  • Instruction ID: 526572786df9011835dae4c7a9b9934dfee5a79d370715b48614f0d7f7fa1c67
                                                                  • Opcode Fuzzy Hash: bfdc69575cf54a3e9c87af92c5def0f082c3d6937315aea5d30fcd830930eece
                                                                  • Instruction Fuzzy Hash: 655106B090025ADBDF65CB68CC41BE8BBB1EF11314F1482A9E669E72D1D7399981EF40
                                                                  Function 00FE0BCD Relevance: .1, Instructions: 130COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5cc76b9a7746e1ba2f6b42bc96a745bba95a15becbd1f2ab1945390444c138d4
                                                                  • Instruction ID: b68a89984a35d67803df107904639ccc41a59fd3a3d8009566fee7d8931187e0
                                                                  • Opcode Fuzzy Hash: 5cc76b9a7746e1ba2f6b42bc96a745bba95a15becbd1f2ab1945390444c138d4
                                                                  • Instruction Fuzzy Hash: 4C41BF32A002689BCB61EF6DCD44BEA77B8EF85750F1101A5E948AB241DB74DE80DF91
                                                                  Function 010A866E Relevance: .1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                  • Instruction ID: 3f69262eb41687215c9ec90d70bfbb6e617a7c33b5555b809dcd308e69b85d08
                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                  • Instruction Fuzzy Hash: B9419575B00205ABEB15DFD9CC85ABFBFFABF88641F5480AAE584A7351DA70DD008760
                                                                  Function 00FE0887 Relevance: .1, Instructions: 128COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 97070b2dfa6577006fbabdae5a9b08a35c1e4ca25e2ff92c5b2193bb05cd4511
                                                                  • Instruction ID: 668110093d0c7252859bfce8ac76e3917a8eae181073412776da9a586d6e51d6
                                                                  • Opcode Fuzzy Hash: 97070b2dfa6577006fbabdae5a9b08a35c1e4ca25e2ff92c5b2193bb05cd4511
                                                                  • Instruction Fuzzy Hash: F841F6716007459FD725CF26C880A2AB7F9FF48314B104A6DE58787752EBB4F885EB50
                                                                  Function 0100A470 Relevance: .1, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 33b9777dee66b18b04dac65d1c536b88366f03c75ef5ee9b68f79217bd11d87c
                                                                  • Instruction ID: eaa2ed3b6a47a581eecdfe684ac21cc132644a1d1fce6934aa7f418f28c41534
                                                                  • Opcode Fuzzy Hash: 33b9777dee66b18b04dac65d1c536b88366f03c75ef5ee9b68f79217bd11d87c
                                                                  • Instruction Fuzzy Hash: 04418E72A41304CFEB62DF68D8947EE7BB0FF44361F1501A5D595AB2E1DB3A9900CBA0
                                                                  Function 00FE8BF0 Relevance: .1, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 838ed7e8e8c0555be04d27fae9c98fdbb6bf8a3fecf8dbf98aa4b1afd123d939
                                                                  • Instruction ID: 5b80ee2717ca1a90dd5820d173bcff360bbfa94f1314320bb11c5ec23740d3e0
                                                                  • Opcode Fuzzy Hash: 838ed7e8e8c0555be04d27fae9c98fdbb6bf8a3fecf8dbf98aa4b1afd123d939
                                                                  • Instruction Fuzzy Hash: 83415872A01241CBD724EF4AD880B5ABBF1FF85744F20806AE9459B665CB39D802DFA0
                                                                  Function 00FD8918 Relevance: .1, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 393a2b15fc707ee5f8abd5cdfbc46778cf3163f0dc2ec43d1216675c3222ee44
                                                                  • Instruction ID: e295c1080ddd018c5f76af180a4877acdf43061f847a3557b9b4be6c039e8b5a
                                                                  • Opcode Fuzzy Hash: 393a2b15fc707ee5f8abd5cdfbc46778cf3163f0dc2ec43d1216675c3222ee44
                                                                  • Instruction Fuzzy Hash: 15415C325087069ED312DF64C850A6BB7E9EF84B94F45092BF9C4D7250EB31DE059B93
                                                                  Function 00FDA020 Relevance: .1, Instructions: 122COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                  • Instruction ID: 4c1dc30dab174335d9668e74c4c9c0783c7116c0e59cb7fbc362eb96651513f7
                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                  • Instruction Fuzzy Hash: D4413B32A00211DFDB21DE69C4447BEB7A6EFD0758F1980ABE9858B341D7368D40EB96
                                                                  Function 00FE09AD Relevance: .1, Instructions: 122COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bcc2a4b535cde89a1377f87c78d4124c5d5ae75c2728cd07243a7950387ea43a
                                                                  • Instruction ID: 437a70c7aa2cb451f5566a00e3c13bf4ee06181114648e85fb3b18948a7a112a
                                                                  • Opcode Fuzzy Hash: bcc2a4b535cde89a1377f87c78d4124c5d5ae75c2728cd07243a7950387ea43a
                                                                  • Instruction Fuzzy Hash: 52417C71A00744EFD721CF19D841B2AB7F4FF44714F24896AE449CB252EBB5E982DB90
                                                                  Function 01010710 Relevance: .1, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                  • Instruction ID: adc5ca8acf8aea4d8cd59d320d88499f683ef6b9b2c55c666150feddd63135b4
                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                  • Instruction Fuzzy Hash: B8411871A04605EFDB24CF98C980AAABBF4FF18700B10496DE5D6DB659D334EA84CF90
                                                                  Function 00FE262C Relevance: .1, Instructions: 119COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7fe8c26d380fe72e09759822fb47a9a9058f908a6039e0d19394b549b3ba1dda
                                                                  • Instruction ID: 9fd039d286edcc616fc2a18669c452cea968883f49b572a52f3894d70eb95b6d
                                                                  • Opcode Fuzzy Hash: 7fe8c26d380fe72e09759822fb47a9a9058f908a6039e0d19394b549b3ba1dda
                                                                  • Instruction Fuzzy Hash: 8941F4B1901744CFCB61EF2AC941B69B7F9FF94320F1082AAD4469B2A1EB349D41EF51
                                                                  Function 0101C8F9 Relevance: .1, Instructions: 116COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a7f9c39f7ccbc0dfd4bab73e19de48acdb8735ff538c5807d6284bf4862ac7d2
                                                                  • Instruction ID: b83d679db201add7137d9884e81a764920e42dd367882374db8e8c6092836439
                                                                  • Opcode Fuzzy Hash: a7f9c39f7ccbc0dfd4bab73e19de48acdb8735ff538c5807d6284bf4862ac7d2
                                                                  • Instruction Fuzzy Hash: 0E3179B2A40245DFEB52CF68C540799BBF1FB09724F2081AED559EB251D736D902CF90
                                                                  Function 010607C3 Relevance: .1, Instructions: 114COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 90f7449e7cae7bdce9651b2e4cf6e1562378bcde628d3f04a24a5b5e3f816040
                                                                  • Instruction ID: ca35ee33c2932d7f6c6a0b868f659cadcbace5b613816d9bb64c04fb23241c0e
                                                                  • Opcode Fuzzy Hash: 90f7449e7cae7bdce9651b2e4cf6e1562378bcde628d3f04a24a5b5e3f816040
                                                                  • Instruction Fuzzy Hash: D7416B715083059FD360DF28C845B9BBBE8FF88654F008A2AF9D8C7295D7749904CB92
                                                                  Function 010605A7 Relevance: .1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b431ba858cb19df113fa3a82bf535ace2d890a535cbef93ed9ff0b7855ff41b5
                                                                  • Instruction ID: 2960aed4a0162debefddca6bbb5d624216d0e3bcd8846372033f94cbb332b3b4
                                                                  • Opcode Fuzzy Hash: b431ba858cb19df113fa3a82bf535ace2d890a535cbef93ed9ff0b7855ff41b5
                                                                  • Instruction Fuzzy Hash: 0841D0726446469FD320DF2CC880AAAB7E9FFC8700F144A69F99497694E734ED04C7A6
                                                                  Function 00FE4859 Relevance: .1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 75470f87619d4b8afda51ec54a15e27dea3fe0372e7dc1bacd80383250c16453
                                                                  • Instruction ID: b819e3e8c71b91d2577b1cc86bfb0f7c832a94b00925e6c44743802a92d8893e
                                                                  • Opcode Fuzzy Hash: 75470f87619d4b8afda51ec54a15e27dea3fe0372e7dc1bacd80383250c16453
                                                                  • Instruction Fuzzy Hash: 08410630A003418BC725CF29D894B3BB7EAEF80364F15446DF9919B2A2D735ED01DB51
                                                                  Function 00FF02E1 Relevance: .1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                  • Instruction ID: 72e1955fc8b05631cc43181663d1f57b5b6e59515f0b313c5504b9a052477775
                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                  • Instruction Fuzzy Hash: 12312A32A04248AFDB219B68CC80BEABFE9EF44350F0441B5F855D7363C678D984DBA4
                                                                  Function 0108E3DB Relevance: .1, Instructions: 105COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ef6a11320103950fc8469f230d2d89c8c25b74614335ab85e0dc51426bf89a52
                                                                  • Instruction ID: e5280812267840b1d7543cccaeef876a845a9e79d358cb1274a6337ae6103f81
                                                                  • Opcode Fuzzy Hash: ef6a11320103950fc8469f230d2d89c8c25b74614335ab85e0dc51426bf89a52
                                                                  • Instruction Fuzzy Hash: 1D31CA3174071AABE722AF69CC41FAF7AA5AF48B50F100029F644AB2D1DFA5DD00D7E0
                                                                  Function 01094B4B Relevance: .1, Instructions: 104COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 995c31e60a2ebc0eb480784ebcdb60bd24d05573563b3a504e27c6f0239023aa
                                                                  • Instruction ID: f1d6e6c0eb9f170823578f898f6f9cd3bd0a4d5df2756a43711f5c0ac30351ff
                                                                  • Opcode Fuzzy Hash: 995c31e60a2ebc0eb480784ebcdb60bd24d05573563b3a504e27c6f0239023aa
                                                                  • Instruction Fuzzy Hash: 8D31C1726052048FCB61DF1DD9A0E6AB7F5FF84360F0A44ADE9D5CB251D732A802EB91
                                                                  Function 00FE4260 Relevance: .1, Instructions: 102COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c16eaa5de7423748c3eb8fc8fee8ae75d1e7024238538e5b82ed29892308fbb7
                                                                  • Instruction ID: a54ec291a6c3b23fad1226673a653b2e79586db48edbaf50daf5c572d527058d
                                                                  • Opcode Fuzzy Hash: c16eaa5de7423748c3eb8fc8fee8ae75d1e7024238538e5b82ed29892308fbb7
                                                                  • Instruction Fuzzy Hash: 1B41DD72200B458FC722CF29C981BD67BE8BF08350F10846DFAA99B291C774F800EB50
                                                                  Function 01094BB0 Relevance: .1, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ca581e5a46ef02a9b1c170dc75a4e6dce4e6965fe741126622a0e55b8a9d6d3f
                                                                  • Instruction ID: 547c7e8ddd0903acd37f786dc9342853b3d0fb88db4386bf3db76356f204b484
                                                                  • Opcode Fuzzy Hash: ca581e5a46ef02a9b1c170dc75a4e6dce4e6965fe741126622a0e55b8a9d6d3f
                                                                  • Instruction Fuzzy Hash: 7031BEB16042458FDB60DF28D9A0A6AB7E5FB84310F09456DF9D4CB391D730E806DB91
                                                                  Function 0105EB1D Relevance: .1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b9d85d2df2db1bc922282f5cb3352613546b37d964e29d0f7ea6c7a07b162003
                                                                  • Instruction ID: a4dc4ac96fd58a9845b38407f3fc26fb0b843bc68f216457a5b9047f9f4ce241
                                                                  • Opcode Fuzzy Hash: b9d85d2df2db1bc922282f5cb3352613546b37d964e29d0f7ea6c7a07b162003
                                                                  • Instruction Fuzzy Hash: E031C3317416899BF3A2975CCD48B6BBBD8AF40740F1900E0BFC58B6E2DB68DA41C220
                                                                  Function 010A61C3 Relevance: .1, Instructions: 97COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3ab323a25c05b1489fca30f4bf3e591442d277a3020be4b373257403cf0006c3
                                                                  • Instruction ID: 7c04a1b0339aecc528a8664b7ce2e13ced5c593e95549ef390fc92d3d1900abd
                                                                  • Opcode Fuzzy Hash: 3ab323a25c05b1489fca30f4bf3e591442d277a3020be4b373257403cf0006c3
                                                                  • Instruction Fuzzy Hash: A731C475A0051AABDB15DFD8CC40FAEB7B5FB44B40F454169E940EB244D771ED40CB94
                                                                  Function 0108483A Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 42587f10062d9cf6c0ea50ebcb9be1a0a323122f477c0c152272db9cefaaa80e
                                                                  • Instruction ID: 30943014133f20e10e6c24c33209984011e71185ac5ea52023459f69d352ed3a
                                                                  • Opcode Fuzzy Hash: 42587f10062d9cf6c0ea50ebcb9be1a0a323122f477c0c152272db9cefaaa80e
                                                                  • Instruction Fuzzy Hash: B0317376A4012DABCF71EF54DC84BDEBBF5AB98350F1100E5E588E7250DA349E918F90
                                                                  Function 0100EB20 Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 61e4cda987b57f52ef1b2936d6f8002c9e1a1607f6ab005fea929d0098b91180
                                                                  • Instruction ID: be21fda32469062f1c86851fb513b83d55db5522b2e97bb3333a3914a4a35ca0
                                                                  • Opcode Fuzzy Hash: 61e4cda987b57f52ef1b2936d6f8002c9e1a1607f6ab005fea929d0098b91180
                                                                  • Instruction Fuzzy Hash: AB31C872E00615AFEB22DEA9CC40AAFBBF9EF44750F014465E595E7290D6749A008BA0
                                                                  Function 010A60B8 Relevance: .1, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 44641f06f34d08409950c8856e51a69578ec0c4ddcf08e1c9179640cc6402309
                                                                  • Instruction ID: 578f4f7974a4c956cae5848cfc3b0a10aa7b6d26d27056fa1915b2a595f7cf8d
                                                                  • Opcode Fuzzy Hash: 44641f06f34d08409950c8856e51a69578ec0c4ddcf08e1c9179640cc6402309
                                                                  • Instruction Fuzzy Hash: 0B31E271A00605ABDB129FE9CC50A6FBBF9AF44750F484069E681DB352DA36ED008B90
                                                                  Function 00FE07AF Relevance: .1, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c7dbcee1be0d88c606a87fc3ba0022dcc0afb89cf941972fecd7c9ae08206739
                                                                  • Instruction ID: 091cb2de9be956a6d8c43c5b7f602773fad51e845a3687416c288126e01d9090
                                                                  • Opcode Fuzzy Hash: c7dbcee1be0d88c606a87fc3ba0022dcc0afb89cf941972fecd7c9ae08206739
                                                                  • Instruction Fuzzy Hash: 18313332A04396DBC712DE26C880E6BBBE5AFD4360F054529FC85AB311DE74DD41A7E1
                                                                  Function 00FE8550 Relevance: .1, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 02e6dcffa691451faffe0a24e124fdb6e23a90548fd4bc522e3418584501d14f
                                                                  • Instruction ID: 76d6add47c31b2c3a2c7632500ea66755f86aedc94642880f564bd343920f78a
                                                                  • Opcode Fuzzy Hash: 02e6dcffa691451faffe0a24e124fdb6e23a90548fd4bc522e3418584501d14f
                                                                  • Instruction Fuzzy Hash: 36318DB16053418FE360DF19D880B2AB7E5EF88750F0849ADF98897251DB71EC44CB91
                                                                  Function 0101A6C7 Relevance: .1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                  • Instruction ID: cc548991c0e34359c4229bd87484850e428103e18cd62554bf71dfa3c7843259
                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                  • Instruction Fuzzy Hash: D4314AB2B01B41EFD7A1CF69DD40B67BBF8BF08A50F04096DA59AC3650E634E9008B60
                                                                  Function 0108EBD0 Relevance: .1, Instructions: 91COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: af822b0b5c4435a27c6b6bf6f1696f3b3412c9de395890edf5f6f61c7bfbf987
                                                                  • Instruction ID: 9d6fcffa9661ab8375597e9b042dac62bb14b10d780e1572642c935dec8a3d74
                                                                  • Opcode Fuzzy Hash: af822b0b5c4435a27c6b6bf6f1696f3b3412c9de395890edf5f6f61c7bfbf987
                                                                  • Instruction Fuzzy Hash: EA319AB19093099FCB21EF19C94086ABBF1FF89314F0549AEF4C89B252D331D946CB92
                                                                  Function 0100438F Relevance: .1, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7c3f223e5f6ec83431b90edc3888509db9f6ad826f6d94f0190bf631a5f7c36b
                                                                  • Instruction ID: 18690f16ece0d8d9f779bdd144954e4707e3fafeaea4c5a94957caa70970e0b6
                                                                  • Opcode Fuzzy Hash: 7c3f223e5f6ec83431b90edc3888509db9f6ad826f6d94f0190bf631a5f7c36b
                                                                  • Instruction Fuzzy Hash: 7A310571B003059FE721EFB8C981AAEBBF9EF84304F018529D685D3291DB35E941CB90
                                                                  Function 00FDCB7E Relevance: .1, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                  • Instruction ID: b7b5e8d169dfa33aa7bff67073b496371d92bcd5c54f205867ffb36cd8a87d72
                                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                  • Instruction Fuzzy Hash: 2A210B32F4125BAAD7119BB58801BAFBBBAAF44750F198176AE95F7340E370D900D7E0
                                                                  Function 00FDC156 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d05f1d8ab746811a7add45ac9dac9dbb9c2c23660e5cf7f0256035fcaec579fd
                                                                  • Instruction ID: cfd0fbbd249e375f2f09e17e29bfda911c52e8f70fedf5f4efdce3667ddc2344
                                                                  • Opcode Fuzzy Hash: d05f1d8ab746811a7add45ac9dac9dbb9c2c23660e5cf7f0256035fcaec579fd
                                                                  • Instruction Fuzzy Hash: ED313E715002108BDB61AF58CC41BB977B8BF84314F9881A9EDC59B352EA39D985DB90
                                                                  Function 0109C3CD Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                  • Instruction ID: 9a7f9125b4a3b4a864cc93e86b7e4fb32c1929f95c68063d2852c9edf0b96dd6
                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                  • Instruction Fuzzy Hash: E521083AB00652A6EF15AB958D10AFEBBB5EF40710F40C01AFAD587691EB39DD40D3B0
                                                                  Function 00FDE420 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d56236c236098e7597ea6d91b207244af68f0abef0d2d5ce73874f457abe192c
                                                                  • Instruction ID: 9c5be417b80ef54e63c14d36c843fd042d96e10190d70887b3db0bde36fcc3c0
                                                                  • Opcode Fuzzy Hash: d56236c236098e7597ea6d91b207244af68f0abef0d2d5ce73874f457abe192c
                                                                  • Instruction Fuzzy Hash: 23310836A0012C9BDB31EF14DC41FEE77BAEF15750F0901A6E645AB390D6749E80AF90
                                                                  Function 01014588 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                  • Instruction ID: f822817ad50043dd9548282a30f8039f8823dd76a5d4476d96ee3891ce679980
                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                  • Instruction Fuzzy Hash: A9218031A00709EBCB11CF58C980A8EBBA5FF48758F108465EE55DF255D779EA058B90
                                                                  Function 010144B0 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d186e24faa2be9034e3feaa2b929b6b5219ff6c7dc75ad19f4a03c4ed72221df
                                                                  • Instruction ID: 8ef4ad0d795f49ec52cbbabe22fa9049f90eadb5866dbc69a2a4e7ff5b2f97f5
                                                                  • Opcode Fuzzy Hash: d186e24faa2be9034e3feaa2b929b6b5219ff6c7dc75ad19f4a03c4ed72221df
                                                                  • Instruction Fuzzy Hash: 1721D2726047459BCB22CF18C880B6B77E4FF88760F014569FD949B696D734E901CBA2
                                                                  Function 00FDE388 Relevance: .1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                  • Instruction ID: 2da9686d831c2dd8a8837f17c057990d9308966e83fa575412c53734d65334d3
                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                  • Instruction Fuzzy Hash: DE318A31600604AFD721DB68C884F6AB7FAEF85354F1445AAE5528B391E770EE01EB50
                                                                  Function 0105E609 Relevance: .1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3f672e88c7840a2b5f8b0e24b75d9cbb3c3a6b9851840a252cec673e72a5854a
                                                                  • Instruction ID: 9d0a909f63eae620cdc4e313eb6736a05b7349c0281ee7bd0953bb6b8bbab879
                                                                  • Opcode Fuzzy Hash: 3f672e88c7840a2b5f8b0e24b75d9cbb3c3a6b9851840a252cec673e72a5854a
                                                                  • Instruction Fuzzy Hash: 1E315E796002059FCB54CF18C8849EFB7F5EF88384B15845AECC99B391EB71EA50CBA1
                                                                  Function 010606F1 Relevance: .1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dc88bc10cf9c52a1f6de6c995be360abe961e5ae5246a4cfe085ab8b9c705588
                                                                  • Instruction ID: 6f723795ac70b9fb0a633c39c2ddfafe807c92ee23e54eccbcf976e46ba002ce
                                                                  • Opcode Fuzzy Hash: dc88bc10cf9c52a1f6de6c995be360abe961e5ae5246a4cfe085ab8b9c705588
                                                                  • Instruction Fuzzy Hash: 5421A071D006299BCF24DF59C881ABEB7F8FF48740B550069F981E7254D778AD41DBA0
                                                                  Function 0106019F Relevance: .1, Instructions: 78COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 71bedde8166c7d1a051c06373f855c897cd6d201d59306cfe1aded8fd2d5b4e8
                                                                  • Instruction ID: 40f231e5044bb0509daf705ff86040de6d4dc0fe7686d40d15dfc2e8c4329b0c
                                                                  • Opcode Fuzzy Hash: 71bedde8166c7d1a051c06373f855c897cd6d201d59306cfe1aded8fd2d5b4e8
                                                                  • Instruction Fuzzy Hash: DE218971600649ABD715DB68DC80E6AB7E8FF48740F1400A9FA44DB6A1D638EE40CBA8
                                                                  Function 01060283 Relevance: .1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7d11663b220e1160c2ceeecfeaaf1762ff6eb809a13b87736fc91e6267c88ca5
                                                                  • Instruction ID: efe309a48dd69d158ae1397a592eaad66f8907235029b7dd4e3d45d358ea2057
                                                                  • Opcode Fuzzy Hash: 7d11663b220e1160c2ceeecfeaaf1762ff6eb809a13b87736fc91e6267c88ca5
                                                                  • Instruction Fuzzy Hash: 1021C5729443469FD712DF59C944BABBBECEF90740F084496BEC0C7265D734DA04C6A1
                                                                  Function 01002835 Relevance: .1, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 090e46c74094246c413a8ebd067a38f19b0d31597bedc5702eed62f75ce648ca
                                                                  • Instruction ID: a701366dbd5319b415a45e62fced8baa8f2019b530c6c5001df2712fc343cf8d
                                                                  • Opcode Fuzzy Hash: 090e46c74094246c413a8ebd067a38f19b0d31597bedc5702eed62f75ce648ca
                                                                  • Instruction Fuzzy Hash: 5021D771785685DBF323676C8C48B293BD4AF41774F2903F4FAE29B6E2DB68D9018210
                                                                  Function 0101A30B Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 64238e50b13172829fe29138f75523ae9f02791b66fa9cbbfe08001608b4e609
                                                                  • Instruction ID: a2c89703e12e0195c1bf4645e17ed4ebe602736f75655dde1f0cb95b0513f454
                                                                  • Opcode Fuzzy Hash: 64238e50b13172829fe29138f75523ae9f02791b66fa9cbbfe08001608b4e609
                                                                  • Instruction Fuzzy Hash: 7621AF35241741DFC725DF29CC01B5677F5AF08704F1484A8A589CB761E335E942CB94
                                                                  Function 0109A49A Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0444485a4ac36ef95f484ba94c2b157b8861205b42b51885a68e3b4a90f620cb
                                                                  • Instruction ID: a248d1a7d56c708409c1cce26233c9f7233088a36449d4a9d11d2b312bfc65f5
                                                                  • Opcode Fuzzy Hash: 0444485a4ac36ef95f484ba94c2b157b8861205b42b51885a68e3b4a90f620cb
                                                                  • Instruction Fuzzy Hash: 6F113632380A15FFEB2256599C51F6B7A99DBC4BB0F100128B788DB290EF70EC01A695
                                                                  Function 01060946 Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 05cab93869643d1789f9da660802411dfe5367afcf8185060494bda4dc60c140
                                                                  • Instruction ID: 3cd6cc6ec6a4bf5a069c5fe6dd7ee27265f2bef3793551de0f52254594a4172a
                                                                  • Opcode Fuzzy Hash: 05cab93869643d1789f9da660802411dfe5367afcf8185060494bda4dc60c140
                                                                  • Instruction Fuzzy Hash: 922116B1E40309ABCB20CFAAD9819AEFBF9FF98710F10416FE445E7244DA749941CB60
                                                                  Function 010780A8 Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                  • Instruction ID: 30282480201a123e4b6e6dc269a6c91daf1c98c4f4433e1da93af74b4f885f83
                                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                  • Instruction Fuzzy Hash: 1D218C72A00209EFDF129F98DC44BAEBBF9EF88310F21485AF994A7251D734DA50DB54
                                                                  Function 01010124 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                  • Instruction ID: 8491101303f69fcfd6adc948bdb771c98b4e3268a1e78115c69620a13a958e74
                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                  • Instruction Fuzzy Hash: BB110473640609BFE7229F84CD41F9ABBB9EF84754F104069F6848B194D779EE84CB50
                                                                  Function 00FE8770 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ebd843122e57f23a637c4c899e3a67d9a4bdc942074dd9762db8825b54733a84
                                                                  • Instruction ID: 37148d720229b3125576e6f2c8be30ec99e0f7f01f6dcd5a52fef6913ab3319d
                                                                  • Opcode Fuzzy Hash: ebd843122e57f23a637c4c899e3a67d9a4bdc942074dd9762db8825b54733a84
                                                                  • Instruction Fuzzy Hash: EC119835B016919FCB11DF4BC9C0A56B7E5AF467A4724406DED0C9F205DAB2DD02D790
                                                                  Function 0101AAEE Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                  • Instruction ID: 36936fda466b373ae3bc4a0806fecbe6fdb01399c8d578c0c1517550b3db2a24
                                                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                  • Instruction Fuzzy Hash: 39217F71A01681DFDB758F49C580A66BBE6FB84B10F15887DE58597616C738ED01CB40
                                                                  Function 00FE80E9 Relevance: .1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b35bfc11886c38e2a5feb8a8e2dbf888640068a2347ad83f50b9a81cb96b58d3
                                                                  • Instruction ID: 93185240c3aa355fd5a167ba0374374fcb767509bda8c0cde34f4735723615a5
                                                                  • Opcode Fuzzy Hash: b35bfc11886c38e2a5feb8a8e2dbf888640068a2347ad83f50b9a81cb96b58d3
                                                                  • Instruction Fuzzy Hash: 24218E32A40245DFCB14CF59C581B6EBBB5FB88358F20416DD109A7310CB75AD07DB90
                                                                  Function 0101674D Relevance: .1, Instructions: 65COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 28f24f77c63410dd9dec575ed2449ea5b537262783613e1e0d452d7e9cda1c57
                                                                  • Instruction ID: 65605e1b59d935c86dd70a28096caef9638ee9b4699800522a9257784f3bf444
                                                                  • Opcode Fuzzy Hash: 28f24f77c63410dd9dec575ed2449ea5b537262783613e1e0d452d7e9cda1c57
                                                                  • Instruction Fuzzy Hash: 2F218C75600A00EFD7608F68CC81BAAB7F8FF44350F04882DE5EAC7251EAB5A940CB60
                                                                  Function 01076870 Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2d7cc3e1c8db7beba27eb6717b3cd12a54e83e001b413abeb3bf270d018e12ab
                                                                  • Instruction ID: 5ab4e29d8123e510c802c056218f38cae8fc996e37176451c1720410530a25f9
                                                                  • Opcode Fuzzy Hash: 2d7cc3e1c8db7beba27eb6717b3cd12a54e83e001b413abeb3bf270d018e12ab
                                                                  • Instruction Fuzzy Hash: 63110132640A05EFE722CB59CC40F9A77ACEF89B50F114065F282DB261DA72ED00C7A4
                                                                  Function 0100E8C0 Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 10e24e8f2e5949f94de27a25a4d34f5c3142b8cc0b742624ec25b6f8bf3f4348
                                                                  • Instruction ID: d92ebef3b01251c972e66fdde3c6e2f1daf34133eceecdb629d0bbff12494a1a
                                                                  • Opcode Fuzzy Hash: 10e24e8f2e5949f94de27a25a4d34f5c3142b8cc0b742624ec25b6f8bf3f4348
                                                                  • Instruction Fuzzy Hash: 2E1104723001199FDB1ADB28CD81A6F7297EFC5370F254979EA62DB291E9319802C690
                                                                  Function 010166B0 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ef2a3470fceeff006879be1c5cb22e3d566e007c66301e0423f44192bd0fcc72
                                                                  • Instruction ID: 28b3a80e19b6813acba483259ee661a58bec88bfc5c07e763d4672aa61e61699
                                                                  • Opcode Fuzzy Hash: ef2a3470fceeff006879be1c5cb22e3d566e007c66301e0423f44192bd0fcc72
                                                                  • Instruction Fuzzy Hash: E011E376A01208DFCB65CF59DD80A5ABBF4FF84710B0640BDE9859B319E6B9DD00DB90
                                                                  Function 010AA8E4 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                  • Instruction ID: 26c59ee47454a9459897829d99f478ebe6122a362bcf88cca811e6d65b362cb5
                                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                  • Instruction Fuzzy Hash: 1C110436A00909EFDB19CB98CC11B9DBBF5EF84310F058269E88597380E675EE01CB80
                                                                  Function 00FE0AD0 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                  • Instruction ID: 7495c763a508cfe0ccc97efa017fab5166c7142ab7f0dd8855c513106f8fb68c
                                                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                  • Instruction Fuzzy Hash: 1F2106B5A00B459FD3A0CF29D481B52BBF4FB48B20F10492EE98AC7B50E771E854CB90
                                                                  Function 0106E7E1 Relevance: .1, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                  • Instruction ID: 8b3df985b80004f031c038eb471a661c0a3367890205fab17b1cc57e8fdc481d
                                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                  • Instruction Fuzzy Hash: 0E119E3A600700EFEB61DF49C840B5ABBE9EF45750F058469FA8D9B160DB75DD40DBA0
                                                                  Function 010027ED Relevance: .1, Instructions: 58COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 823b5f8e03b011fbf077edf85f841450b49c27da9f914b1b1d54ce9fe9559f90
                                                                  • Instruction ID: 5eef829056fe421326a6c8925506dbdbf102860bfebb6c04c317d3f61038f6ad
                                                                  • Opcode Fuzzy Hash: 823b5f8e03b011fbf077edf85f841450b49c27da9f914b1b1d54ce9fe9559f90
                                                                  • Instruction Fuzzy Hash: 7F01C875746648EBF317626D9C88F6B7BDCEF40354F0500B5F9828B291D954DD00C361
                                                                  Function 00FE4690 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4bfbbac6f43353fcdcc377d72b7e830fa7c2307a2846508499bdef6f9652816c
                                                                  • Instruction ID: 2744fdf3de8a783e33af7c1978c5923bf7ba498e5293670718d24681beb23ba0
                                                                  • Opcode Fuzzy Hash: 4bfbbac6f43353fcdcc377d72b7e830fa7c2307a2846508499bdef6f9652816c
                                                                  • Instruction Fuzzy Hash: B611AC36644684AFCB25CF5AD880B567BA9EB86B64F10411AF954CB290C774FC40EFA0
                                                                  Function 01016620 Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a820227721fbbc3f2f1ac1f96c941e4229b4b813f3b6f61c80b18610c0a81868
                                                                  • Instruction ID: 8c4c635dbd10a31aa91daf343c937b24b74986865464f5eae204d085c1de503f
                                                                  • Opcode Fuzzy Hash: a820227721fbbc3f2f1ac1f96c941e4229b4b813f3b6f61c80b18610c0a81868
                                                                  • Instruction Fuzzy Hash: 2C11C272A00715AFDB21DF99CD80B5EFBF8EF88740F510894EA41B7205D77AAD018B50
                                                                  Function 0100EA2E Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bd2e2b88fddac1b3f95355a1cfbfa8a5f905ea5854c6d2a256c3459e067183b9
                                                                  • Instruction ID: 6b05e349cbd77e9d65e1f14f376253647d7ce4b7cae7eb55c74a2ae7ddae4cbf
                                                                  • Opcode Fuzzy Hash: bd2e2b88fddac1b3f95355a1cfbfa8a5f905ea5854c6d2a256c3459e067183b9
                                                                  • Instruction Fuzzy Hash: 4A01F5716012099FD726DF19D904F56BBF9FB86314F2085AAF5449B2A1CB74EC82CB90
                                                                  Function 0100E53E Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                  • Instruction ID: f066a6f41e182ffb9a8da8cfa45e60d894f03b49f2875ba5610e52a77e8f51f3
                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                  • Instruction Fuzzy Hash: C611E5B22016C69BF723972CC994B297BD4AF00748F1908F0EEC1A7693F729C842C250
                                                                  Function 0106E75D Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                  • Instruction ID: 7c0adc2f05dfa2a6b524a9a7ac8ab292df4d9558b4f89b1b11ccea2ce09c7169
                                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                  • Instruction Fuzzy Hash: F701C03A600305AFEB21DB59CC00B9A7AEDFF40B50F158065FA859B260E779DD40D790
                                                                  Function 00FDA250 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                  • Instruction ID: a00f362ec6bd6c488375a9ffa8d06bf3cd0bcf0c831c86dd584a269707fe9f6a
                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                  • Instruction Fuzzy Hash: F2012632904B119BCB308F16D840A367BE6EF55B71708892EFC958B780C331D800EB65
                                                                  Function 0105E1D0 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a2c827c19edb2fec9c2d8dda169cfaaac8ff77bbf8f0ba735af89c78f9c26699
                                                                  • Instruction ID: 22683632c940f859fe314e4301a8117d3524dd91a9894d020ee53c210b0448a4
                                                                  • Opcode Fuzzy Hash: a2c827c19edb2fec9c2d8dda169cfaaac8ff77bbf8f0ba735af89c78f9c26699
                                                                  • Instruction Fuzzy Hash: 8211A131241640EFDB66EF19DD91F56BBB8FF44B84F1000A5FD459B6A1C635EE01CA90
                                                                  Function 00FE6259 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 51403c177500f9986afdbf61155dba9c9fa0cc18077e3ee10aa97eb75b56335a
                                                                  • Instruction ID: 87b25ad20a4d95bff14bc4b73596efe684b8f9383b458f64ce8d6670afa657ee
                                                                  • Opcode Fuzzy Hash: 51403c177500f9986afdbf61155dba9c9fa0cc18077e3ee10aa97eb75b56335a
                                                                  • Instruction Fuzzy Hash: BC115A7194122DABDF26AB64CD52FE9B2B4AF18710F5041D4A358E60E0DA709E81DF84
                                                                  Function 00FE208A Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                  • Instruction ID: 1aaad8a58f5e8de36bc0e621882e7d9c386a6a4adfdba8b8c254a93f90a79af5
                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                  • Instruction Fuzzy Hash: 67014C33A001418BDF558E5ADC80FA2776EBFC4710F1544A5EE41CF296EA71CC81E390
                                                                  Function 01066050 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9856be460b98d6679beb2ba7cd457a6470b471dbd0f9af7f545664f8026cd3ef
                                                                  • Instruction ID: 43163bfb6bcbefe46995a7f34e8ff64f96e6e9f13dccf31f257d518aea7f0b08
                                                                  • Opcode Fuzzy Hash: 9856be460b98d6679beb2ba7cd457a6470b471dbd0f9af7f545664f8026cd3ef
                                                                  • Instruction Fuzzy Hash: 6811177290001DABCB15DB94CC80DEFBBBCEF48254F044166E906E7211EA35AA15CBA0
                                                                  Function 01076500 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c0b896dbbdb1e43d8de955df1c6a8d578b8c6dcbc511ec641e31c10e88dd2d77
                                                                  • Instruction ID: 0761d101bad4bf84fe0be0c4498167ebbe3e2275d0d1fdff4552a8a234bc1b1c
                                                                  • Opcode Fuzzy Hash: c0b896dbbdb1e43d8de955df1c6a8d578b8c6dcbc511ec641e31c10e88dd2d77
                                                                  • Instruction Fuzzy Hash: 4011C832A445459FD711CF58D800BA5BBF5FF5A314F088199E985CB315D732EC81DBA0
                                                                  Function 0106C810 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 40bc92a8021a527de5a5665d1aaaea4a725fb8bd365b32de0c0a90c34f6e4b75
                                                                  • Instruction ID: 017fa1895eb9649f942514bab356564a602494401f2248710f1ca87eacdba502
                                                                  • Opcode Fuzzy Hash: 40bc92a8021a527de5a5665d1aaaea4a725fb8bd365b32de0c0a90c34f6e4b75
                                                                  • Instruction Fuzzy Hash: 6A11ECB1E0021D9FCB14DF99D541AAEBBF8FF58350F10806AF945E7351D674EA018BA4
                                                                  Function 0108EA60 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b1ce04420505df1c978903e57787ab6aa6d480a6a7cbf0c69d84475c8e176078
                                                                  • Instruction ID: c82ce8cdd8fe4aadebc14f541b3f93ea525305ee1dea289b28ad3f467a4f20d4
                                                                  • Opcode Fuzzy Hash: b1ce04420505df1c978903e57787ab6aa6d480a6a7cbf0c69d84475c8e176078
                                                                  • Instruction Fuzzy Hash: 1001F1311482109BCB72BB18C80093AFBE9FF41B50B0944AAF6C41B622CB24EC41DB91
                                                                  Function 00FDC020 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                  • Instruction ID: 38436471dc789d04714da30ae0b48ef4bb846d459628f242a122845dcf2fda9a
                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                  • Instruction Fuzzy Hash: 2801B53210070ADFDB2396A9C844FA777EEFFC4350F55441AA586CB680DA74E502D7A0
                                                                  Function 010220F0 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: db2f63d0fd2956e393e2e5fba8d2891b928eae43092e4f0364ca34f7ba441766
                                                                  • Instruction ID: 2644bb9f9c9ab0dbe6a04deb62ccf5428a0ca734664c942df97f27a8855a06a9
                                                                  • Opcode Fuzzy Hash: db2f63d0fd2956e393e2e5fba8d2891b928eae43092e4f0364ca34f7ba441766
                                                                  • Instruction Fuzzy Hash: 65116D75A0125DEFDB05EFA4C851EAE7BB5EB54340F104099F9419B250DA35AE11CB90
                                                                  Function 0101E5CF Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a401580bea9d1226e238b84142acc0cc20971300663d6488228931eb8011d74a
                                                                  • Instruction ID: b688606815c4519b21d5288d6ea576b7fb750e97d800941434da132772c7671f
                                                                  • Opcode Fuzzy Hash: a401580bea9d1226e238b84142acc0cc20971300663d6488228931eb8011d74a
                                                                  • Instruction Fuzzy Hash: 5601DB71201609BFD751BB79CD41E67B7ECFF44794B050665B60493572DB68EC01C6E0
                                                                  Function 010769C0 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e698d974116a94b441044e36702834dd589bd4564fc8b41faec1375675fc4780
                                                                  • Instruction ID: 962bd16ac3073a4bc40df75e66ae858d4736741ae1d7bec2dbb508db62bd1ded
                                                                  • Opcode Fuzzy Hash: e698d974116a94b441044e36702834dd589bd4564fc8b41faec1375675fc4780
                                                                  • Instruction Fuzzy Hash: EE014C32614615AFD324EF6DC848DABBBE8FF88720F114169F99987180E7319901CBD1
                                                                  Function 0106C460 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 11855f0d118a32767bc401d67545cf14cf03c6ac81bae008987d24c26a6d72e8
                                                                  • Instruction ID: 7a32477b3ea708e67e342dd81d5b83ecb4bf8618144626b6feea6a7c6c8fc7a3
                                                                  • Opcode Fuzzy Hash: 11855f0d118a32767bc401d67545cf14cf03c6ac81bae008987d24c26a6d72e8
                                                                  • Instruction Fuzzy Hash: DC115B71A0120DABDB15EF68C944EAE7BB9EF48350F004099FD8197350DA35EE11DB90
                                                                  Function 0106C97C Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a80d0206cd2e37c3c3a91da06e77523c20978eaec333293efaf50746300d978c
                                                                  • Instruction ID: 7e1434f57b77a7b29e73cb1ce97546c37e74ae6e2c63ddb1509db583083c7085
                                                                  • Opcode Fuzzy Hash: a80d0206cd2e37c3c3a91da06e77523c20978eaec333293efaf50746300d978c
                                                                  • Instruction Fuzzy Hash: 80115BB16193089FC700DF69D54699BBBE8EF9D710F00855EFA98D7391E634E900CBA2
                                                                  Function 0106CA11 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 44532c7d418b3773e545cf407896dec07bb82c2ffb4bec4d6f1aef1f65f42152
                                                                  • Instruction ID: 175bffbe7fc2c8766ea90ad146d7ee849f26c89d75d3cffbef20bc2de667a7fd
                                                                  • Opcode Fuzzy Hash: 44532c7d418b3773e545cf407896dec07bb82c2ffb4bec4d6f1aef1f65f42152
                                                                  • Instruction Fuzzy Hash: 111179B16083089FC300DF69C54199FBBE8EF99350F00855EF998D73A0E634E900CBA2
                                                                  Function 010B4A80 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                  • Instruction ID: 955592462c3b2038bcf9051027d9cf98f1b1c787b8c5d9ad028d14e9ed795854
                                                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                  • Instruction Fuzzy Hash: 9A01D8322006059FD7219A59D884FD6B7EAFFC5310F044459E683CB651DAB0F940C754
                                                                  Function 00FFE016 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                  • Instruction ID: 601daac003cc87dbecbf3614a7ba869cee59f14e09da4ec162e23af42c08f7ee
                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                  • Instruction Fuzzy Hash: B0018BB22006889FD322871DC948F3A7BEDEF85754F0944A1FA45CB6B2DBB8DC40D625
                                                                  Function 00FD826B Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 28242d91e7039e02c554087bac1f3a93dcb3a7a625af12970b35bfcb7f9a29d9
                                                                  • Instruction ID: 5547137b1a72f25c8e171e2f717ea0135a8136305ef7c82db7b545ef4b01af3e
                                                                  • Opcode Fuzzy Hash: 28242d91e7039e02c554087bac1f3a93dcb3a7a625af12970b35bfcb7f9a29d9
                                                                  • Instruction Fuzzy Hash: 3201F772B00605DBC714EB69DD01AAE77BEFF80360F19802AD942D7344EE30DD02D691
                                                                  Function 0108EB50 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: cdf7c8f2e80cf02010e73acc9facd749b98fae116f0440f66c1ff13a53ca0653
                                                                  • Instruction ID: be47523ff7f4bd079da90cde39a6caa75da7d1dfefbb9b5a7b941c32bb5e0868
                                                                  • Opcode Fuzzy Hash: cdf7c8f2e80cf02010e73acc9facd749b98fae116f0440f66c1ff13a53ca0653
                                                                  • Instruction Fuzzy Hash: FE01F2B1244B00AFD3316B19D801F1BBAA8EF44B50F11042AF7CA8F3A0C6B598408B54
                                                                  Function 00FE2582 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 73fa6a9cd9f50e3a3d257b2cb8fa4dcaaf12327a55fd8b4b0e73606279449c23
                                                                  • Instruction ID: 4f0a85801e28b88c50b68ee2143195713306e5ebd1d3dfb40b44457bc896e626
                                                                  • Opcode Fuzzy Hash: 73fa6a9cd9f50e3a3d257b2cb8fa4dcaaf12327a55fd8b4b0e73606279449c23
                                                                  • Instruction Fuzzy Hash: 5EF0F433A41B64B7C7319B5B8D45F17BAAEEF84BA0F154028B60597650DA34ED01EAA0
                                                                  Function 0100C073 Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                  • Instruction ID: 8c7b6589bbae6f3707644e522feb23ba59154c412da9bb9064c47949202d7208
                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                  • Instruction Fuzzy Hash: 2CF0C8B2600615ABE325CF4DDD41E57FBEADFC1A80F048268F655C7220E631DD04CB50
                                                                  Function 00FDC310 Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                  • Instruction ID: abcbb4f83cc7df941ac2299f0406dbedf734303ffbea61d493b611e815ec873d
                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                  • Instruction Fuzzy Hash: 1CF0F673658A239BC73316598C40B6BB69B8FC1B64F2E4037F209DB344CA648C02F6D0
                                                                  Function 0101CA6F Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                  • Instruction ID: 7be6bc654c873bf6575738dfe566db1870539426e130eeeabe4ba9a8901f1f90
                                                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                  • Instruction Fuzzy Hash: 9A0181322406899BE363965EC905B5ABFD8EF41758F0980A6FE848B6A2DA79C900C651
                                                                  Function 010B61E5 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 03c480bca9c794ad1cf46968a3796549179f25923f9a64b9994f29d8855f476a
                                                                  • Instruction ID: c157a0e39f34c0bbd980c227bafeea42ca1b8edccc726de2e9c3c8b46a039df0
                                                                  • Opcode Fuzzy Hash: 03c480bca9c794ad1cf46968a3796549179f25923f9a64b9994f29d8855f476a
                                                                  • Instruction Fuzzy Hash: FD017171A0025D9FDB00DFA9D441AEEBBF4AF48310F144059F540A7380D778EA01CB54
                                                                  Function 010663C0 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                  • Instruction ID: 94745306c6d0e23b9ff8d6d0fee768791414ac32f31910d2280dddf1a4209952
                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                  • Instruction Fuzzy Hash: 4FF0127210001DBFEF019F94DD80DFF7B7EEF55298B114125FA1192160D636DE21A7A0
                                                                  Function 0106A4B0 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 273088b38f024f80d982d361cab796d782026ef5344cb233d1ad4aa21921aef2
                                                                  • Instruction ID: 3434f0978060c83e1489670f6104f3a22b9ddfe7299c900764d8dafc97cfe621
                                                                  • Opcode Fuzzy Hash: 273088b38f024f80d982d361cab796d782026ef5344cb233d1ad4aa21921aef2
                                                                  • Instruction Fuzzy Hash: 00018936211119EBCF129E84DC40EDE7FAAFB4C654F058101FE5866220C736D970EB81
                                                                  Function 00FDC0F0 Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: af6e711cfcbac5c3350f8b853ac4ad259d3c43f92f74463b5bf2042eacaa18cf
                                                                  • Instruction ID: 062f2cf3c71332e747abb5a42e0e4725d2ed76bd23c529e24f1d6fcafe000dab
                                                                  • Opcode Fuzzy Hash: af6e711cfcbac5c3350f8b853ac4ad259d3c43f92f74463b5bf2042eacaa18cf
                                                                  • Instruction Fuzzy Hash: 21F0BB727043525BE764A6169C02B62329BD7D0761F2D8077E6058B7D3F971DC01E7E4
                                                                  Function 0101656A Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0173266682f720eb6fe2289f9197da0647ae87335453550d61d5e81b1efaa5e6
                                                                  • Instruction ID: cf20c3df54c5bb89cebd8db0a7189d19004781fcbba233690e1b059facc593ba
                                                                  • Opcode Fuzzy Hash: 0173266682f720eb6fe2289f9197da0647ae87335453550d61d5e81b1efaa5e6
                                                                  • Instruction Fuzzy Hash: C80144702416859BE3B29B6CCD49B6A37E8AB40B44F4845D0FE81CB6EFE7ADD541C610
                                                                  Function 0108437C Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                  • Instruction ID: 5b4fba5e67d5a8ce9ba1714baed82fc845c39aee6c5bde7bcd8c005bc4131c8f
                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                  • Instruction Fuzzy Hash: 03F02E35349D1357FBB6BA2E9860B3EBAD5AF90E10B05856C96D1DB680DF20DC00C780
                                                                  Function 0106E872 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                  • Instruction ID: b68e2089ae9734e7395c6789e011d7057f7e49e312b34a170f3a06c4a63196c5
                                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                  • Instruction Fuzzy Hash: A3F05E367117129FE721DA4DDC80F16B7ECAFD5A60F6A00B5A648AB260C760EC0187E0
                                                                  Function 0106C89D Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 47a824c956df5c5b0b3cdd40930deb549f155071b3a494780b674e31558fed92
                                                                  • Instruction ID: e161c8c32958b7d498956a23739a29c9cc66b329817681d7f3b8b6893bd6b06f
                                                                  • Opcode Fuzzy Hash: 47a824c956df5c5b0b3cdd40930deb549f155071b3a494780b674e31558fed92
                                                                  • Instruction Fuzzy Hash: 4CF0A4706053089FD310EF28C541A1EB7E4EF98710F40465AB8D4DB390EA38E900C756
                                                                  Function 01010854 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                  • Instruction ID: db7c291f941365076f4e213d35a1d0ff58d3c2a937af8a0664bb9ea27d8a3434
                                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                  • Instruction Fuzzy Hash: 04F02472604204EFE314DF21CC01F56B6E9EF9C340F148079AAC4C7268FAB4DE41D654
                                                                  Function 01068D20 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 557352408a02c098ae52724374595c19866f5f7d31c8238f5f66f8b43ba75d49
                                                                  • Instruction ID: 406f644c9a3729bb9b6e8de61dcbf530397a71c3c56ffaf79cf92430b08f29df
                                                                  • Opcode Fuzzy Hash: 557352408a02c098ae52724374595c19866f5f7d31c8238f5f66f8b43ba75d49
                                                                  • Instruction Fuzzy Hash: 4DF0E9325003846BD7317A1CEC44B6ABBADFBF5714F49445AFDC52715186396C84C7A0
                                                                  Function 0106C912 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3a77944328fcbe39f87686777274dc571cf2d6268a85c3556a56226816b1406c
                                                                  • Instruction ID: 9bd231ef74498e4c7301a63b8cb549da0c780c0f12058c42d9db2a5ba37fbf30
                                                                  • Opcode Fuzzy Hash: 3a77944328fcbe39f87686777274dc571cf2d6268a85c3556a56226816b1406c
                                                                  • Instruction Fuzzy Hash: 6CF04F70A0124D9FDB04EF69C555AAEB7B4EF18300F508059B995EB395DA78EA01CB60
                                                                  Function 00FE47FB Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 23eecb338af7ad3ca7529d4dc055900b339d41c3c64e22d7b1a920a8d20f5644
                                                                  • Instruction ID: 74433202fd2bd715773237b8ca54501540aaf0d29a11ea6d64ed74af21df049b
                                                                  • Opcode Fuzzy Hash: 23eecb338af7ad3ca7529d4dc055900b339d41c3c64e22d7b1a920a8d20f5644
                                                                  • Instruction Fuzzy Hash: 97F02E32C062E08FD732CB6AC054BA1B7C4AB10730F1C896ED49983102C328FE80E600
                                                                  Function 010A0115 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 554bbe1bf313beb3fe5b396a656a22195d4c88a6cba4bda0205a292838900629
                                                                  • Instruction ID: e9ff6ddf65d4e65be534afe71c62d28fe945232f8919ac65c7ec9d90f544ffdd
                                                                  • Opcode Fuzzy Hash: 554bbe1bf313beb3fe5b396a656a22195d4c88a6cba4bda0205a292838900629
                                                                  • Instruction Fuzzy Hash: 2DF027768176C906CF726B6CA8B02D1AF98A745114F4910C9D8E057209C57BA483C724
                                                                  Function 0101C5ED Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cfcbbfbb6ad43dae9f0787322ce03d234f194efb5931cbf7aec1b45ff1f83424
                                                                  • Instruction ID: df02a6b072d26cd892bd82144bb93f4fa370c7006a44bd92c81f21343ae63149
                                                                  • Opcode Fuzzy Hash: cfcbbfbb6ad43dae9f0787322ce03d234f194efb5931cbf7aec1b45ff1f83424
                                                                  • Instruction Fuzzy Hash: E8F0E2715916909FF3A2971CC348BA97BE8BB487A0F08ADA5D58AC7517C36CE880CA50
                                                                  Function 01022619 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                  • Instruction ID: 4a0bdb52d33267e203685d7b5878d21649285d316b20682e4394b6aa08331ee2
                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                  • Instruction Fuzzy Hash: 3BE0D872300A112BE7219F59CCC4F577BAEDFD6B10F040079FA045F252C9E6DD1982A4
                                                                  Function 01076030 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                  • Instruction ID: 355a4d2a37f1e1a141aa4e55bc519bdb625e9872b65c182025e39626390ad828
                                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                  • Instruction Fuzzy Hash: A5F08C72500A049FF3228F09D840B53BBF8EB05364F018065F60A9B561D33AEC40CBA8
                                                                  Function 00FE0710 Relevance: .0, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                  • Instruction ID: 1f69a7f707823e37286a32b4c5f535c42d204a0d861f55cbc83c302255e06c1a
                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                  • Instruction Fuzzy Hash: 28F0E53A204384DBDB16DF1AD050AA97BE8EB41350B100094E8828B351DB75F982EB50
                                                                  Function 010149D0 Relevance: .0, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                  • Instruction ID: aa70838993ea44fdf2fa8ca4c4e8c6f63f5b593c0d2ada438d1efe195bc3f110
                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                  • Instruction Fuzzy Hash: 2AE0D833244645ABD3211A59C801B6A7BE5DBD07A0F970429F280CB174DB78DC40D7D8
                                                                  Function 0108678E Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                  • Instruction ID: 94ad12b13310af8650e09f6c22b9f59b0e066d95b03752d52113454fdf6a2f1f
                                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                  • Instruction Fuzzy Hash: 96E0DF32A00114BBDB21B7998D02F9ABEACEB90FA0F060054B740E70E0E631DE00D6D0
                                                                  Function 00FE25E0 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 5bd9b5667ae2d9f9dc222b76d58bf69168168cfc8675ff0e950e2a780b667f72
                                                                  • Instruction ID: c3320339807f9a1debf39e8a737f17a82d1c57b9aebd71016264a382f117a068
                                                                  • Opcode Fuzzy Hash: 5bd9b5667ae2d9f9dc222b76d58bf69168168cfc8675ff0e950e2a780b667f72
                                                                  • Instruction Fuzzy Hash: E8E092321005949BC722BF2ADD02F9B779AEF94360F014529F155571A1CB39B910D784
                                                                  Function 0109A456 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                  • Instruction ID: bea866fe21ff8fa22764cd0ae10b9033ad1b50fd1332b6223a8b681b1ee09d95
                                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                  • Instruction Fuzzy Hash: E3E09231010611DFEB326F29D918B927AE0AF90711F148C6CE1D6124B0CB78D8C0DA40
                                                                  Function 01064000 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                  • Instruction ID: 8dec4113df36827c642b9b1826ce3528c097adffdbecfea078ee8c8be920fe77
                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                  • Instruction Fuzzy Hash: 1DE0C2343003168FE755CF19C044B627BFABFD5A10F28C0A8A9888F305EB32E842CB40
                                                                  Function 0101CA38 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b8acc17bb811890d4302042926220155de4a5f7b56cb69a25bf0c832bee970b7
                                                                  • Instruction ID: 2f979d52912697403ab17f1c27f755422d45ce14be666fe0a91b366d0ade0dd2
                                                                  • Opcode Fuzzy Hash: b8acc17bb811890d4302042926220155de4a5f7b56cb69a25bf0c832bee970b7
                                                                  • Instruction Fuzzy Hash: 01D02E334C20306AEB77F228BE04FE33A99AB40764F0648A0F688E2029D52CCC8192C4
                                                                  Function 00FD823B Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                  • Instruction ID: ccef759ff80ddaf180881dc03d44399ef3835888af36fabb7d8fb273750055f1
                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                  • Instruction Fuzzy Hash: 3BE0CD32500520DFDB322F15DC01F5176E6FF64B51F25485AF0C1161A48B745C82FB44
                                                                  Function 00FD8C8D Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                                                  • Instruction ID: da88e2a90561cbb58d8d169665f2532ffc4f8ecf60800ad91f8af6f7bfa8d08b
                                                                  • Opcode Fuzzy Hash: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                                                  • Instruction Fuzzy Hash: 30E07D31051630DEDB316F02ED00F5276F6BF50750F14442AF042055B0CF74AC82F650
                                                                  Function 00FE2050 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e7ef62cfab6c6df14981b91fa009786d871e03efaa1ff0e129f96acda6e14cdc
                                                                  • Instruction ID: d8101e7e8bfede622f20139d518ae5228f9a21a7fd0b37c264eea58f57058f65
                                                                  • Opcode Fuzzy Hash: e7ef62cfab6c6df14981b91fa009786d871e03efaa1ff0e129f96acda6e14cdc
                                                                  • Instruction Fuzzy Hash: 09E08C321004946BC611FA5EED12E5A739EEF94360F010225B150972A1CA29BD00D794
                                                                  Function 01018A90 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                  • Instruction ID: 3955de86e663fe53303fbe44addf806ed2e6414fd0bb88293782af2dd9799652
                                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                  • Instruction Fuzzy Hash: 74E08633111A1487D728DE18D511B7677E4EF45720F09863EA65347784C634E644C794
                                                                  Function 01036AA4 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                  • Instruction ID: 7d070f8408e737dbffcb608b93d4c00577b6abef139a684db1f2ddfca17c6532
                                                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                  • Instruction Fuzzy Hash: ECD05E36511A50AFC7329F1BEE00C13BBF9FFC4B10706066EA54583920C671A906DBA0
                                                                  Function 0101E59C Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                  • Instruction ID: 5b492bffab929dea0a8ec6037eeb5ad44dc233302300b1ab1b034284402006d0
                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                  • Instruction Fuzzy Hash: 65D0A932204620ABDBB2AA1CFC00FD333E8AB88760F060499B008C7061C364AC81CA84
                                                                  Function 0105E908 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                  • Instruction ID: bec390ab46fb634e04cb35dc0b2adf515200db7a45b77998b8525998d4743ce5
                                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                  • Instruction Fuzzy Hash: DCE0EC35950684ABDF92DF59DA40F5AFBF5BB84B40F150494A5886B661C628AA00DB40
                                                                  Function 00FDA0E3 Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                  • Instruction ID: c6ead05cba39c75d8448e606fb4acc1192f43838320a3fa78564736135a0ff7c
                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                  • Instruction Fuzzy Hash: 72D0223321603093CF2856606C14F6379069F80BA0F1E006E340AA3A00C0088C42F6E4
                                                                  Function 0101A830 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                  • Instruction ID: 6ac73228a0e003d8b7eefea19a62c965dd8ba1ce5cbcd67ca8801ea6034f8b26
                                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                  • Instruction Fuzzy Hash: 01D012371D054DBBCB119F65DC02FA57BA9EB54BA0F454020B604875A1C63AE950D584
                                                                  Function 0101CA24 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 048bd85ddacb95df16fd169dad6b4422a6be0539bdc263fa181526f1fc5a32c3
                                                                  • Instruction ID: d843a8b62e1558cd90113e8949baf077d744d6ff147f52c80ade7c341c16ec3b
                                                                  • Opcode Fuzzy Hash: 048bd85ddacb95df16fd169dad6b4422a6be0539bdc263fa181526f1fc5a32c3
                                                                  • Instruction Fuzzy Hash: 46D05E315450418BEF57CB09CA1492E3AB0FB04640B8000A8EFC051020D72ED801CA00
                                                                  Function 00FF02A0 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                  • Instruction ID: e2b8565b1b29974c669f97b42b4cc57f6fdef9e5d7796cc862703e2d82446e5c
                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                  • Instruction Fuzzy Hash: FED0C975652E84CFC71ACB0CC5A8B2533A4FF44B44F8504E0E541CBB32DA2CDD40CA10
                                                                  Function 0101C700 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                  • Instruction ID: 288df94414747e0f3ea600a2fbf54c75209c999922a2e63ad1d59faf98d3a176
                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                  • Instruction Fuzzy Hash: 47C08C33290648AFCB12EF98DD02F127BE9EB98B40F010061F3048B671C635FD20EA84
                                                                  Function 01000310 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                  • Instruction ID: fa2dc1c3df4c8347b6fe0c25406f2ccc7458cef33b62c3b329888632b65876c5
                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                  • Instruction Fuzzy Hash: 0BD01236100248EFCB02DF41C890E9A772AFBD8750F108019FD1907650CA31ED62DA50
                                                                  Function 00FE0750 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                  • Instruction ID: 3354dbfbfe93dbc28cc3fcde93fd2548ad994f1f7d0d08ace59ac66fa87b8ae9
                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                  • Instruction Fuzzy Hash: 36C08838300A088FCF02CB2AC280F0833E8FB80300F0008C0EA00CBB22E228E802CA00
                                                                  Function 01024340 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6e72e4d7e124b0f081a3112542845e3dbecb336fb3c31510cb7117d34e4d5a08
                                                                  • Instruction ID: 0d8f4aa466897654892d8fa9b7f01b7c24bd600928fdbd199ec5b4c18c766b93
                                                                  • Opcode Fuzzy Hash: 6e72e4d7e124b0f081a3112542845e3dbecb336fb3c31510cb7117d34e4d5a08
                                                                  • Instruction Fuzzy Hash: F1900231605C0012A140715888845464019A7E0301B55C152F0828554CCA148A576361
                                                                  Function 01024650 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ba46c2d231bb3be17c09c5048a5cb6896bd808503a634e45c899493cdbaa3cf2
                                                                  • Instruction ID: c4374f8c308baf2411f901b7d41fef67a37f5d85996a782ce42c74ce8f24cda0
                                                                  • Opcode Fuzzy Hash: ba46c2d231bb3be17c09c5048a5cb6896bd808503a634e45c899493cdbaa3cf2
                                                                  • Instruction Fuzzy Hash: 70900261601900425140715888044066019A7E1301395C256B0958560CC6188956A369
                                                                  Function 01022B80 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1836692f4a76964bb9f16f6f7a32e6425d29d28f3212c41134d0eada625f0a7c
                                                                  • Instruction ID: 0639257ccf2f3b8d90f4eb1c825e7babc3bfc4c07db547d44fe6113905bdeb8d
                                                                  • Opcode Fuzzy Hash: 1836692f4a76964bb9f16f6f7a32e6425d29d28f3212c41134d0eada625f0a7c
                                                                  • Instruction Fuzzy Hash: 2790023120180802E10471588804686001997D0301F55C152B6428655ED66589927231
                                                                  Function 01022BA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 02f5db3a30db4167823a8152434ee4bc0fc219f7b8d920fc7629735c62f79c02
                                                                  • Instruction ID: 42a401a7d77f29f8d1876f17e319edd49516e35fed44fc4847490ae01df479e9
                                                                  • Opcode Fuzzy Hash: 02f5db3a30db4167823a8152434ee4bc0fc219f7b8d920fc7629735c62f79c02
                                                                  • Instruction Fuzzy Hash: D990023160580802E15071588414746001997D0301F55C152B0428654DC7558B5677A1
                                                                  Function 01022BE0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9ed3ec708e9e65921c75bd6ff85ca1d6e13b4c3d4274ff0f384b89ee80d71639
                                                                  • Instruction ID: 7815e40c1a5839dbea1ebb1146583261e69e7075b10383e0a9f08db807336373
                                                                  • Opcode Fuzzy Hash: 9ed3ec708e9e65921c75bd6ff85ca1d6e13b4c3d4274ff0f384b89ee80d71639
                                                                  • Instruction Fuzzy Hash: 4690023120584842E14071588404A46002997D0305F55C152B0468694DD6258E56B761
                                                                  Function 01022BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76cd1a50cd97be6d79cb7eae8edd4553f59a99db4d80ca1f7aef2e619fa4771f
                                                                  • Instruction ID: f594a9ab6accc7d150720231c82077e901f97ace63a0316fda9d306f0557ce67
                                                                  • Opcode Fuzzy Hash: 76cd1a50cd97be6d79cb7eae8edd4553f59a99db4d80ca1f7aef2e619fa4771f
                                                                  • Instruction Fuzzy Hash: 2A90023120180802E1807158840464A001997D1301F95C156B0429654DCA158B5A77A1
                                                                  Function 01022AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 750e47b794e6f42707f92114b7e24ddd4754d8e74a0b35323a8264f9159645c0
                                                                  • Instruction ID: d390885260c613c440b6a8554dbb87386b0bd5b5b5a239774f16dab40cfffd1d
                                                                  • Opcode Fuzzy Hash: 750e47b794e6f42707f92114b7e24ddd4754d8e74a0b35323a8264f9159645c0
                                                                  • Instruction Fuzzy Hash: E39002A1201940925500B258C404B0A451997E0201B55C157F1458560CC5258952A235
                                                                  Function 01022AD0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d656c3ffe818a38cf617f086c04a2a3739febbc5965f97ebdf5fb0a72a97a022
                                                                  • Instruction ID: 5316136fb2ec3dd9c6fd191f95f9b73424d3d4675a365716a872e07c81c9456e
                                                                  • Opcode Fuzzy Hash: d656c3ffe818a38cf617f086c04a2a3739febbc5965f97ebdf5fb0a72a97a022
                                                                  • Instruction Fuzzy Hash: FC900225211800031105B5584704507005A97D5351355C162F1419550CD62189626221
                                                                  Function 01022AF0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c42523883987a326b4d6feb102128d02d079203b8cf572da63d329ab1b25d09f
                                                                  • Instruction ID: 7b76c7676dac11b62d98eeb929ec1de021ed1b5c382931e404ba34a1bf56fce1
                                                                  • Opcode Fuzzy Hash: c42523883987a326b4d6feb102128d02d079203b8cf572da63d329ab1b25d09f
                                                                  • Instruction Fuzzy Hash: C9900225221800021145B558460450B0459A7D6351395C156F181A590CC62189666321
                                                                  Function 01022D00 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e5b5647452acc132f338eef7c47930288ca686ec7b7ac8bd6c24a8e844700312
                                                                  • Instruction ID: caa33aa7a6ce88a97881b2e25c9594818edd066a05338a466c2913b985af0da7
                                                                  • Opcode Fuzzy Hash: e5b5647452acc132f338eef7c47930288ca686ec7b7ac8bd6c24a8e844700312
                                                                  • Instruction Fuzzy Hash: 0190022120584442E10075589408A06001997D0205F55D152B1468595DC6358952B231
                                                                  Function 01022D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f51f3b3c6ff4662d12d9d7b25305d5c22e887fea99b6ff47d244d93b2e64ee98
                                                                  • Instruction ID: 4997f39daa428d07751de27ec4dea18260c3794bf23b0931728e31cea994a5c3
                                                                  • Opcode Fuzzy Hash: f51f3b3c6ff4662d12d9d7b25305d5c22e887fea99b6ff47d244d93b2e64ee98
                                                                  • Instruction Fuzzy Hash: AC90022921380002E1807158940860A001997D1202F95D556B0419558CC915896A6321
                                                                  Function 01022D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 43bcbbd446742a235e892b713e628f585262704fd0355affafe9e86baca73f33
                                                                  • Instruction ID: 0695f3c22dd4f66a2aac7d57ce57f4e89f42616a5f461c214e90fcc1f4d900d5
                                                                  • Opcode Fuzzy Hash: 43bcbbd446742a235e892b713e628f585262704fd0355affafe9e86baca73f33
                                                                  • Instruction Fuzzy Hash: DC90022130180003E140715894186064019E7E1301F55D152F0818554CD91589576322
                                                                  Function 01022DB0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1523d71ccdee1b833b227e51e580590f5d63dd7db042b36f85ad9ce383db5b14
                                                                  • Instruction ID: 609691a59001704e7b543be08066b77873ea67f0e0d905a88ed2f57e1142287b
                                                                  • Opcode Fuzzy Hash: 1523d71ccdee1b833b227e51e580590f5d63dd7db042b36f85ad9ce383db5b14
                                                                  • Instruction Fuzzy Hash: 7090023124180402E14171588404606001DA7D0241F95C153B0828554EC6558B57BB61
                                                                  Function 01022DD0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cbf4cd1e119dbb1d1b44c1717094f5db2b80f1d8000f720e6396780a89a1886c
                                                                  • Instruction ID: 719a8cf96098632a1f59823ac32789547cf8870fa1b6dd60ba5a518f6561c575
                                                                  • Opcode Fuzzy Hash: cbf4cd1e119dbb1d1b44c1717094f5db2b80f1d8000f720e6396780a89a1886c
                                                                  • Instruction Fuzzy Hash: 76900221242841526545B1588404507401AA7E0241795C153B1818950CC5269957E721
                                                                  Function 01022C60 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 75150a98543830b816ae630489103be87b7419f1b61129649e7704f3ee2c5f4a
                                                                  • Instruction ID: c71a8b6040aa7637c1cb551a5a1660bc6ee8af26f6f25b7d244f7a0a3ad013f2
                                                                  • Opcode Fuzzy Hash: 75150a98543830b816ae630489103be87b7419f1b61129649e7704f3ee2c5f4a
                                                                  • Instruction Fuzzy Hash: 7C90023120180842E10071588404B46001997E0301F55C157B0528654DC615C9527621
                                                                  Function 01022CA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9f4c81a99ec0b8c57fd1ac8893b2f5a1df341060c6613d4237f1f139937e35fc
                                                                  • Instruction ID: 3a3bb9b6a53663157b6012f56fe5797f745c7c9b158dd53cf4e7386c66b2c9ed
                                                                  • Opcode Fuzzy Hash: 9f4c81a99ec0b8c57fd1ac8893b2f5a1df341060c6613d4237f1f139937e35fc
                                                                  • Instruction Fuzzy Hash: C090023120180402E10075989408646001997E0301F55D152B5428555EC66589927231
                                                                  Function 01022CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fb3a16b33cf4a2f38a55f8adcdbc189646d6ff59e7c8b07c92e240546e28bb07
                                                                  • Instruction ID: 88bee7da730dc4d49edad192c10e04876300b2873cc78edbbc93b8d42310de53
                                                                  • Opcode Fuzzy Hash: fb3a16b33cf4a2f38a55f8adcdbc189646d6ff59e7c8b07c92e240546e28bb07
                                                                  • Instruction Fuzzy Hash: 4890022160580402E14071589418706002997D0201F55D152B0428554DC6598B5677A1
                                                                  Function 01022CF0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 70dd249d1c7ab1160d5112d0bafd2e283d16d1f530b000cbf0e81b1cbbe76deb
                                                                  • Instruction ID: caa5377822ae5104563cd46af0c98dbb1220ddff0c8ea1604195e87035aa6560
                                                                  • Opcode Fuzzy Hash: 70dd249d1c7ab1160d5112d0bafd2e283d16d1f530b000cbf0e81b1cbbe76deb
                                                                  • Instruction Fuzzy Hash: FC90023120180403E10071589508707001997D0201F55D552B0828558DD65689527221
                                                                  Function 01022F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a304ddede3de76e393641c9e42b3b4e95bd9cd022e9c406b9d7966b5617ebe11
                                                                  • Instruction ID: 16702bcc21cf09cca26525173401de4ac9cc441a1d0233a8bbb6fe7e74aeb8a0
                                                                  • Opcode Fuzzy Hash: a304ddede3de76e393641c9e42b3b4e95bd9cd022e9c406b9d7966b5617ebe11
                                                                  • Instruction Fuzzy Hash: F790026134180442E10071588414B060019D7E1301F55C156F1468554DC619CD537226
                                                                  Function 01022F60 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b9276bb70676ee0116fda731cec133ccd9f044a90e104e93304dbf9155e125d1
                                                                  • Instruction ID: cc6e5a3415d9191b2949a12340e28cf5804fdf127fc5a1fe1d2bc157451f8574
                                                                  • Opcode Fuzzy Hash: b9276bb70676ee0116fda731cec133ccd9f044a90e104e93304dbf9155e125d1
                                                                  • Instruction Fuzzy Hash: 5C90026121180042E10471588404706005997E1201F55C153B2558554CC5298D626225
                                                                  Function 01022F90 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c04a247d3ca77d49919f46f2a21b07f90e14653e8aa2c2764bf0c459d3dd6154
                                                                  • Instruction ID: c97a261c14037af3089675d4607b5ea6b1659b7b293fd1ce6c5296a43402d5ac
                                                                  • Opcode Fuzzy Hash: c04a247d3ca77d49919f46f2a21b07f90e14653e8aa2c2764bf0c459d3dd6154
                                                                  • Instruction Fuzzy Hash: 7E900231201C0402E1007158881470B001997D0302F55C152B1568555DC62589527671
                                                                  Function 01022FA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d9cad84870e840f11b9512c8fcd34ad6c3bdefa5ce0bcc5c8efbc902840760b6
                                                                  • Instruction ID: 77dd2fb19c150daf96e529aae05c2eba1a8755bc3b994abc5905e8557ce0037a
                                                                  • Opcode Fuzzy Hash: d9cad84870e840f11b9512c8fcd34ad6c3bdefa5ce0bcc5c8efbc902840760b6
                                                                  • Instruction Fuzzy Hash: 15900231201C0402E10071588808747001997D0302F55C152B5568555EC665C9927631
                                                                  Function 01022FB0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a0306c0e389a6bfde9b441ae82220ebd2a9c3c9c65c0073c0d20437162e7fc18
                                                                  • Instruction ID: 76f82eb08f09e4144ccccb66d8530514a29add4c40c2307277417ef51f610687
                                                                  • Opcode Fuzzy Hash: a0306c0e389a6bfde9b441ae82220ebd2a9c3c9c65c0073c0d20437162e7fc18
                                                                  • Instruction Fuzzy Hash: 8F9002216018004251407168C8449064019BBE1211755C262B0D9C550DC55989666765
                                                                  Function 01022FE0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 33dd6c1a03a762fac1c90013b25d9e4a1fd4dab852a85593d70e6e7a1a215798
                                                                  • Instruction ID: 55d2ed1969f8dfd5ee1bb06f9c11e42b060777fa700b38db962cacff49c8b814
                                                                  • Opcode Fuzzy Hash: 33dd6c1a03a762fac1c90013b25d9e4a1fd4dab852a85593d70e6e7a1a215798
                                                                  • Instruction Fuzzy Hash: 06900221211C0042E20075688C14B07001997D0303F55C256B0558554CC91589626621
                                                                  Function 01022E30 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0f6906d51feb29fb269c1e2dfdccf7625be7e80c1b9b8ddab7a753e2d72e7889
                                                                  • Instruction ID: a2a408877888e96a9b72ce19726984a9e10dd68b6915f26c1031fa382cc927ef
                                                                  • Opcode Fuzzy Hash: 0f6906d51feb29fb269c1e2dfdccf7625be7e80c1b9b8ddab7a753e2d72e7889
                                                                  • Instruction Fuzzy Hash: 7B90022130180402E10271588414606001DD7D1345F95C153F1828555DC6258A53B232
                                                                  Function 01022E80 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8ec74d060eace0d0af4ac71741a0774e9a41a7f41dfb6f183ed4541f2da03da6
                                                                  • Instruction ID: 2a27cf4324a281a423ca1367ffc726c8fb8591c1bfc5cfc9337e132afe643fc0
                                                                  • Opcode Fuzzy Hash: 8ec74d060eace0d0af4ac71741a0774e9a41a7f41dfb6f183ed4541f2da03da6
                                                                  • Instruction Fuzzy Hash: 7090022160180502E10171588404616001E97D0241F95C163B1428555ECA258A93B231
                                                                  Function 01022EA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5855768f039b16bb2b0a21a5cc17342442809f18ac6927acc83cb05a0ad887ac
                                                                  • Instruction ID: 3e325ad968726556b1c86fa837c520136ed8ee99efd909d69000a62b6e0d7522
                                                                  • Opcode Fuzzy Hash: 5855768f039b16bb2b0a21a5cc17342442809f18ac6927acc83cb05a0ad887ac
                                                                  • Instruction Fuzzy Hash: 0E90027120180402E14071588404746001997D0301F55C152B5468554EC6598ED67765
                                                                  Function 01022EE0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8d22bb06c13b00f9267fb3d990b1e787e5a0db8db705bbb52ac6871e12ebc0e7
                                                                  • Instruction ID: 2d9e64bcda7ec4e34034c0f7b39553456366078efd6ae86600885900ed2b0aa7
                                                                  • Opcode Fuzzy Hash: 8d22bb06c13b00f9267fb3d990b1e787e5a0db8db705bbb52ac6871e12ebc0e7
                                                                  • Instruction Fuzzy Hash: 0C900261201C0403E14075588804607001997D0302F55C152B2468555ECA298D527235
                                                                  Function 01023010 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 30ce458bcbcb6bddfd0dde4ac71e8269c648c3e7741ac0bb98cd95da5916b992
                                                                  • Instruction ID: bb007c117e5d28e6a3a51b150b7bda28b1b3568c5acc34f20846a18303ede909
                                                                  • Opcode Fuzzy Hash: 30ce458bcbcb6bddfd0dde4ac71e8269c648c3e7741ac0bb98cd95da5916b992
                                                                  • Instruction Fuzzy Hash: 2F900221201C4442E14072588804B0F411997E1202F95C15AB455A554CC91589566721
                                                                  Function 01023090 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aff27ac6729894d58729556108935671fece6c939378c5cba73271ab82674497
                                                                  • Instruction ID: 4813231ffeba30f3dae97bd1a604d8921432b09644b17d3418b64ec5ea53131f
                                                                  • Opcode Fuzzy Hash: aff27ac6729894d58729556108935671fece6c939378c5cba73271ab82674497
                                                                  • Instruction Fuzzy Hash: 6E90022124180802E1407158C414707001AD7D0601F55C152B0428554DC6168A6677B1
                                                                  Function 010239B0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a3c0fe065a81a500c8161099c7dee6ef5a5ea24625456e710f424111bc6a175e
                                                                  • Instruction ID: ce3e46435ec7131a17d2aff640678b517c662b552690a550b0993f4b69540fbd
                                                                  • Opcode Fuzzy Hash: a3c0fe065a81a500c8161099c7dee6ef5a5ea24625456e710f424111bc6a175e
                                                                  • Instruction Fuzzy Hash: 0F90022124585102E150715C84046164019B7E0201F55C162B0C18594DC55589567321
                                                                  Function 01023D10 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d119322e50e8987e261e62e4f1d6e588e2c21b8c6462043f18c42310165b019a
                                                                  • Instruction ID: f01b75406c3209733ad9aa2d6999f4cee125222bd76753169f39232fa833d60a
                                                                  • Opcode Fuzzy Hash: d119322e50e8987e261e62e4f1d6e588e2c21b8c6462043f18c42310165b019a
                                                                  • Instruction Fuzzy Hash: BE90023120280142A54072589804A4E411997E1302B95D556B0419554CC91489626321
                                                                  Function 01023D70 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9452d4f0d4161c4adf40fccde4a1391acc3ee716c2d1b0b5a3c19e958065c956
                                                                  • Instruction ID: 734219642d45bd0e05d1114db71a80362b33574f91a2cf9e5e202b94b8d6b355
                                                                  • Opcode Fuzzy Hash: 9452d4f0d4161c4adf40fccde4a1391acc3ee716c2d1b0b5a3c19e958065c956
                                                                  • Instruction Fuzzy Hash: A190023520180402E51071589804646005A97D0301F55D552B0828558DC65489A2B221
                                                                  Function 01022C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                  • Instruction ID: 7fd0c5ccda2c613ec535739e8c5bd39a235f5da996e1e9585667b3bc4c3d1214
                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                  • Instruction Fuzzy Hash:
                                                                  Function 01022890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                  • API String ID: 48624451-2108815105
                                                                  • Opcode ID: d761064f69be406982e979547c51074e4a8b1ba005ee8116fca2292713fb77fa
                                                                  • Instruction ID: 7274b9b94156da34496bbc86cd4cdb2e855328443ccf3c84d955e3d379e37990
                                                                  • Opcode Fuzzy Hash: d761064f69be406982e979547c51074e4a8b1ba005ee8116fca2292713fb77fa
                                                                  • Instruction Fuzzy Hash: DD5107B2B04126BFCB61DB9C888097EFBF8BB49244B548269F5D5D7641D374DE008BA0
                                                                  Function 01092410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                  • API String ID: 48624451-2108815105
                                                                  • Opcode ID: 654bc9e231f6a9325b49965c9b985eb169dd5dd40bbaeeec48f79f74f9863819
                                                                  • Instruction ID: 6b3fbab36cbab1c3327ae19527656836ef08204a3f6a81fe32ce1e0c8cd003a7
                                                                  • Opcode Fuzzy Hash: 654bc9e231f6a9325b49965c9b985eb169dd5dd40bbaeeec48f79f74f9863819
                                                                  • Instruction Fuzzy Hash: 10510771A00645BFCF70DF9CC8A097FB7F9EB44200B44846AE5D6C7682DA74DA40A760
                                                                  Function 01017630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • ExecuteOptions, xrefs: 010546A0
                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01054655
                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01054725
                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01054787
                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010546FC
                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01054742
                                                                  • Execute=1, xrefs: 01054713
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                  • API String ID: 0-484625025
                                                                  • Opcode ID: deadd7910955e572533ab51a5546fa87d25cf93705667fd183b4910cb5891572
                                                                  • Instruction ID: 769c98505e203bf1f2e4ea0582f932482ae1ba977fe3a0f7f366a62d23e4dfdd
                                                                  • Opcode Fuzzy Hash: deadd7910955e572533ab51a5546fa87d25cf93705667fd183b4910cb5891572
                                                                  • Instruction Fuzzy Hash: 0F513B3164021A7AEF11EBA8EC95FEE77A8FF19300F0404D9EA85A7181EB759A418F51
                                                                  Function 0102B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: __aulldvrm
                                                                  • String ID: +$-$0$0
                                                                  • API String ID: 1302938615-699404926
                                                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                  • Instruction ID: f923538ffa2548f97496163c74099301c4727e4bd009c514bc7fb3a5ab891f94
                                                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                  • Instruction Fuzzy Hash: 2981E230E052698EEF25CE6CC8947FEBBF1BF45320F18419AD8E5A7291C7748841CB51
                                                                  Function 010920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: %%%u$[$]:%u
                                                                  • API String ID: 48624451-2819853543
                                                                  • Opcode ID: b7b01152f9643e37db8aefcd7464c3fd3ce79225aa0e189b3077a14374e6685b
                                                                  • Instruction ID: 1dadb259bfb8f6e413a68285df84e8c896a4eae9b6d7a4a138b4ed64620a0470
                                                                  • Opcode Fuzzy Hash: b7b01152f9643e37db8aefcd7464c3fd3ce79225aa0e189b3077a14374e6685b
                                                                  • Instruction Fuzzy Hash: 8C2165BAA00119ABDB10DF79DC50AFEBBF9EF64650F140156EA85D3240E730DA119BA1
                                                                  Function 0100F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RTL: Re-Waiting, xrefs: 0105031E
                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010502BD
                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010502E7
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                  • API String ID: 0-2474120054
                                                                  • Opcode ID: c787111649d753416eabcd665dbf559e981fa2d2ae51ad96743b877fda78da0a
                                                                  • Instruction ID: f26a6ce2681a30ffcbd76806e7d128e599ec658fe115de611482e63579fee838
                                                                  • Opcode Fuzzy Hash: c787111649d753416eabcd665dbf559e981fa2d2ae51ad96743b877fda78da0a
                                                                  • Instruction Fuzzy Hash: 5EE1AE306087429FE766CF28C884B6ABBE0BB88314F144A5DF9D5CB2D1D775D945CB42
                                                                  Function 0101BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RTL: Resource at %p, xrefs: 01057B8E
                                                                  • RTL: Re-Waiting, xrefs: 01057BAC
                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01057B7F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                  • API String ID: 0-871070163
                                                                  • Opcode ID: 699f7c36f67558ff20655de9a9f0604acbb9aec2893af2648421274fd8c0f800
                                                                  • Instruction ID: 89b9f0b8b954101263180d988b70a3e011e98c1fe81dce708fb5c1f491fe1ad3
                                                                  • Opcode Fuzzy Hash: 699f7c36f67558ff20655de9a9f0604acbb9aec2893af2648421274fd8c0f800
                                                                  • Instruction Fuzzy Hash: DB41B0317047039FD760DE29C841B6BB7E5EB98720F100A5DF9DA9B680DB72E8058B91
                                                                  Function 0101B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0105728C
                                                                  Strings
                                                                  • RTL: Resource at %p, xrefs: 010572A3
                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01057294
                                                                  • RTL: Re-Waiting, xrefs: 010572C1
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                  • API String ID: 885266447-605551621
                                                                  • Opcode ID: a3c76b321fe625e34ae97c51937be827b8170702acbd77fdb4843166c1dafa6d
                                                                  • Instruction ID: ae32b505df6319a295b6e4a8b5b47fe71b944c21f86a3c0152919e91bbdfc818
                                                                  • Opcode Fuzzy Hash: a3c76b321fe625e34ae97c51937be827b8170702acbd77fdb4843166c1dafa6d
                                                                  • Instruction Fuzzy Hash: 3941FD31740203ABC761DE2ACC41FAABBE5FB98750F104619FDD5EB280DB25E8029BD1
                                                                  Function 01092300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: %%%u$]:%u
                                                                  • API String ID: 48624451-3050659472
                                                                  • Opcode ID: 65d8f09bbe8dc48bd23c42c1c953c346b0480a352820ac331d72cd048302890a
                                                                  • Instruction ID: f972a06de676fa4389a0cd1a814402e5a32f0b866157506920f20421d8b39047
                                                                  • Opcode Fuzzy Hash: 65d8f09bbe8dc48bd23c42c1c953c346b0480a352820ac331d72cd048302890a
                                                                  • Instruction Fuzzy Hash: 50318672A00219AFDF60DE2DDC50BEE77F8EB54610F458596E989E3240EB30DA449BA0
                                                                  Function 01027D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID: __aulldvrm
                                                                  • String ID: +$-
                                                                  • API String ID: 1302938615-2137968064
                                                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                  • Instruction ID: 553860277fa63db38302bbca2a5a015d41daf9a16df06004f680005c9c274587
                                                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                  • Instruction Fuzzy Hash: 7F91C171E0423A9BEFA4DF6DC881ABEBBF5AF64320F14455AE9D5A72C0D73089408721
                                                                  Function 00FE9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.2218511427.0000000000FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_fb0000_3FG4bsfkEwmxFYY.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $$@
                                                                  • API String ID: 0-1194432280
                                                                  • Opcode ID: eb77e1320398b8514fe09fa61ddca7dc636f6deb2c25446ad8d8d96aaafebf47
                                                                  • Instruction ID: 7419e2bbc65248ac412457204fa55ce27a417e36ff12945aa91cf081b31b4ab0
                                                                  • Opcode Fuzzy Hash: eb77e1320398b8514fe09fa61ddca7dc636f6deb2c25446ad8d8d96aaafebf47
                                                                  • Instruction Fuzzy Hash: 9D812AB1D002699BDB31DB54CC45BEEB7B8AF08750F0041EAEA59B7280D7759E84DFA0