Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO_62401394_MITech_20250601.exe

Overview

General Information

Sample name:PO_62401394_MITech_20250601.exe
Analysis ID:1585196
MD5:b01928cd0befa10c1c43b3339e03bd8d
SHA1:4ad60b0dc750db8e158eeb6c020638f476c3298a
SHA256:fb2a72faafc798d6d34f0a05f3603a36a66b684967e325051c8913ef0e118fa0
Infos:

Detection

FormBook
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w11x64_office
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.12108417160.0000000000D00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.PO_62401394_MITech_20250601.exe.d70000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: PO_62401394_MITech_20250601.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: PO_62401394_MITech_20250601.exeVirustotal: Detection: 63%Perma Link
        Source: PO_62401394_MITech_20250601.exeReversingLabs: Detection: 68%
        Yara detected FormBook
        Source: Yara matchFile source: 1.2.PO_62401394_MITech_20250601.exe.d70000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000001.00000002.12108417160.0000000000D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: PO_62401394_MITech_20250601.exeJoe Sandbox ML: detected
        Source: PO_62401394_MITech_20250601.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: PO_62401394_MITech_20250601.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: PO_62401394_MITech_20250601.exe, 00000001.00000003.12030934908.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.00000000010B6000.00000040.00001000.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000003.12024939207.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: PO_62401394_MITech_20250601.exe, PO_62401394_MITech_20250601.exe, 00000001.00000003.12030934908.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.00000000010B6000.00000040.00001000.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000003.12024939207.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficDNS traffic detected: DNS query: tse1.mm.bing.net

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 1.2.PO_62401394_MITech_20250601.exe.d70000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000001.00000002.12108417160.0000000000D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        System Summary

        barindex
        Initial sample is a PE file and has a suspicious name
        Source: initial sampleStatic PE information: Filename: PO_62401394_MITech_20250601.exe
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D9CB43 NtClose,1_2_00D9CB43
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6C90 NtClose,LdrInitializeThunk,1_2_00FF6C90
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6DA0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00FF6DA0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6F20 NtQuerySystemInformation,LdrInitializeThunk,1_2_00FF6F20
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF7740 NtCreateMutant,LdrInitializeThunk,1_2_00FF7740
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF8540 NtSetContextThread,1_2_00FF8540
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF8880 NtSuspendThread,1_2_00FF8880
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6BE0 NtWaitForSingleObject,1_2_00FF6BE0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6CD0 NtEnumerateValueKey,1_2_00FF6CD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6CB0 NtQueryInformationFile,1_2_00FF6CB0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6C20 NtWriteFile,1_2_00FF6C20
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6C00 NtReadFile,1_2_00FF6C00
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6DF0 NtQueryVirtualMemory,1_2_00FF6DF0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6DD0 NtQueryInformationToken,1_2_00FF6DD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6D90 NtCreateKey,1_2_00FF6D90
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6D30 NtQueryInformationProcess,1_2_00FF6D30
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6D20 NtAllocateVirtualMemory,1_2_00FF6D20
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6D10 NtQueryValueKey,1_2_00FF6D10
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6EE0 NtEnumerateKey,1_2_00FF6EE0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6E60 NtUnmapViewOfSection,1_2_00FF6E60
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6E40 NtMapViewOfSection,1_2_00FF6E40
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6E30 NtSetInformationFile,1_2_00FF6E30
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6E20 NtOpenProcess,1_2_00FF6E20
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6FD0 NtAdjustPrivilegesToken,1_2_00FF6FD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6FB0 NtReadVirtualMemory,1_2_00FF6FB0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6F60 NtWriteVirtualMemory,1_2_00FF6F60
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF6F00 NtDelayExecution,1_2_00FF6F00
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF70E0 NtResumeThread,1_2_00FF70E0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF70D0 NtQuerySection,1_2_00FF70D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF70C0 NtProtectVirtualMemory,1_2_00FF70C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF7090 NtCreateProcessEx,1_2_00FF7090
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF7060 NtCreateSection,1_2_00FF7060
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF7010 NtQueueApcThread,1_2_00FF7010
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF71C0 NtSetValueKey,1_2_00FF71C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF7140 NtOpenDirectoryObject,1_2_00FF7140
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF7110 NtCreateFile,1_2_00FF7110
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF7B50 NtGetContextThread,1_2_00FF7B50
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF7ED0 NtOpenProcessToken,1_2_00FF7ED0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF7F30 NtOpenThread,1_2_00FF7F30
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D71B911_2_00D71B91
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D728C01_2_00D728C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D728BC1_2_00D728BC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D710001_2_00D71000
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D9F1631_2_00D9F163
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D732101_2_00D73210
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D732051_2_00D73205
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D803131_2_00D80313
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D7E5131_2_00D7E513
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D7E5121_2_00D7E512
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D86D131_2_00D86D13
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D86D0E1_2_00D86D0E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D805331_2_00D80533
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D7E6571_2_00D7E657
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D7467A1_2_00D7467A
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D7E6631_2_00D7E663
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010781481_2_01078148
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108219B1_2_0108219B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDC1801_2_00FDC180
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010640D51_2_010640D5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010143331_2_01014333
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C01_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0100A3601_2_0100A360
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010103671_2_01010367
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010683E91_2_010683E9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010562101_2_01056210
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010022301_2_01002230
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010342301_2_01034230
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010845061_2_01084506
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010785091_2_01078509
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010865A91_2_010865A9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104E41D1_2_0104E41D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEE5601_2_00FEE560
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010464B01_2_010464B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010584D01_2_010584D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF65201_2_00FF6520
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010604EE1_2_010604EE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA6F01_2_00FDA6F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107475C1_2_0107475C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010127EA1_2_010127EA
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010189CC1_2_010189CC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC88101_2_00FC8810
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010168131_2_01016813
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0109284D1_2_0109284D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB89901_2_00FB8990
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108688C1_2_0108688C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD29601_2_00FD2960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107E8F11_2_0107E8F1
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01012B0E1_2_01012B0E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01014B1F1_2_01014B1F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B251_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078BC31_2_01078BC3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE2C391_2_00FE2C39
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE8C301_2_00FE8C30
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107EDD51_2_0107EDD5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01086C1B1_2_01086C1B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FACD681_2_00FACD68
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC8D601_2_00FC8D60
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD0D501_2_00FD0D50
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCAE901_2_00FCAE90
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE2E601_2_00FE2E60
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01086FDA1_2_01086FDA
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF2F851_2_00FF2F85
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106AEE01_2_0106AEE0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103AEF01_2_0103AEF0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE10F01_2_00FE10F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107F13D1_2_0107F13D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0101714A1_2_0101714A
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010451601_2_01045160
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD705C1_2_00FD705C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010051B01_2_010051B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010751E51_2_010751E5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010930101_2_01093010
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010170A21_2_010170A2
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD51201_2_00FD5120
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010633051_2_01063305
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD72801_2_00FD7280
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010873F51_2_010873F5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF93D41_2_00FF93D4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107B2581_2_0107B258
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010792BB1_2_010792BB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE13001_2_00FE1300
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010735481_2_01073548
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010875A11_2_010875A1
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107F5C21_2_0107F5C2
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010675CE1_2_010675CE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBB5131_2_00FBB513
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDB5101_2_00FDB510
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA95001_2_00FA9500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDD6B81_2_00FDD6B8
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC56B01_2_00FC56B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAF7801_2_00FAF780
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAB7571_2_00FAB757
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD37531_2_00FD3753
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD77301_2_00FD7730
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB57001_2_00FB5700
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB18CB1_2_00FB18CB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108199F1_2_0108199F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCD8001_2_00FCD800
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD19F01_2_00FD19F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD799E1_2_00FD799E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD39801_2_00FD3980
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010138871_2_01013887
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010698D01_2_010698D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01015B421_2_01015B42
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCBA901_2_00FCBA90
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01063BCC1_2_01063BCC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0100FA891_2_0100FA89
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104FAD71_2_0104FAD7
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01065D5F1_2_01065D5F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01075DBB1_2_01075DBB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01067C0C1_2_01067C0C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01039C151_2_01039C15
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01013C4D1_2_01013C4D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103FC9F1_2_0103FC9F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107DFB31_2_0107DFB3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105BE301_2_0105BE30
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01087E721_2_01087E72
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE1F801_2_00FE1F80
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FABF411_2_00FABF41
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: String function: 0100CDE9 appears 95 times
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: String function: 01019170 appears 103 times
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: String function: 00FAA830 appears 248 times
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: String function: 01045450 appears 105 times
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: String function: 00FF9390 appears 57 times
        Source: PO_62401394_MITech_20250601.exeStatic PE information: No import functions for PE file found
        Source: PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.0000000001268000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO_62401394_MITech_20250601.exe
        Source: PO_62401394_MITech_20250601.exe, 00000001.00000003.12024939207.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO_62401394_MITech_20250601.exe
        Source: PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.00000000010B6000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO_62401394_MITech_20250601.exe
        Source: PO_62401394_MITech_20250601.exe, 00000001.00000003.12030934908.0000000000EFD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO_62401394_MITech_20250601.exe
        Source: PO_62401394_MITech_20250601.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: PO_62401394_MITech_20250601.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: classification engineClassification label: mal76.troj.winEXE@1/0@1/0
        Source: PO_62401394_MITech_20250601.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: PO_62401394_MITech_20250601.exeVirustotal: Detection: 63%
        Source: PO_62401394_MITech_20250601.exeReversingLabs: Detection: 68%
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeSection loaded: apphelp.dllJump to behavior
        Source: PO_62401394_MITech_20250601.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: PO_62401394_MITech_20250601.exe, 00000001.00000003.12030934908.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.00000000010B6000.00000040.00001000.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000003.12024939207.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: PO_62401394_MITech_20250601.exe, PO_62401394_MITech_20250601.exe, 00000001.00000003.12030934908.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.00000000010B6000.00000040.00001000.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000003.12024939207.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PO_62401394_MITech_20250601.exe, 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D83863 push ss; iretd 1_2_00D83880
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D73490 push eax; ret 1_2_00D73492
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D8E4A4 push cs; retf 1_2_00D8E4AD
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D84DC4 pushfd ; retf 1_2_00D84DCE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D8EE21 push FFFFFFADh; ret 1_2_00D8EE23
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D8EFFC push ecx; ret 1_2_00D8EFFD
        Source: PO_62401394_MITech_20250601.exeStatic PE information: section name: .text entropy: 7.995271347901756
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF4A0D rdtsc 1_2_00FF4A0D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeAPI coverage: 0.7 %
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe TID: 8472Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF4A0D rdtsc 1_2_00FF4A0D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00D87CA3 LdrLoadDll,1_2_00D87CA3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEE0FA mov eax, dword ptr fs:[00000030h]1_2_00FEE0FA
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEE0FA mov eax, dword ptr fs:[00000030h]1_2_00FEE0FA
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108C100 mov eax, dword ptr fs:[00000030h]1_2_0108C100
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108C100 mov eax, dword ptr fs:[00000030h]1_2_0108C100
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108C100 mov eax, dword ptr fs:[00000030h]1_2_0108C100
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108C100 mov eax, dword ptr fs:[00000030h]1_2_0108C100
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108C100 mov eax, dword ptr fs:[00000030h]1_2_0108C100
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108C100 mov eax, dword ptr fs:[00000030h]1_2_0108C100
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108C100 mov eax, dword ptr fs:[00000030h]1_2_0108C100
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEA0C7 mov eax, dword ptr fs:[00000030h]1_2_00FEA0C7
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEA0C7 mov ecx, dword ptr fs:[00000030h]1_2_00FEA0C7
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEA0C7 mov eax, dword ptr fs:[00000030h]1_2_00FEA0C7
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEA0C7 mov eax, dword ptr fs:[00000030h]1_2_00FEA0C7
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBC0B8 mov eax, dword ptr fs:[00000030h]1_2_00FBC0B8
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBC0B8 mov eax, dword ptr fs:[00000030h]1_2_00FBC0B8
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107614F mov eax, dword ptr fs:[00000030h]1_2_0107614F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078148 mov eax, dword ptr fs:[00000030h]1_2_01078148
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078148 mov eax, dword ptr fs:[00000030h]1_2_01078148
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA609F mov eax, dword ptr fs:[00000030h]1_2_00FA609F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA609F mov eax, dword ptr fs:[00000030h]1_2_00FA609F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA609F mov eax, dword ptr fs:[00000030h]1_2_00FA609F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA607D mov eax, dword ptr fs:[00000030h]1_2_00FA607D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA607D mov eax, dword ptr fs:[00000030h]1_2_00FA607D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA607D mov eax, dword ptr fs:[00000030h]1_2_00FA607D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108219B mov eax, dword ptr fs:[00000030h]1_2_0108219B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE055 mov eax, dword ptr fs:[00000030h]1_2_00FBE055
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE055 mov eax, dword ptr fs:[00000030h]1_2_00FBE055
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE055 mov eax, dword ptr fs:[00000030h]1_2_00FBE055
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE055 mov eax, dword ptr fs:[00000030h]1_2_00FBE055
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE055 mov eax, dword ptr fs:[00000030h]1_2_00FBE055
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE055 mov eax, dword ptr fs:[00000030h]1_2_00FBE055
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE055 mov eax, dword ptr fs:[00000030h]1_2_00FBE055
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE055 mov eax, dword ptr fs:[00000030h]1_2_00FBE055
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010101B0 mov eax, dword ptr fs:[00000030h]1_2_010101B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA049 mov eax, dword ptr fs:[00000030h]1_2_00FAA049
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA049 mov eax, dword ptr fs:[00000030h]1_2_00FAA049
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA049 mov eax, dword ptr fs:[00000030h]1_2_00FAA049
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010721BB mov eax, dword ptr fs:[00000030h]1_2_010721BB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010581DB mov eax, dword ptr fs:[00000030h]1_2_010581DB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010581DB mov eax, dword ptr fs:[00000030h]1_2_010581DB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010581DB mov eax, dword ptr fs:[00000030h]1_2_010581DB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE4020 mov eax, dword ptr fs:[00000030h]1_2_00FE4020
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEE016 mov ebx, dword ptr fs:[00000030h]1_2_00FEE016
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEE016 mov eax, dword ptr fs:[00000030h]1_2_00FEE016
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01034000 mov eax, dword ptr fs:[00000030h]1_2_01034000
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01034000 mov eax, dword ptr fs:[00000030h]1_2_01034000
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01034000 mov ecx, dword ptr fs:[00000030h]1_2_01034000
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103A000 mov ecx, dword ptr fs:[00000030h]1_2_0103A000
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C010 mov eax, dword ptr fs:[00000030h]1_2_0103C010
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF61B5 mov eax, dword ptr fs:[00000030h]1_2_00FF61B5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF61B5 mov ecx, dword ptr fs:[00000030h]1_2_00FF61B5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01076057 mov eax, dword ptr fs:[00000030h]1_2_01076057
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01072050 mov ecx, dword ptr fs:[00000030h]1_2_01072050
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01044053 mov eax, dword ptr fs:[00000030h]1_2_01044053
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC1A0 mov eax, dword ptr fs:[00000030h]1_2_00FCC1A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC1A0 mov eax, dword ptr fs:[00000030h]1_2_00FCC1A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC1A0 mov eax, dword ptr fs:[00000030h]1_2_00FCC1A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC1A0 mov eax, dword ptr fs:[00000030h]1_2_00FCC1A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC1A0 mov eax, dword ptr fs:[00000030h]1_2_00FCC1A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC1A0 mov eax, dword ptr fs:[00000030h]1_2_00FCC1A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC1A0 mov eax, dword ptr fs:[00000030h]1_2_00FCC1A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A060 mov eax, dword ptr fs:[00000030h]1_2_0105A060
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A060 mov eax, dword ptr fs:[00000030h]1_2_0105A060
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A060 mov eax, dword ptr fs:[00000030h]1_2_0105A060
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A060 mov eax, dword ptr fs:[00000030h]1_2_0105A060
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A060 mov eax, dword ptr fs:[00000030h]1_2_0105A060
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEE190 mov eax, dword ptr fs:[00000030h]1_2_00FEE190
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEE190 mov eax, dword ptr fs:[00000030h]1_2_00FEE190
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF418E mov eax, dword ptr fs:[00000030h]1_2_00FF418E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAE18F mov eax, dword ptr fs:[00000030h]1_2_00FAE18F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDC180 mov ecx, dword ptr fs:[00000030h]1_2_00FDC180
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C0A0 mov eax, dword ptr fs:[00000030h]1_2_0103C0A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD8155 mov eax, dword ptr fs:[00000030h]1_2_00FD8155
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD8155 mov eax, dword ptr fs:[00000030h]1_2_00FD8155
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD8155 mov eax, dword ptr fs:[00000030h]1_2_00FD8155
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD8155 mov eax, dword ptr fs:[00000030h]1_2_00FD8155
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD8155 mov eax, dword ptr fs:[00000030h]1_2_00FD8155
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010460C1 mov eax, dword ptr fs:[00000030h]1_2_010460C1
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105E0CF mov edx, dword ptr fs:[00000030h]1_2_0105E0CF
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010640D5 mov ecx, dword ptr fs:[00000030h]1_2_010640D5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010640D5 mov ecx, dword ptr fs:[00000030h]1_2_010640D5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010640D5 mov eax, dword ptr fs:[00000030h]1_2_010640D5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0100E0D9 mov eax, dword ptr fs:[00000030h]1_2_0100E0D9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0100E0D9 mov eax, dword ptr fs:[00000030h]1_2_0100E0D9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010760DC mov eax, dword ptr fs:[00000030h]1_2_010760DC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0100E306 mov eax, dword ptr fs:[00000030h]1_2_0100E306
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA2F0 mov esi, dword ptr fs:[00000030h]1_2_00FDA2F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA2F0 mov eax, dword ptr fs:[00000030h]1_2_00FDA2F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA2F0 mov eax, dword ptr fs:[00000030h]1_2_00FDA2F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C0 mov ecx, dword ptr fs:[00000030h]1_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C0 mov eax, dword ptr fs:[00000030h]1_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C0 mov eax, dword ptr fs:[00000030h]1_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C0 mov eax, dword ptr fs:[00000030h]1_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C0 mov eax, dword ptr fs:[00000030h]1_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C0 mov eax, dword ptr fs:[00000030h]1_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C0 mov eax, dword ptr fs:[00000030h]1_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C0 mov eax, dword ptr fs:[00000030h]1_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCA2C0 mov eax, dword ptr fs:[00000030h]1_2_00FCA2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDE2C0 mov eax, dword ptr fs:[00000030h]1_2_00FDE2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDE2C0 mov eax, dword ptr fs:[00000030h]1_2_00FDE2C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE82B9 mov eax, dword ptr fs:[00000030h]1_2_00FE82B9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB82B6 mov eax, dword ptr fs:[00000030h]1_2_00FB82B6
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB82B6 mov eax, dword ptr fs:[00000030h]1_2_00FB82B6
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB82B6 mov eax, dword ptr fs:[00000030h]1_2_00FB82B6
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE42B0 mov eax, dword ptr fs:[00000030h]1_2_00FE42B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01010367 mov eax, dword ptr fs:[00000030h]1_2_01010367
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01010367 mov eax, dword ptr fs:[00000030h]1_2_01010367
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6283 mov eax, dword ptr fs:[00000030h]1_2_00FA6283
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C380 mov eax, dword ptr fs:[00000030h]1_2_0103C380
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010743A9 mov eax, dword ptr fs:[00000030h]1_2_010743A9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6247 mov eax, dword ptr fs:[00000030h]1_2_00FA6247
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF2227 mov eax, dword ptr fs:[00000030h]1_2_00FF2227
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF2227 mov eax, dword ptr fs:[00000030h]1_2_00FF2227
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC421F mov eax, dword ptr fs:[00000030h]1_2_00FC421F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC421F mov eax, dword ptr fs:[00000030h]1_2_00FC421F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC421F mov eax, dword ptr fs:[00000030h]1_2_00FC421F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010763E1 mov eax, dword ptr fs:[00000030h]1_2_010763E1
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA210 mov eax, dword ptr fs:[00000030h]1_2_00FAA210
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010683E9 mov eax, dword ptr fs:[00000030h]1_2_010683E9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010683E9 mov eax, dword ptr fs:[00000030h]1_2_010683E9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010683E9 mov eax, dword ptr fs:[00000030h]1_2_010683E9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C3F0 mov eax, dword ptr fs:[00000030h]1_2_0103C3F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C3F0 mov eax, dword ptr fs:[00000030h]1_2_0103C3F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C3F0 mov eax, dword ptr fs:[00000030h]1_2_0103C3F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C3F0 mov eax, dword ptr fs:[00000030h]1_2_0103C3F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C3F0 mov eax, dword ptr fs:[00000030h]1_2_0103C3F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C3F0 mov eax, dword ptr fs:[00000030h]1_2_0103C3F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103C3F0 mov eax, dword ptr fs:[00000030h]1_2_0103C3F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDE200 mov eax, dword ptr fs:[00000030h]1_2_00FDE200
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDE200 mov eax, dword ptr fs:[00000030h]1_2_00FDE200
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C200 mov eax, dword ptr fs:[00000030h]1_2_0104C200
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C200 mov eax, dword ptr fs:[00000030h]1_2_0104C200
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C200 mov eax, dword ptr fs:[00000030h]1_2_0104C200
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C200 mov ecx, dword ptr fs:[00000030h]1_2_0104C200
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF23EF mov eax, dword ptr fs:[00000030h]1_2_00FF23EF
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF23EF mov eax, dword ptr fs:[00000030h]1_2_00FF23EF
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF23EF mov eax, dword ptr fs:[00000030h]1_2_00FF23EF
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF23EF mov eax, dword ptr fs:[00000030h]1_2_00FF23EF
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF23EF mov eax, dword ptr fs:[00000030h]1_2_00FF23EF
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF23EF mov eax, dword ptr fs:[00000030h]1_2_00FF23EF
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF23EF mov eax, dword ptr fs:[00000030h]1_2_00FF23EF
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF23EF mov eax, dword ptr fs:[00000030h]1_2_00FF23EF
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE83EC mov eax, dword ptr fs:[00000030h]1_2_00FE83EC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE83EC mov eax, dword ptr fs:[00000030h]1_2_00FE83EC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov ecx, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov ecx, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106621E mov eax, dword ptr fs:[00000030h]1_2_0106621E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01060224 mov ecx, dword ptr fs:[00000030h]1_2_01060224
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA83C0 mov eax, dword ptr fs:[00000030h]1_2_00FA83C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA83C0 mov eax, dword ptr fs:[00000030h]1_2_00FA83C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA3C0 mov eax, dword ptr fs:[00000030h]1_2_00FDA3C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA3C0 mov eax, dword ptr fs:[00000030h]1_2_00FDA3C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE3B6 mov eax, dword ptr fs:[00000030h]1_2_00FBE3B6
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE3B6 mov eax, dword ptr fs:[00000030h]1_2_00FBE3B6
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103E259 mov eax, dword ptr fs:[00000030h]1_2_0103E259
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103E259 mov ecx, dword ptr fs:[00000030h]1_2_0103E259
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEA3A0 mov eax, dword ptr fs:[00000030h]1_2_00FEA3A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEA3A0 mov eax, dword ptr fs:[00000030h]1_2_00FEA3A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF03A0 mov eax, dword ptr fs:[00000030h]1_2_00FF03A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC0370 mov eax, dword ptr fs:[00000030h]1_2_00FC0370
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC0370 mov eax, dword ptr fs:[00000030h]1_2_00FC0370
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF035E mov eax, dword ptr fs:[00000030h]1_2_00FF035E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE634A mov eax, dword ptr fs:[00000030h]1_2_00FE634A
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE634A mov eax, dword ptr fs:[00000030h]1_2_00FE634A
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA8330 mov ecx, dword ptr fs:[00000030h]1_2_00FA8330
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010762CC mov eax, dword ptr fs:[00000030h]1_2_010762CC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6320 mov eax, dword ptr fs:[00000030h]1_2_00FA6320
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6320 mov eax, dword ptr fs:[00000030h]1_2_00FA6320
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6320 mov ecx, dword ptr fs:[00000030h]1_2_00FA6320
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA310 mov eax, dword ptr fs:[00000030h]1_2_00FBA310
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA310 mov eax, dword ptr fs:[00000030h]1_2_00FBA310
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA310 mov eax, dword ptr fs:[00000030h]1_2_00FBA310
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA310 mov eax, dword ptr fs:[00000030h]1_2_00FBA310
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA308 mov eax, dword ptr fs:[00000030h]1_2_00FAA308
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064500 mov eax, dword ptr fs:[00000030h]1_2_01064500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064500 mov ecx, dword ptr fs:[00000030h]1_2_01064500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064500 mov eax, dword ptr fs:[00000030h]1_2_01064500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064500 mov eax, dword ptr fs:[00000030h]1_2_01064500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064500 mov eax, dword ptr fs:[00000030h]1_2_01064500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078509 mov eax, dword ptr fs:[00000030h]1_2_01078509
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078509 mov eax, dword ptr fs:[00000030h]1_2_01078509
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078509 mov eax, dword ptr fs:[00000030h]1_2_01078509
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078509 mov eax, dword ptr fs:[00000030h]1_2_01078509
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA64E0 mov eax, dword ptr fs:[00000030h]1_2_00FA64E0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA64E0 mov ecx, dword ptr fs:[00000030h]1_2_00FA64E0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA64E0 mov eax, dword ptr fs:[00000030h]1_2_00FA64E0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA64E0 mov eax, dword ptr fs:[00000030h]1_2_00FA64E0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB64DE mov eax, dword ptr fs:[00000030h]1_2_00FB64DE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB64DE mov eax, dword ptr fs:[00000030h]1_2_00FB64DE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01076536 mov eax, dword ptr fs:[00000030h]1_2_01076536
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105E540 mov eax, dword ptr fs:[00000030h]1_2_0105E540
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01038544 mov eax, dword ptr fs:[00000030h]1_2_01038544
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01038544 mov ecx, dword ptr fs:[00000030h]1_2_01038544
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01038544 mov ecx, dword ptr fs:[00000030h]1_2_01038544
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA4B0 mov eax, dword ptr fs:[00000030h]1_2_00FBA4B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA4B0 mov eax, dword ptr fs:[00000030h]1_2_00FBA4B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB849A mov eax, dword ptr fs:[00000030h]1_2_00FB849A
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106656E mov eax, dword ptr fs:[00000030h]1_2_0106656E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106656E mov eax, dword ptr fs:[00000030h]1_2_0106656E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106656E mov eax, dword ptr fs:[00000030h]1_2_0106656E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01074570 mov eax, dword ptr fs:[00000030h]1_2_01074570
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01074570 mov ecx, dword ptr fs:[00000030h]1_2_01074570
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01018595 mov eax, dword ptr fs:[00000030h]1_2_01018595
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01018595 mov eax, dword ptr fs:[00000030h]1_2_01018595
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE46C mov eax, dword ptr fs:[00000030h]1_2_00FBE46C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE46C mov eax, dword ptr fs:[00000030h]1_2_00FBE46C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6466 mov eax, dword ptr fs:[00000030h]1_2_00FA6466
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6466 mov ecx, dword ptr fs:[00000030h]1_2_00FA6466
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDE463 mov eax, dword ptr fs:[00000030h]1_2_00FDE463
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0100C5A0 mov eax, dword ptr fs:[00000030h]1_2_0100C5A0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB8450 mov eax, dword ptr fs:[00000030h]1_2_00FB8450
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010765BB mov eax, dword ptr fs:[00000030h]1_2_010765BB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104A5C4 mov eax, dword ptr fs:[00000030h]1_2_0104A5C4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104A5C4 mov eax, dword ptr fs:[00000030h]1_2_0104A5C4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104A5C4 mov ecx, dword ptr fs:[00000030h]1_2_0104A5C4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104A5C4 mov eax, dword ptr fs:[00000030h]1_2_0104A5C4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104A5C4 mov eax, dword ptr fs:[00000030h]1_2_0104A5C4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010405C0 mov eax, dword ptr fs:[00000030h]1_2_010405C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF040B mov eax, dword ptr fs:[00000030h]1_2_00FF040B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF040B mov eax, dword ptr fs:[00000030h]1_2_00FF040B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF040B mov eax, dword ptr fs:[00000030h]1_2_00FF040B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010425F0 mov ecx, dword ptr fs:[00000030h]1_2_010425F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE6405 mov eax, dword ptr fs:[00000030h]1_2_00FE6405
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE6405 mov eax, dword ptr fs:[00000030h]1_2_00FE6405
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEE400 mov eax, dword ptr fs:[00000030h]1_2_00FEE400
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104E41D mov eax, dword ptr fs:[00000030h]1_2_0104E41D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC5E0 mov eax, dword ptr fs:[00000030h]1_2_00FCC5E0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC5E0 mov eax, dword ptr fs:[00000030h]1_2_00FCC5E0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA5D0 mov eax, dword ptr fs:[00000030h]1_2_00FDA5D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA5D0 mov eax, dword ptr fs:[00000030h]1_2_00FDA5D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA5D0 mov eax, dword ptr fs:[00000030h]1_2_00FDA5D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA5D0 mov eax, dword ptr fs:[00000030h]1_2_00FDA5D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA5D0 mov eax, dword ptr fs:[00000030h]1_2_00FDA5D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA5C1 mov eax, dword ptr fs:[00000030h]1_2_00FBA5C1
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAC5BE mov eax, dword ptr fs:[00000030h]1_2_00FAC5BE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FCC5B9 mov eax, dword ptr fs:[00000030h]1_2_00FCC5B9
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107644E mov eax, dword ptr fs:[00000030h]1_2_0107644E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01034461 mov eax, dword ptr fs:[00000030h]1_2_01034461
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01074460 mov eax, dword ptr fs:[00000030h]1_2_01074460
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01074460 mov eax, dword ptr fs:[00000030h]1_2_01074460
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF258A mov eax, dword ptr fs:[00000030h]1_2_00FF258A
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF258A mov eax, dword ptr fs:[00000030h]1_2_00FF258A
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6581 mov eax, dword ptr fs:[00000030h]1_2_00FA6581
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6581 mov eax, dword ptr fs:[00000030h]1_2_00FA6581
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6581 mov eax, dword ptr fs:[00000030h]1_2_00FA6581
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6581 mov eax, dword ptr fs:[00000030h]1_2_00FA6581
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA6581 mov eax, dword ptr fs:[00000030h]1_2_00FA6581
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF0570 mov eax, dword ptr fs:[00000030h]1_2_00FF0570
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C490 mov eax, dword ptr fs:[00000030h]1_2_0104C490
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A490 mov eax, dword ptr fs:[00000030h]1_2_0105A490
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A490 mov eax, dword ptr fs:[00000030h]1_2_0105A490
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106C490 mov eax, dword ptr fs:[00000030h]1_2_0106C490
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106C490 mov ecx, dword ptr fs:[00000030h]1_2_0106C490
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE8560 mov eax, dword ptr fs:[00000030h]1_2_00FE8560
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF254B mov eax, dword ptr fs:[00000030h]1_2_00FF254B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010764B0 mov eax, dword ptr fs:[00000030h]1_2_010764B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB6529 mov eax, dword ptr fs:[00000030h]1_2_00FB6529
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010584D0 mov eax, dword ptr fs:[00000030h]1_2_010584D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010584D0 mov eax, dword ptr fs:[00000030h]1_2_010584D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010584D0 mov eax, dword ptr fs:[00000030h]1_2_010584D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010584D0 mov eax, dword ptr fs:[00000030h]1_2_010584D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010584D0 mov eax, dword ptr fs:[00000030h]1_2_010584D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010584D0 mov eax, dword ptr fs:[00000030h]1_2_010584D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010584D0 mov eax, dword ptr fs:[00000030h]1_2_010584D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010584D0 mov eax, dword ptr fs:[00000030h]1_2_010584D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010604EE mov ecx, dword ptr fs:[00000030h]1_2_010604EE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010604EE mov eax, dword ptr fs:[00000030h]1_2_010604EE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010604EE mov eax, dword ptr fs:[00000030h]1_2_010604EE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010604EE mov eax, dword ptr fs:[00000030h]1_2_010604EE
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106C4F3 mov eax, dword ptr fs:[00000030h]1_2_0106C4F3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106C4F3 mov eax, dword ptr fs:[00000030h]1_2_0106C4F3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0106C4F3 mov eax, dword ptr fs:[00000030h]1_2_0106C4F3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6500 mov eax, dword ptr fs:[00000030h]1_2_00FD6500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6500 mov eax, dword ptr fs:[00000030h]1_2_00FD6500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6500 mov eax, dword ptr fs:[00000030h]1_2_00FD6500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6500 mov eax, dword ptr fs:[00000030h]1_2_00FD6500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6500 mov eax, dword ptr fs:[00000030h]1_2_00FD6500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6500 mov eax, dword ptr fs:[00000030h]1_2_00FD6500
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB86F0 mov ebx, dword ptr fs:[00000030h]1_2_00FB86F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C710 mov eax, dword ptr fs:[00000030h]1_2_0104C710
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C710 mov ecx, dword ptr fs:[00000030h]1_2_0104C710
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C710 mov eax, dword ptr fs:[00000030h]1_2_0104C710
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C710 mov eax, dword ptr fs:[00000030h]1_2_0104C710
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C710 mov eax, dword ptr fs:[00000030h]1_2_0104C710
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C710 mov eax, dword ptr fs:[00000030h]1_2_0104C710
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01076746 mov eax, dword ptr fs:[00000030h]1_2_01076746
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE86B0 mov ecx, dword ptr fs:[00000030h]1_2_00FE86B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov eax, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov ecx, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov eax, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov eax, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov ecx, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov eax, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov eax, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov ecx, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov eax, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01064764 mov ecx, dword ptr fs:[00000030h]1_2_01064764
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF466B mov eax, dword ptr fs:[00000030h]1_2_00FF466B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF466B mov eax, dword ptr fs:[00000030h]1_2_00FF466B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010807BD mov eax, dword ptr fs:[00000030h]1_2_010807BD
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010807BD mov eax, dword ptr fs:[00000030h]1_2_010807BD
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010807BD mov eax, dword ptr fs:[00000030h]1_2_010807BD
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010807BD mov eax, dword ptr fs:[00000030h]1_2_010807BD
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010767D1 mov eax, dword ptr fs:[00000030h]1_2_010767D1
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA617 mov eax, dword ptr fs:[00000030h]1_2_00FAA617
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA617 mov eax, dword ptr fs:[00000030h]1_2_00FAA617
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA617 mov eax, dword ptr fs:[00000030h]1_2_00FAA617
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA617 mov eax, dword ptr fs:[00000030h]1_2_00FAA617
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA7D0 mov eax, dword ptr fs:[00000030h]1_2_00FDA7D0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103862D mov eax, dword ptr fs:[00000030h]1_2_0103862D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103862D mov ecx, dword ptr fs:[00000030h]1_2_0103862D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01076630 mov eax, dword ptr fs:[00000030h]1_2_01076630
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF67A5 mov eax, dword ptr fs:[00000030h]1_2_00FF67A5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01072665 mov eax, dword ptr fs:[00000030h]1_2_01072665
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01072665 mov ecx, dword ptr fs:[00000030h]1_2_01072665
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01072665 mov eax, dword ptr fs:[00000030h]1_2_01072665
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE878A mov eax, dword ptr fs:[00000030h]1_2_00FE878A
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A680 mov eax, dword ptr fs:[00000030h]1_2_0105A680
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A680 mov eax, dword ptr fs:[00000030h]1_2_0105A680
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA758 mov eax, dword ptr fs:[00000030h]1_2_00FBA758
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA758 mov eax, dword ptr fs:[00000030h]1_2_00FBA758
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA758 mov eax, dword ptr fs:[00000030h]1_2_00FBA758
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAC75D mov eax, dword ptr fs:[00000030h]1_2_00FAC75D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE750 mov eax, dword ptr fs:[00000030h]1_2_00FBE750
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE750 mov eax, dword ptr fs:[00000030h]1_2_00FBE750
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE750 mov eax, dword ptr fs:[00000030h]1_2_00FBE750
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDE74C mov eax, dword ptr fs:[00000030h]1_2_00FDE74C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010766BB mov eax, dword ptr fs:[00000030h]1_2_010766BB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB4745 mov eax, dword ptr fs:[00000030h]1_2_00FB4745
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108C6C0 mov eax, dword ptr fs:[00000030h]1_2_0108C6C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC4730 mov eax, dword ptr fs:[00000030h]1_2_00FC4730
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC4730 mov eax, dword ptr fs:[00000030h]1_2_00FC4730
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC4730 mov eax, dword ptr fs:[00000030h]1_2_00FC4730
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC4730 mov eax, dword ptr fs:[00000030h]1_2_00FC4730
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC4730 mov eax, dword ptr fs:[00000030h]1_2_00FC4730
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC4730 mov eax, dword ptr fs:[00000030h]1_2_00FC4730
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103A6D8 mov eax, dword ptr fs:[00000030h]1_2_0103A6D8
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDE705 mov eax, dword ptr fs:[00000030h]1_2_00FDE705
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE28F0 mov eax, dword ptr fs:[00000030h]1_2_00FE28F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE28F0 mov eax, dword ptr fs:[00000030h]1_2_00FE28F0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF68EA mov eax, dword ptr fs:[00000030h]1_2_00FF68EA
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF68EA mov eax, dword ptr fs:[00000030h]1_2_00FF68EA
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0100C917 mov eax, dword ptr fs:[00000030h]1_2_0100C917
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0100C917 mov eax, dword ptr fs:[00000030h]1_2_0100C917
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0100C917 mov eax, dword ptr fs:[00000030h]1_2_0100C917
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA8E0 mov eax, dword ptr fs:[00000030h]1_2_00FAA8E0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA8DB mov ecx, dword ptr fs:[00000030h]1_2_00FDA8DB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103E936 mov eax, dword ptr fs:[00000030h]1_2_0103E936
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104493E mov eax, dword ptr fs:[00000030h]1_2_0104493E
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC08C0 mov eax, dword ptr fs:[00000030h]1_2_00FC08C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC08C0 mov eax, dword ptr fs:[00000030h]1_2_00FC08C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC08C0 mov eax, dword ptr fs:[00000030h]1_2_00FC08C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC08C0 mov eax, dword ptr fs:[00000030h]1_2_00FC08C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC08C0 mov eax, dword ptr fs:[00000030h]1_2_00FC08C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC08C0 mov eax, dword ptr fs:[00000030h]1_2_00FC08C0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107694F mov eax, dword ptr fs:[00000030h]1_2_0107694F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE08B0 mov eax, dword ptr fs:[00000030h]1_2_00FE08B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE08B0 mov eax, dword ptr fs:[00000030h]1_2_00FE08B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE08B0 mov eax, dword ptr fs:[00000030h]1_2_00FE08B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE08B0 mov eax, dword ptr fs:[00000030h]1_2_00FE08B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105E950 mov ecx, dword ptr fs:[00000030h]1_2_0105E950
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBA8A6 mov eax, dword ptr fs:[00000030h]1_2_00FBA8A6
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0104C970 mov eax, dword ptr fs:[00000030h]1_2_0104C970
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103697F mov eax, dword ptr fs:[00000030h]1_2_0103697F
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01070980 mov eax, dword ptr fs:[00000030h]1_2_01070980
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01070980 mov eax, dword ptr fs:[00000030h]1_2_01070980
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB486D mov eax, dword ptr fs:[00000030h]1_2_00FB486D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA857 mov eax, dword ptr fs:[00000030h]1_2_00FAA857
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA857 mov eax, dword ptr fs:[00000030h]1_2_00FAA857
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010429AA mov eax, dword ptr fs:[00000030h]1_2_010429AA
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB6849 mov eax, dword ptr fs:[00000030h]1_2_00FB6849
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB6849 mov eax, dword ptr fs:[00000030h]1_2_00FB6849
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010769B1 mov eax, dword ptr fs:[00000030h]1_2_010769B1
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108A9CC mov eax, dword ptr fs:[00000030h]1_2_0108A9CC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108A9CC mov eax, dword ptr fs:[00000030h]1_2_0108A9CC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103E9C5 mov esi, dword ptr fs:[00000030h]1_2_0103E9C5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103E9C5 mov eax, dword ptr fs:[00000030h]1_2_0103E9C5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0103E9C5 mov eax, dword ptr fs:[00000030h]1_2_0103E9C5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010189CC mov eax, dword ptr fs:[00000030h]1_2_010189CC
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010449D5 mov eax, dword ptr fs:[00000030h]1_2_010449D5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010449D5 mov eax, dword ptr fs:[00000030h]1_2_010449D5
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE810 mov eax, dword ptr fs:[00000030h]1_2_00FBE810
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE810 mov eax, dword ptr fs:[00000030h]1_2_00FBE810
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBE810 mov eax, dword ptr fs:[00000030h]1_2_00FBE810
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC8810 mov eax, dword ptr fs:[00000030h]1_2_00FC8810
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC8810 mov eax, dword ptr fs:[00000030h]1_2_00FC8810
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108C9F3 mov eax, dword ptr fs:[00000030h]1_2_0108C9F3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB49FD mov ecx, dword ptr fs:[00000030h]1_2_00FB49FD
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FAA9B0 mov eax, dword ptr fs:[00000030h]1_2_00FAA9B0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF09A7 mov ecx, dword ptr fs:[00000030h]1_2_00FF09A7
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF09A7 mov eax, dword ptr fs:[00000030h]1_2_00FF09A7
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF09A7 mov eax, dword ptr fs:[00000030h]1_2_00FF09A7
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0107685C mov eax, dword ptr fs:[00000030h]1_2_0107685C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE699D mov eax, dword ptr fs:[00000030h]1_2_00FE699D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01018887 mov eax, dword ptr fs:[00000030h]1_2_01018887
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01018887 mov eax, dword ptr fs:[00000030h]1_2_01018887
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A895 mov eax, dword ptr fs:[00000030h]1_2_0105A895
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD2960 mov eax, dword ptr fs:[00000030h]1_2_00FD2960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FDA960 mov eax, dword ptr fs:[00000030h]1_2_00FDA960
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010448B4 mov eax, dword ptr fs:[00000030h]1_2_010448B4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB4943 mov eax, dword ptr fs:[00000030h]1_2_00FB4943
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA891C mov eax, dword ptr fs:[00000030h]1_2_00FA891C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA891C mov eax, dword ptr fs:[00000030h]1_2_00FA891C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA891C mov ecx, dword ptr fs:[00000030h]1_2_00FA891C
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010768ED mov eax, dword ptr fs:[00000030h]1_2_010768ED
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010848F8 mov eax, dword ptr fs:[00000030h]1_2_010848F8
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_010848F8 mov eax, dword ptr fs:[00000030h]1_2_010848F8
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBC909 mov eax, dword ptr fs:[00000030h]1_2_00FBC909
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A8F3 mov eax, dword ptr fs:[00000030h]1_2_0105A8F3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0105A8F3 mov eax, dword ptr fs:[00000030h]1_2_0105A8F3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF2908 mov eax, dword ptr fs:[00000030h]1_2_00FF2908
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF2908 mov eax, dword ptr fs:[00000030h]1_2_00FF2908
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01070B05 mov eax, dword ptr fs:[00000030h]1_2_01070B05
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01070B05 mov eax, dword ptr fs:[00000030h]1_2_01070B05
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01074B08 mov eax, dword ptr fs:[00000030h]1_2_01074B08
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC0AED mov eax, dword ptr fs:[00000030h]1_2_00FC0AED
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01066B25 mov eax, dword ptr fs:[00000030h]1_2_01066B25
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01042B28 mov eax, dword ptr fs:[00000030h]1_2_01042B28
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6AD0 mov eax, dword ptr fs:[00000030h]1_2_00FD6AD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6AD0 mov eax, dword ptr fs:[00000030h]1_2_00FD6AD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6AD0 mov eax, dword ptr fs:[00000030h]1_2_00FD6AD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6AD0 mov eax, dword ptr fs:[00000030h]1_2_00FD6AD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6AD0 mov eax, dword ptr fs:[00000030h]1_2_00FD6AD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6AD0 mov eax, dword ptr fs:[00000030h]1_2_00FD6AD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD6AD0 mov eax, dword ptr fs:[00000030h]1_2_00FD6AD0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE0AC0 mov eax, dword ptr fs:[00000030h]1_2_00FE0AC0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE0AC0 mov eax, dword ptr fs:[00000030h]1_2_00FE0AC0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE0AC0 mov eax, dword ptr fs:[00000030h]1_2_00FE0AC0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE0AC0 mov eax, dword ptr fs:[00000030h]1_2_00FE0AC0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD4AB0 mov eax, dword ptr fs:[00000030h]1_2_00FD4AB0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD4AB0 mov ecx, dword ptr fs:[00000030h]1_2_00FD4AB0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD4AB0 mov eax, dword ptr fs:[00000030h]1_2_00FD4AB0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD4AB0 mov eax, dword ptr fs:[00000030h]1_2_00FD4AB0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD4AB0 mov eax, dword ptr fs:[00000030h]1_2_00FD4AB0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FD4AB0 mov eax, dword ptr fs:[00000030h]1_2_00FD4AB0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01044B50 mov eax, dword ptr fs:[00000030h]1_2_01044B50
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01074B78 mov eax, dword ptr fs:[00000030h]1_2_01074B78
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FC6A70 mov ecx, dword ptr fs:[00000030h]1_2_00FC6A70
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE6A6B mov eax, dword ptr fs:[00000030h]1_2_00FE6A6B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE6A6B mov ecx, dword ptr fs:[00000030h]1_2_00FE6A6B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE6A6B mov eax, dword ptr fs:[00000030h]1_2_00FE6A6B
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB6A63 mov eax, dword ptr fs:[00000030h]1_2_00FB6A63
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB6A63 mov eax, dword ptr fs:[00000030h]1_2_00FB6A63
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FB4A60 mov eax, dword ptr fs:[00000030h]1_2_00FB4A60
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FBCA53 mov eax, dword ptr fs:[00000030h]1_2_00FBCA53
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01038BB0 mov eax, dword ptr fs:[00000030h]1_2_01038BB0
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEEA40 mov eax, dword ptr fs:[00000030h]1_2_00FEEA40
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FEEA40 mov eax, dword ptr fs:[00000030h]1_2_00FEEA40
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078BC3 mov eax, dword ptr fs:[00000030h]1_2_01078BC3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078BC3 mov eax, dword ptr fs:[00000030h]1_2_01078BC3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078BC3 mov eax, dword ptr fs:[00000030h]1_2_01078BC3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01078BC3 mov eax, dword ptr fs:[00000030h]1_2_01078BC3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01042BC3 mov eax, dword ptr fs:[00000030h]1_2_01042BC3
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_0108CBDB mov eax, dword ptr fs:[00000030h]1_2_0108CBDB
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FECA20 mov ecx, dword ptr fs:[00000030h]1_2_00FECA20
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FA4A12 mov eax, dword ptr fs:[00000030h]1_2_00FA4A12
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF4A0D mov eax, dword ptr fs:[00000030h]1_2_00FF4A0D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF4A0D mov eax, dword ptr fs:[00000030h]1_2_00FF4A0D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF4A0D mov eax, dword ptr fs:[00000030h]1_2_00FF4A0D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF4A0D mov eax, dword ptr fs:[00000030h]1_2_00FF4A0D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF4A0D mov eax, dword ptr fs:[00000030h]1_2_00FF4A0D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FF4A0D mov eax, dword ptr fs:[00000030h]1_2_00FF4A0D
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01036BF4 mov eax, dword ptr fs:[00000030h]1_2_01036BF4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01036BF4 mov eax, dword ptr fs:[00000030h]1_2_01036BF4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01036BF4 mov eax, dword ptr fs:[00000030h]1_2_01036BF4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01036BF4 mov eax, dword ptr fs:[00000030h]1_2_01036BF4
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01074BFD mov eax, dword ptr fs:[00000030h]1_2_01074BFD
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_00FE0A02 mov eax, dword ptr fs:[00000030h]1_2_00FE0A02
        Source: C:\Users\user\Desktop\PO_62401394_MITech_20250601.exeCode function: 1_2_01076A13 mov eax, dword ptr fs:[00000030h]1_2_01076A13
        Source: PO_62401394_MITech_20250601.exeBinary or memory string: msmpeng.exe

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 1.2.PO_62401394_MITech_20250601.exe.d70000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000001.00000002.12108417160.0000000000D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 1.2.PO_62401394_MITech_20250601.exe.d70000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000001.00000002.12108417160.0000000000D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		1
        DLL Side-Loading        		2
        Virtualization/Sandbox Evasion        		OS Credential Dumping3
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
        Software Packing        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        System Information Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
        Obfuscated Files or Information        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        PO_62401394_MITech_20250601.exe64%VirustotalBrowse
        PO_62401394_MITech_20250601.exe68%ReversingLabsWin32.Infostealer.Tinba
        PO_62401394_MITech_20250601.exe100%AviraTR/Crypt.XPACK.Gen
        PO_62401394_MITech_20250601.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        ax-0001.ax-msedge.net
        		150.171.27.10
        		truefalse
          		high
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		high
            tse1.mm.bing.net
            		unknown
            		unknownfalse
              		high

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1585196
              Start date and time:2025-01-07 10:01:12 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 4m 1s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
              Run name:Potential for more IOCs and behavior
              Number of analysed new started processes analysed:24
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:PO_62401394_MITech_20250601.exe
              Detection:MAL
              Classification:mal76.troj.winEXE@1/0@1/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 92%
              • Number of executed functions: 11
              • Number of non-executed functions: 334
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Stop behavior analysis, all processes terminated

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, backgroundTaskHost.exe
              • Excluded IPs from analysis (whitelisted): 23.56.254.164, 204.79.197.203, 2.23.227.205, 2.23.227.208, 2.23.227.202, 2.23.227.221, 2.23.227.215, 40.113.110.67, 40.126.31.69, 20.190.159.73, 40.126.31.73, 20.190.159.23, 20.190.159.2, 20.190.159.68, 20.190.159.75, 20.190.159.64, 23.44.201.22, 20.109.210.53, 20.199.58.43
              • Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, slscr.update.microsoft.com, oneocsp-microsoft-com.a-0003.a-msedge.net, oneocsp.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.trafficmanager.net, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, www.bing.com, client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, fd.api.iris.microsoft.com, a-0003.a-msedge.net, ctldl.windowsupdate.com, www-www.bing.com.trafficmanager.net, login.msa.msidentity.com, x1.c.lencr.org, mm-mm.bing.net.trafficmanager.net, res.public.onecdn.static.microsoft, www.tm.lg.prod.aadmsa.trafficmanager.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing disassembly code.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              04:02:40API Interceptor3x Sleep call for process: PO_62401394_MITech_20250601.exe modified

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              ax-0001.ax-msedge.nethttps://www.figma.com/design/Sw6t5vElBVmnrFNiteka8B/Untitled-(Copy)?node-id=0-1&p=f&t=x9aFU3FgLH1rkKBK-0Get hashmaliciousUnknownBrowse
              • 150.171.27.10
              https://czfc104.na1.hubspotlinks.com/Ctc/RI+113/cZFc104/VVpBhY3Y-LTWW3Cvl9B8hKRPtVVm64t5qdmRWN1f4_WP7mt9FW50l5tj6lZ3lNW8SvDYK4v65T-W5VNxKh8dLcmKW1GlXcL834zD3W5w7v_71CDbKVV4Dsjr5FnQ2PVSHlbR3pc5MwW72kzKm6WrbY7W6NJh0_7GRxDMW2K2WDT2ZPr4xW3b_gtn2bnp5xW7Hn0F58SN9mqN4_D9_QrtgD8VBy-hV2j1qrbW3N54fh8gXkqCW6JcyP11p5DmRW6d2nj72MkQXgW6hgqJx7Gc_ycW5DT-Pm451FQhW4Tph0s8GNtc-W58sq8G9dpW27W5S3wzf7rNLv_Vn6h606T2B8YN4yb6VRDg_G5W36Gvt_2lnk9qW2LykX37R4KRSW1F2tHT3jrLyjW7hSkG572MN4TW75KrBz5T-zFkVLJYW27hKs9nW3h3Pmh907wxLW2Zzdnn98hQC7W2Qnk7D31ZBJjW83tNvQ2nNht5W1HJvHm95P722W55gfDx9lT1vDW1ykGr_219m_RW5ff63S7MhCcQW4_QfK_5TQdprVlF4dm2DH-ctW6mF-BW36YwwNW99r61n6mmMhVW2v1J7Q5mVXz2W53lcRT6L4fsVN8gyZcXY0MfLW2kLwLd1TYk1wW7MzDQt4QNh6nW1bMMpS84VG-SW6F_Tym5bK06Qf6rQzB604Get hashmaliciousUnknownBrowse
              • 150.171.28.10
              https://www.earthsatellitemaps.co/esmrel/landing.php?uid=0&lid=0&sid=531485973&sid2=1361197931118060&sid3=&sid4=google%20maps%20pro&sid5=&sid6=&sid7=&sid8=&rid=&_agid=0&aid=0&r=657&_agid=73407&msclkid=8b3e7b2e92fe1f072cfc1c5c7ae3c44dGet hashmaliciousUnknownBrowse
              • 150.171.28.10
              http://boir.orgGet hashmaliciousUnknownBrowse
              • 150.171.27.10
              0DrqlQ4JfZ.exeGet hashmaliciousGhostRatBrowse
              • 150.171.28.10
              https://tr171139818.amoliani.com/c/mm14r39/e-v_xxa-/imz77nt3npsGet hashmaliciousUnknownBrowse
              • 150.171.28.10
              http://img1.wsimg.com/blobby/go/9b6ed793-452c-4f8f-8f80-6847f4d114d7/downloads/71318864754.pdfGet hashmaliciousUnknownBrowse
              • 150.171.28.10
              FW_ Carr & Jeanne Biggerstaff has sent you an ecard.msgGet hashmaliciousUnknownBrowse
              • 150.171.27.10
              SecuredOnedrive.ClientSetup.exeGet hashmaliciousScreenConnect ToolBrowse
              • 150.171.27.10
              installer64v3.2.0.msiGet hashmaliciousUnknownBrowse
              • 150.171.28.10
              fp2e7a.wpc.phicdn.netstartuppp.batGet hashmaliciousUnknownBrowse
              • 192.229.221.95
              amiri.EXEGet hashmaliciousUnknownBrowse
              • 192.229.221.95
              CheerSkullness.exeGet hashmaliciousUnknownBrowse
              • 192.229.221.95
              Insomia.exeGet hashmaliciousLummaCBrowse
              • 192.229.221.95
              Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
              • 192.229.221.95
              3lhrJ4X.exeGet hashmaliciousLiteHTTP BotBrowse
              • 192.229.221.95
              Your File Is Ready To Download.exeGet hashmaliciousUnknownBrowse
              • 192.229.221.95
              http://www.klim.comGet hashmaliciousUnknownBrowse
              • 192.229.221.95
              Reparto Trabajo TP4.xlsmGet hashmaliciousUnknownBrowse
              • 192.229.221.95
              EwpsQzeky5.msiGet hashmaliciousUnknownBrowse
              • 192.229.221.95

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386, for MS Windows
              Entropy (8bit):7.962167138824115
              TrID:
              • Win32 Executable (generic) a (10002005/4) 99.96%
              • Generic Win/DOS Executable (2004/3) 0.02%
              • DOS Executable Generic (2002/1) 0.02%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:PO_62401394_MITech_20250601.exe
              File size:298'496 bytes
              MD5:b01928cd0befa10c1c43b3339e03bd8d
              SHA1:4ad60b0dc750db8e158eeb6c020638f476c3298a
              SHA256:fb2a72faafc798d6d34f0a05f3603a36a66b684967e325051c8913ef0e118fa0
              SHA512:fc6835806cdbf60b231680c085a81c9ec766c3aec98b9864525adb2b8d0a62edb83dcefe5e329fa0ae02716986a77921ce7bf13e3d2b698ac9f24b0c37d2c342
              SSDEEP:6144:F8ls/dPZs9JZY9iOKuxO9oTDFgxTFLVwkBDSiQ3ro+Z:F/dhQJqiOKsPDOZLGeDk3r
              TLSH:8554221A5F26B206C1FD2973355F0B42B671473DBE592B21B4992CA29D90CBF5EC03E1
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......`.................X...$...............p....@................

              File Icon

              Icon Hash:246d0d17b3315458

              Static PE Info

              General

              Entrypoint:0x401580
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Time Stamp:0x60E3E289 [Tue Jul 6 04:56:41 2021 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:6
              OS Version Minor:0
              File Version Major:6
              File Version Minor:0
              Subsystem Version Major:6
              Subsystem Version Minor:0
              Import Hash:

              Entrypoint Preview

              Instruction
              push ebp
              push esp
              pop ebp
              sub esp, 00000424h
              push ebx
              push esi
              push edi
              push 0000040Ch
              lea eax, dword ptr [ebp-00000420h]
              push 00000000h
              push eax
              mov dword ptr [ebp-00000424h], 00000000h
              call 00007F3EB50E5E2Ch
              add esp, 0Ch
              sub ecx, ecx
              sub edi, edi
              sub esi, esi
              mov dword ptr [ebp-14h], 00000054h
              mov dword ptr [ebp-10h], 00003B15h
              mov dword ptr [ebp-0Ch], 00001B0Dh
              mov dword ptr [ebp-08h], 00004BD2h
              nop
              nop
              inc ecx
              push ecx
              pop eax
              and eax, 80000007h
              jns 00007F3EB50E4237h
              dec eax
              or eax, FFFFFFF8h
              inc eax
              jne 00007F3EB50E4234h
              add ecx, ecx
              cmp ecx, 00000CB4h
              jl 00007F3EB50E4217h
              mov ecx, 00006ACDh
              mov eax, 92492493h
              imul ecx
              add edx, ecx
              sar edx, 05h
              push edx
              pop ecx
              shr ecx, 1Fh
              add ecx, edx
              jne 00007F3EB50E421Dh
              mov eax, 00001819h
              nop
              push 0000001Bh
              nop
              pop edx
              mov ecx, 000000C2h
              cmp ecx, edx
              cmovl ecx, edx
              dec eax
              jne 00007F3EB50E422Ah
              mov ecx, 00001F5Ah
              mov eax, 82082083h
              imul ecx
              add edx, ecx
              sar edx, 06h
              push edx
              pop ecx
              shr ecx, 1Fh
              add ecx, edx
              jne 00007F3EB50E421Dh
              call 00007F3EB50E608Ah
              mov dword ptr [ebp-5Ch], eax
              mov edi, edi
              inc edi
              mov eax, 55555556h
              imul edi

              Rich Headers

              Programming Language:
              • [C++] VS2012 build 50727
              • [ASM] VS2012 build 50727
              • [LNK] VS2012 build 50727

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x2358.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000x456940x45800f420239267b39e40092fd0df5f1700e0False0.9885622751798561data7.995271347901756IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0x470000x23580x24003f5572a8563784d4bacd9fd5cb4b3964False0.9434678819444444data7.754725785414912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_ICON0x470b40x228dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9710570944036179
              RT_GROUP_ICON0x493440x14data1.05

              Network Behavior

              Network Port Distribution

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 7, 2025 10:02:02.021040916 CET6137253192.168.2.241.1.1.1

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Jan 7, 2025 10:02:02.021040916 CET192.168.2.241.1.1.10x6d39Standard query (0)tse1.mm.bing.netA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jan 7, 2025 10:02:00.072088957 CET1.1.1.1192.168.2.240x54b3No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jan 7, 2025 10:02:00.072088957 CET1.1.1.1192.168.2.240x54b3No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
              Jan 7, 2025 10:02:02.028309107 CET1.1.1.1192.168.2.240x6d39No error (0)tse1.mm.bing.netmm-mm.bing.net.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
              Jan 7, 2025 10:02:02.028309107 CET1.1.1.1192.168.2.240x6d39No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
              Jan 7, 2025 10:02:02.028309107 CET1.1.1.1192.168.2.240x6d39No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              System Behavior

              General

              Target ID:1
              Start time:04:02:03
              Start date:07/01/2025
              Path:C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\PO_62401394_MITech_20250601.exe"
              Imagebase:0xd70000
              File size:298'496 bytes
              MD5 hash:B01928CD0BEFA10C1C43B3339E03BD8D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.12108417160.0000000000D00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
              Reputation:low
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:0.8%
                Dynamic/Decrypted Code Coverage:6.2%
                Signature Coverage:11.5%
                Total number of Nodes:96
                Total number of Limit Nodes:9
                execution_graph 92926 d94e13 92927 d94e2f 92926->92927 92928 d94e6b 92927->92928 92929 d94e57 92927->92929 92936 d9cb43 92928->92936 92930 d9cb43 NtClose 92929->92930 92932 d94e60 92930->92932 92933 d94e74 92939 d9ed23 RtlAllocateHeap 92933->92939 92935 d94e7f 92937 d9cb60 92936->92937 92938 d9cb71 NtClose 92937->92938 92938->92933 92939->92935 92940 d9c143 92941 d9c15d 92940->92941 92944 ff6f20 LdrInitializeThunk 92941->92944 92942 d9c185 92944->92942 92945 d9fd03 92948 d9ec03 92945->92948 92951 d9ceb3 92948->92951 92950 d9ec1c 92952 d9cecd 92951->92952 92953 d9cede RtlFreeHeap 92952->92953 92953->92950 92961 d951a3 92962 d951bc 92961->92962 92963 d95204 92962->92963 92966 d95247 92962->92966 92968 d9524c 92962->92968 92964 d9ec03 RtlFreeHeap 92963->92964 92965 d95214 92964->92965 92967 d9ec03 RtlFreeHeap 92966->92967 92967->92968 92969 d9fca3 92970 d9fcb9 92969->92970 92971 d9fcb3 92969->92971 92974 d9ece3 92970->92974 92973 d9fcdf 92977 d9ce63 92974->92977 92976 d9ecfe 92976->92973 92978 d9ce80 92977->92978 92979 d9ce91 RtlAllocateHeap 92978->92979 92979->92976 92954 d84173 92958 d84193 92954->92958 92956 d841f2 92957 d841fc 92958->92957 92959 d8b8e3 RtlFreeHeap LdrInitializeThunk 92958->92959 92959->92956 92980 d87ca3 92982 d87cc7 92980->92982 92981 d87cce 92982->92981 92983 d87d1a 92982->92983 92984 d87d03 LdrLoadDll 92982->92984 92984->92983 92985 d71beb 92986 d71bf9 92985->92986 92989 da0173 92986->92989 92992 d9e7b3 92989->92992 92993 d9e7d9 92992->92993 93002 d77583 92993->93002 92995 d9e7ef 93001 d71d8c 92995->93001 93005 d8b5d3 92995->93005 92997 d9e80e 92998 d9e823 92997->92998 92999 d9cf03 ExitProcess 92997->92999 93016 d9cf03 92998->93016 92999->92998 93019 d86953 93002->93019 93004 d77590 93004->92995 93006 d8b5ff 93005->93006 93037 d8b4c3 93006->93037 93009 d8b62c 93012 d9cb43 NtClose 93009->93012 93013 d8b637 93009->93013 93010 d8b644 93011 d8b660 93010->93011 93014 d9cb43 NtClose 93010->93014 93011->92997 93012->93013 93013->92997 93015 d8b656 93014->93015 93015->92997 93017 d9cf1d 93016->93017 93018 d9cf2a ExitProcess 93017->93018 93018->93001 93020 d86970 93019->93020 93022 d86989 93020->93022 93023 d9d583 93020->93023 93022->93004 93025 d9d59d 93023->93025 93024 d9d5cc 93024->93022 93025->93024 93030 d9c193 93025->93030 93028 d9ec03 RtlFreeHeap 93029 d9d645 93028->93029 93029->93022 93031 d9c1b0 93030->93031 93034 ff6d3a 93031->93034 93032 d9c1dc 93032->93028 93035 ff6d4f LdrInitializeThunk 93034->93035 93036 ff6d41 93034->93036 93035->93032 93036->93032 93038 d8b5b9 93037->93038 93039 d8b4dd 93037->93039 93038->93009 93038->93010 93043 d9c233 93039->93043 93042 d9cb43 NtClose 93042->93038 93044 d9c250 93043->93044 93047 ff7740 LdrInitializeThunk 93044->93047 93045 d8b5ad 93045->93042 93047->93045 92960 ff6c90 LdrInitializeThunk

                Executed Functions

                Function 00D71B91 Relevance: 2.9, Strings: 2, Instructions: 382COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 9 d71b91-d71b93 10 d71b95 9->10 11 d71c02-d71c31 9->11 12 d71b97-d71b9f 10->12 13 d71bf9-d71c00 10->13 14 d71c33-d71c4b 11->14 20 d71b31 12->20 21 d71ba1-d71ba2 12->21 13->11 15 d71c32 13->15 16 d71c4e-d71c54 14->16 17 d71c4d 14->17 15->14 16->14 19 d71c56-d71c5b 16->19 17->16 22 d71c60-d71c73 19->22 25 d71b33-d71b36 20->25 26 d71b1c 20->26 23 d71ba4 21->23 24 d71bcc-d71bd9 21->24 22->22 27 d71c75-d71c7d 22->27 28 d71b37-d71b45 23->28 29 d71ba6-d71ba7 23->29 47 d71b6b-d71b7c 24->47 48 d71bdb-d71be4 24->48 25->28 30 d71aae-d71ac1 26->30 31 d71b1e-d71b1f 26->31 32 d71c84 27->32 33 d71c7f-d71c83 27->33 41 d71b49 28->41 36 d71b56 29->36 37 d71ba9-d71bb3 29->37 39 d71ac5 30->39 40 d71b21-d71b30 31->40 31->41 34 d71c86 32->34 35 d71c89-d71c8f 32->35 33->32 34->35 35->27 42 d71c91-d71ca8 call d71170 35->42 44 d71b05-d71b07 36->44 45 d71b58-d71b69 36->45 46 d71bb6-d71bcb 37->46 49 d71a87-d71a94 39->49 50 d71ac6-d71ae3 39->50 40->20 43 d71b80-d71b83 41->43 68 d71cb0-d71cc3 42->68 53 d71b84-d71b89 43->53 44->53 54 d71b09-d71b0d 44->54 45->47 46->24 47->43 48->13 56 d71a77-d71a80 49->56 50->39 59 d71ae5-d71aea 50->59 63 d71b1b 53->63 64 d71b8b-d71b8c 53->64 54->63 61 d71a82-d71a83 56->61 62 d71a6b-d71a70 56->62 71 d71af4-d71afe 59->71 72 d71aec 59->72 69 d71a84-d71a85 61->69 66 d71aa2-d71aad 62->66 67 d71a72-d71a74 62->67 63->26 64->46 70 d71b8e-d71b90 64->70 66->30 67->56 68->68 73 d71cc5 68->73 69->49 70->9 75 d71af1 71->75 76 d71b00-d71b02 71->76 72->69 74 d71aee-d71af0 72->74 77 d71cc7-d71cdf 73->77 74->75 75->71 76->44 78 d71ce2-d71ce8 77->78 79 d71ce1 77->79 78->77 80 d71cea-d71cef 78->80 79->78 81 d71cf0-d71d03 80->81 81->81 82 d71d05 81->82 83 d71d07-d71d1f 82->83 84 d71d22-d71d28 83->84 85 d71d21 83->85 84->83 86 d71d2a-d71d58 call d71ed0 84->86 85->84 89 d71d60-d71d71 86->89 89->89 90 d71d73-d71d7f call d71000 89->90 92 d71d84-d71d8a call da0173 90->92 93 d71d8c-d71d99 92->93 94 d71da0-d71db1 93->94 94->94 95 d71db3-d71dca 94->95 96 d71dd0-d71dd9 95->96 96->96 97 d71ddb-d71de3 96->97
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                • Associated: 00000001.00000002.12108509990.0000000000D70000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.12108562933.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_d70000_PO_62401394_MITech_20250601.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: gfff$qi
                • API String ID: 0-3408824469
                • Opcode ID: ef9c79e329e7f0cd7239ae138573222c9514b1c93849ea54341abe59cc75f781
                • Instruction ID: f809d7aabaf591d11c5614f48acb6062f06f627feb0e87ecb7b3b6d9522f0c90
                • Opcode Fuzzy Hash: ef9c79e329e7f0cd7239ae138573222c9514b1c93849ea54341abe59cc75f781
                • Instruction Fuzzy Hash: E9B1D07AA453660FD71AC96C8C936E8BB55EB52324F1C837ED859CF2D3F210891687D0
                Function 00D87CA3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 99 d87ca3-d87cbf 100 d87cc7-d87ccc 99->100 101 d87cc2 call d9f7e3 99->101 102 d87cce-d87cd1 100->102 103 d87cd2-d87ce0 call d9fde3 100->103 101->100 106 d87cf0-d87d01 call d9e283 103->106 107 d87ce2-d87ced call da0083 103->107 112 d87d1a-d87d1d 106->112 113 d87d03-d87d17 LdrLoadDll 106->113 107->106 113->112
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00D87D15
                Memory Dump Source
                • Source File: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                • Associated: 00000001.00000002.12108509990.0000000000D70000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.12108562933.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_d70000_PO_62401394_MITech_20250601.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                • Instruction ID: a37aa3ee36c28ffca91c3c9aca900b0d1351cbf71dac994c378bc1278e53fd6b
                • Opcode Fuzzy Hash: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                • Instruction Fuzzy Hash: 06010CB5D0020DABDF10EBA4DC42F9DB778EB54304F1441A5A90897241F675EA588BB1
                Function 00D9CB43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 124 d9cb43-d9cb7f call d74903 call d9dd73 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00D9CB7A
                Memory Dump Source
                • Source File: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                • Associated: 00000001.00000002.12108509990.0000000000D70000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.12108562933.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_d70000_PO_62401394_MITech_20250601.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                • Instruction ID: ab085ccb8330e64cacf563db048609a951d64ea06189b0eacba54a1e18670cbe
                • Opcode Fuzzy Hash: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                • Instruction Fuzzy Hash: 9DE04676200244BBD620EA59DC02F9BB76CDFC5710F008559FB5CA7242C770BA1187F0
                Function 00FF6C90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 138 ff6c90-ff6c9c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 12b43224c3977c58a3e621e0b3c0bc9bc0ba581269568262395ca7a7ebbfa97c
                • Instruction ID: 748444958c6509feef69c8f1321781881c24496f94134e140fb80f6f5bc64db2
                • Opcode Fuzzy Hash: 12b43224c3977c58a3e621e0b3c0bc9bc0ba581269568262395ca7a7ebbfa97c
                • Instruction Fuzzy Hash: 889002612020000341157158C465626500A97E0305B91C021E1414690DC52988D2A125
                Function 00FF6DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 139 ff6da0-ff6dac LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 500e38b3c325e4ccac5991ea134b1c7f44111bfd6f96330d14bb4edc5065166e
                • Instruction ID: 12db6c00d1af53c78dc5700700284c78fee7c968316bf24e73f56cd55afd7571
                • Opcode Fuzzy Hash: 500e38b3c325e4ccac5991ea134b1c7f44111bfd6f96330d14bb4edc5065166e
                • Instruction Fuzzy Hash: 4690023120108803D1207158C45575A100597D0305F95C411A4824758DC69988D2B121
                Function 00FF6F20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 140 ff6f20-ff6f2c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 6475b61e663ee2355a3e4385dfdcfa324a93855c0c3316b92b5b0e06fd7807e1
                • Instruction ID: a4eb6ee592153a9ef41af0cc361dd612339467b61c9640cc6490df1402a38501
                • Opcode Fuzzy Hash: 6475b61e663ee2355a3e4385dfdcfa324a93855c0c3316b92b5b0e06fd7807e1
                • Instruction Fuzzy Hash: F690023120100413D1217158C555717100997D0345FD1C412A0824658DD65A8993E121
                Function 00FF7740 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 141 ff7740-ff774c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: c48915eaf0d41b615539c63068493fb0c66ca12b229311ddf37fd831d24fdba0
                • Instruction ID: 46eeee8ea223f7882dc8fdddee3f0bc6b36d2f47b91e6b24f95878e902733f31
                • Opcode Fuzzy Hash: c48915eaf0d41b615539c63068493fb0c66ca12b229311ddf37fd831d24fdba0
                • Instruction Fuzzy Hash: D990023120110403D1507158C45571A200997D1305FD1C415A0825669DCB598896E362
                Function 00D9CEB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 119 d9ceb3-d9cef4 call d74903 call d9dd73 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,00018623,00000007,00000000,00000004,00000000,00D87514,000000F4), ref: 00D9CEEF
                Memory Dump Source
                • Source File: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                • Associated: 00000001.00000002.12108509990.0000000000D70000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.12108562933.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_d70000_PO_62401394_MITech_20250601.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                • Instruction ID: 30ec2330bee7f87ed19ff6734ab6ccefe705681fbcedc1b813a157c32342c775
                • Opcode Fuzzy Hash: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                • Instruction Fuzzy Hash: 0EE06DB1604204BBD710EE98EC41F9B37ACEFC8710F004008FA18A7242D771B9118BB4
                Function 00D9CE63 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 114 d9ce63-d9cea7 call d74903 call d9dd73 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,00D8EA4E,?,?,00000000,?,00D8EA4E,?,?,?), ref: 00D9CEA2
                Memory Dump Source
                • Source File: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                • Associated: 00000001.00000002.12108509990.0000000000D70000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.12108562933.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_d70000_PO_62401394_MITech_20250601.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                • Instruction ID: 78effb4027d5350c13d962effb31aab01eab200f4d7177cbe7532ba32fdf25a4
                • Opcode Fuzzy Hash: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                • Instruction Fuzzy Hash: 64E06DB6214344BBD614EE98DC42EAB77ACEF88710F004049FA08A7242D770B9118AB4
                Function 00D9CF03 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 129 d9cf03-d9cf38 call d74903 call d9dd73 ExitProcess
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.12108530832.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                • Associated: 00000001.00000002.12108509990.0000000000D70000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.12108562933.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_d70000_PO_62401394_MITech_20250601.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                • Instruction ID: f22ed630341905c82365912b29d06bc3c4694d5db6e98023d66652b217507463
                • Opcode Fuzzy Hash: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                • Instruction Fuzzy Hash: 65E08C762006147BC720EA99DC01F9B77ADDFC5710F108099FA08A7286D7B0BA118BF4
                Function 00FF6D3A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 134 ff6d3a-ff6d3f 135 ff6d4f-ff6d56 LdrInitializeThunk 134->135 136 ff6d41-ff6d48 134->136
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 07623cedd0950d03a4ff36a469613eea68e67ea897320b9cc021e4bc0698330f
                • Instruction ID: 21c7b04c9e99f3116baa185e6cec409314616afe66ef6aaa2dd30435d4c2f473
                • Opcode Fuzzy Hash: 07623cedd0950d03a4ff36a469613eea68e67ea897320b9cc021e4bc0698330f
                • Instruction Fuzzy Hash: 90B09B71D014C5C6D611E770865972B79007BD0715F55C051D2434742EC73CC4D1F175

                Non-executed Functions

                Function 0100FA89 Relevance: 35.2, Strings: 28, Instructions: 175COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$audiodg.exe$containersettingsworker.exe$csrss.exe$dwm.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$msmpeng.exe$nissrv.exe$rdpclip.exe$rdpinit.exe$rdpshell.exe$runtimebroker.exe$searchindexer.exe$securityhealthservice.exe$services.exe$settingsynchost.exe$sihost.exe$smartscreen.exe$smss.exe$svchost.exe$systemsettingsbroker.exe$telemetryhost.exe$vmcomputeagent.exe$wininit.exe$winlogon.exe
                • API String ID: 0-3783504463
                • Opcode ID: baeb12d2b3790dd7c238e7aa7f12e56b54f6b73a723349fcb628c4b290c11ea0
                • Instruction ID: 1c9c8b0669af2a2718063a7f3902160c40d7f653fb0aca17646644b5bea23e2e
                • Opcode Fuzzy Hash: baeb12d2b3790dd7c238e7aa7f12e56b54f6b73a723349fcb628c4b290c11ea0
                • Instruction Fuzzy Hash: B661D3709042299BEB369F14CD85BFAB7F5BB44308F1441D9D949A7282D7B08E84EF50
                Function 01076A13 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                • API String ID: 0-2897834094
                • Opcode ID: 088703ca78439ce26d3d481183035103563d4371c60b4428b2dd7949135998fd
                • Instruction ID: cc40c616fe420dfa5ae3c6e367f352689278eb63695f19d3e797014cbdea897d
                • Opcode Fuzzy Hash: 088703ca78439ce26d3d481183035103563d4371c60b4428b2dd7949135998fd
                • Instruction Fuzzy Hash: 0E61A672E21D50EFE395AB89D987D2573B4E706B30709807AF5464B243C72EDC81EB1A
                Function 010675CE Relevance: 10.4, Strings: 8, Instructions: 400COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                • API String ID: 0-1357697941
                • Opcode ID: 6ad0ce87cace47f9c9964647ec4a56cb7273924c896b2ca757c47af84bf9e840
                • Instruction ID: 1a55654eaca7a88aeb1f10d8e75c0b496f284f38d7bb4bba3712d13335e4313b
                • Opcode Fuzzy Hash: 6ad0ce87cace47f9c9964647ec4a56cb7273924c896b2ca757c47af84bf9e840
                • Instruction Fuzzy Hash: C0E12031A10642EFDB65CF68C441BFABBF8FF09718F088499E5C587282D738A945DB61
                Function 01066B25 Relevance: 10.4, Strings: 8, Instructions: 373COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 78518308d42601aae425a516ca58030e3bd2508f5ef28f092641b0d3bca5d42b
                • Instruction ID: 9a481f7f18c879a635406b384b16aa2b9951f916a9b7a2fe316f5639683b5c97
                • Opcode Fuzzy Hash: 78518308d42601aae425a516ca58030e3bd2508f5ef28f092641b0d3bca5d42b
                • Instruction Fuzzy Hash: 73E10270A00A44DFCB55EFA8C851AADFFF6FF89714F088059E4859B652C73AE942CB11
                Function 00FAB757 Relevance: 10.3, Strings: 8, Instructions: 312COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                • API String ID: 0-3175702304
                • Opcode ID: e54418c01d8b0f4f8e77a064da958bded38fee1de0dfc40f58d28587b1b21c69
                • Instruction ID: 73498dbbd505f13ae7b857784a78540537fcada112a6e499fabc4c8b1de1881a
                • Opcode Fuzzy Hash: e54418c01d8b0f4f8e77a064da958bded38fee1de0dfc40f58d28587b1b21c69
                • Instruction Fuzzy Hash: CBB1A1B29083559FC721DF18C840B6FBBE8AF89714F01492EF985D7252D738DD04AB92
                Function 0106621E Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                • API String ID: 0-2224505338
                • Opcode ID: ffe6178ebd34bea3234d1d0b8ade48b9e47de022b3a3d966a9dc584d3b13c441
                • Instruction ID: 46f1873ec3c8a7697be02fe85bd08508f3b3e0c256ba1930249b1f55e614d621
                • Opcode Fuzzy Hash: ffe6178ebd34bea3234d1d0b8ade48b9e47de022b3a3d966a9dc584d3b13c441
                • Instruction Fuzzy Hash: 88515A32251A50EFC751EB98C896E69B7FDEF05F24F098065F9459B242C73AD840DB22
                Function 00FD3980 Relevance: 9.8, Strings: 7, Instructions: 1053COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: $$'LDR: %s(), invalid image format of MUI file $.mui$.mun$LdrpLoadResourceFromAlternativeModule$SystemResources\${
                • API String ID: 0-988474343
                • Opcode ID: 4890bf24c751cc525569566f3223e100280546ddc8bc758830430fb148042108
                • Instruction ID: 9fe254865622c07daaa2a682e6201ef287b6431aaf5d6ac0c46899194565294d
                • Opcode Fuzzy Hash: 4890bf24c751cc525569566f3223e100280546ddc8bc758830430fb148042108
                • Instruction Fuzzy Hash: 4CA28172A043598FDB21CF14CC40BAAB7B6BF46314F0845EAE949A7750D735AE84EF42
                Function 010051B0 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 649COMMONLIBRARYCODE
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: $(null)$(null)
                • API String ID: 0-3688460643
                • Opcode ID: 95edc60fca2d7394312ee93faa98dddb4440b642d9278d7d965f1cf9d3aa8ef5
                • Instruction ID: e1f0b08e2cbe27dd9c05648b1f8355255e10bc7898111f15e57819bbe75abd28
                • Opcode Fuzzy Hash: 95edc60fca2d7394312ee93faa98dddb4440b642d9278d7d965f1cf9d3aa8ef5
                • Instruction Fuzzy Hash: 1232AF71D412298EFB668A2CCC887E9BBF5AB19314F1841E9D58DA72D1D7748F81CF40
                Function 00FC8D60 Relevance: 9.3, Strings: 7, Instructions: 525COMMON
                Download Yara Rule
                Strings
                • Status != STATUS_NOT_FOUND, xrefs: 01024C07
                • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 01024A32
                • minkernel\ntdll\sxsisol.cpp, xrefs: 01024A57, 01024C11
                • @, xrefs: 00FC8D97
                • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 01024A4D
                • sxsisol_SearchActCtxForDllName, xrefs: 01024A21
                • Internal error check failed, xrefs: 01024A5C, 01024C16
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                • API String ID: 0-761764676
                • Opcode ID: 8117c170f4fbbe5db18cdef5a6c477ccd7a190a8c3c8e4c0d7848f830c307caa
                • Instruction ID: f5b27498929890688552fcda1c17d71e01b0e8d3107fc7d4c8e01d6a6123f197
                • Opcode Fuzzy Hash: 8117c170f4fbbe5db18cdef5a6c477ccd7a190a8c3c8e4c0d7848f830c307caa
                • Instruction Fuzzy Hash: B2229E71E002298BDB24CF98C982BAEBBF5FF48714F158069E845EB341D775AC41EB91
                Function 0103E9C5 Relevance: 9.0, Strings: 7, Instructions: 256COMMON
                Download Yara Rule
                Strings
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 0103EA47
                • VerifierDebug, xrefs: 0103EC9C
                • AVRF: -*- final list of providers -*- , xrefs: 0103EB90
                • HandleTraces, xrefs: 0103EC86
                • VerifierDlls, xrefs: 0103ECB4
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 0103EA71
                • VerifierFlags, xrefs: 0103EC49
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: 4cbb286c5bf2b95bfc6d69a41a93bdf4a46024e2bb8031dfd1ebeac86fadac35
                • Instruction ID: e2a4f17325e52ded88a5258eaa5676a419c6b47a0c5d82585aeabe1e3decf6ea
                • Opcode Fuzzy Hash: 4cbb286c5bf2b95bfc6d69a41a93bdf4a46024e2bb8031dfd1ebeac86fadac35
                • Instruction Fuzzy Hash: 81910A71A40715AFDB21EF98CC81F9F7BACAB84714F454254FAC16B281C735AD02C7A5
                Function 00FD5120 Relevance: 8.1, Strings: 6, Instructions: 557COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                • API String ID: 0-4098886588
                • Opcode ID: d059c4e00dcade5324da63531fcfcde7965eca48e2166a87a17ab56d80432b19
                • Instruction ID: 654e339a1b51e43c5934975e6f0d8a784a8747d6ddfe9ad89ae767aae483cb11
                • Opcode Fuzzy Hash: d059c4e00dcade5324da63531fcfcde7965eca48e2166a87a17ab56d80432b19
                • Instruction Fuzzy Hash: 1932B071E40A698BDB21CF14C894BEEB7B6AF45750F1840EBE849A7390D7749E81EF40
                Function 00FCA2C0 Relevance: 7.9, Strings: 6, Instructions: 439COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                • API String ID: 0-122214566
                • Opcode ID: 1231d0259eb4981966fe4608e1bd328871856efae3ef9025f0b78ca1dd2e7d30
                • Instruction ID: a56af1df25787510b894d7054a8b22ab04500b2858da27464ba26ccda674d863
                • Opcode Fuzzy Hash: 1231d0259eb4981966fe4608e1bd328871856efae3ef9025f0b78ca1dd2e7d30
                • Instruction Fuzzy Hash: E1F1F331E0065A9BDB25DB28CA96FBE77B4BF40718F18406DE8019B2D1E775EC41E392
                Function 00FA4A12 Relevance: 7.6, Strings: 6, Instructions: 125COMMON
                Download Yara Rule
                Strings
                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00FA4A7F
                • LdrpInitShimEngine, xrefs: 00FA4A86, 00FA4AF0, 00FA4B37
                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 00FA4B31
                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00FA4AEA
                • apphelp.dll, xrefs: 00FA4A4C
                • minkernel\ntdll\ldrinit.c, xrefs: 00FA4A90
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: 452d801430e24a1458178c20fc40c54f565b67cb46b7ec6ab55df3a1789315e6
                • Instruction ID: 132d1a5613944c1826a841460287d07faed3c0867849df3cee1d6803d442f7e1
                • Opcode Fuzzy Hash: 452d801430e24a1458178c20fc40c54f565b67cb46b7ec6ab55df3a1789315e6
                • Instruction Fuzzy Hash: B2418471A00728ABDB22EB20CC86FEA77BCAB85744F1041D9A419E7191DA75AF84DF50
                Function 00FE699D Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • RtlGetAssemblyStorageRoot, xrefs: 0102AEEB, 0102AF25, 0102AF45
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 0102AF0B
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 0102AF03
                • SXS: %s() passed the empty activation context, xrefs: 0102AEF0
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0102AF2A
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 0102AF4A
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: 20cde5776e5e0456d38b16bf0a4ce53299d289bffea4545a5e61dfcfcef2ad76
                • Instruction ID: fd312a1712f2df9cb8742163b2167696306bcaa2706d7aa8f282563b98594944
                • Opcode Fuzzy Hash: 20cde5776e5e0456d38b16bf0a4ce53299d289bffea4545a5e61dfcfcef2ad76
                • Instruction Fuzzy Hash: 77312872F00369B7EB209A868C85FAA7768EF61F94F058064F645F7181D674DE0097D1
                Function 00FCD800 Relevance: 7.3, Strings: 4, Instructions: 2341COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: #$HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                • API String ID: 0-1481774953
                • Opcode ID: be02809edab235ca3359f7adcf3c7bead4510b568d340c202c43a4b833656047
                • Instruction ID: 442b91b84584deb6fa1b78363e93b181f01642806147b0be38f4a6cf9bd45a85
                • Opcode Fuzzy Hash: be02809edab235ca3359f7adcf3c7bead4510b568d340c202c43a4b833656047
                • Instruction Fuzzy Hash: 5E237C70E006569FDB28CF68C581BADBBF1BF49314F1481ADE849AB381D735AC45EB90
                Function 00FB5700 Relevance: 7.0, Strings: 5, Instructions: 772COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: $!$%$%%%u$%%%u!%s!
                • API String ID: 0-2644866104
                • Opcode ID: 9fb561f8e9d30fe7e4d0c7274812afab3a8196cf3b02457a24a533b3e9827918
                • Instruction ID: c64cc153ea2801f2eebbe2cc483eee7d86765fa19457d9aebd68bab4553110d2
                • Opcode Fuzzy Hash: 9fb561f8e9d30fe7e4d0c7274812afab3a8196cf3b02457a24a533b3e9827918
                • Instruction Fuzzy Hash: EA62A2B1E002258FDB75CF18C8817ADB7F6BF84720F5441DAE989AB284D77A5A91CF40
                Function 00FB18CB Relevance: 6.9, Strings: 5, Instructions: 660COMMON
                Download Yara Rule
                Strings
                • Kernel-MUI-Language-Allowed, xrefs: 00FB19FF
                • Kernel-MUI-Language-SKU, xrefs: 00FB1C65
                • Kernel-MUI-Language-Disallowed, xrefs: 00FB1B34
                • WindowsExcludedProcs, xrefs: 00FB1902
                • Kernel-MUI-Number-Allowed, xrefs: 00FB1979
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                • API String ID: 0-258546922
                • Opcode ID: f4ed61790e1b48a287bdc1f4793371c24c26cb32c8df5212328f14fce875ff1a
                • Instruction ID: 8e543981a67bbe7b2e600a5ae8a3776e5ba5bf7068665d19a3c3f098495c32b3
                • Opcode Fuzzy Hash: f4ed61790e1b48a287bdc1f4793371c24c26cb32c8df5212328f14fce875ff1a
                • Instruction Fuzzy Hash: D8226B72D40219ABDB11DF95CE91EEEBBBDBF08750F540069E601E7251D638DE01EBA0
                Function 00FC8810 Relevance: 6.7, Strings: 5, Instructions: 454COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                • API String ID: 0-3393094623
                • Opcode ID: cfce43ab055e15580727f9af23c55b23c647e895d0a998ea118bf71b9fc9e0da
                • Instruction ID: 787c6bccd7b56262296a50c58b420a70e012599e0b274bff80451c8c2d692988
                • Opcode Fuzzy Hash: cfce43ab055e15580727f9af23c55b23c647e895d0a998ea118bf71b9fc9e0da
                • Instruction Fuzzy Hash: 4C027C719083529FC720CF14C281B6BBBE4BF88794F14892EE999D7350DB74D846EB92
                Function 0103AEF0 Relevance: 6.5, Strings: 5, Instructions: 249COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                • API String ID: 0-2518169356
                • Opcode ID: aa5534bf46ca179e3a5eebd22e0c96d9ec46b4db5bde548a574c3faa07b1a04f
                • Instruction ID: dd941748744d6baa0c9690e1d1b889b0ad3b06e0e4c84ad86bfc945a1a1a7ea1
                • Opcode Fuzzy Hash: aa5534bf46ca179e3a5eebd22e0c96d9ec46b4db5bde548a574c3faa07b1a04f
                • Instruction Fuzzy Hash: 8491A072D00619CFCB21CFACC881AAEB7F5EF88314F1941AAE995E7391D3759941CB90
                Function 00FC4730 Relevance: 6.3, Strings: 5, Instructions: 83COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                • API String ID: 0-1222099010
                • Opcode ID: d52494dca0f347b878b3a51952c9a5bef8dc9203217f700626861eec8a4f9af2
                • Instruction ID: 58c49c77d0628a2c164314a4b94ef79ea0a3c35f69620852f6ccf3d710e7df05
                • Opcode Fuzzy Hash: d52494dca0f347b878b3a51952c9a5bef8dc9203217f700626861eec8a4f9af2
                • Instruction Fuzzy Hash: 7A312431914A81DFD722D758C92BFA577A4EF02B20F08405CE852176D1C7ACF845E722
                Function 00FA607D Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlSizeHeap
                • API String ID: 0-360004557
                • Opcode ID: 675d793345c2bf476e2d7f2e0562503a867789014407424c118edc41ebbeb2e3
                • Instruction ID: 32be466b7042c3103c9e9e91ae4da2a3b214c4e05135461174cc94c52a9ca575
                • Opcode Fuzzy Hash: 675d793345c2bf476e2d7f2e0562503a867789014407424c118edc41ebbeb2e3
                • Instruction Fuzzy Hash: 7F012832129A50AFD356A358EC4BFA677E4EB42B30F1C4059F40547582CBACD445E332
                Function 010464B0 Relevance: 5.6, Strings: 4, Instructions: 554COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: "!""$""""$MitigationAuditOptions$MitigationOptions
                • API String ID: 0-3174032045
                • Opcode ID: f9a90736b45680c4fcaf1ee515a216c91e53d5ab4d54f978768167240106776b
                • Instruction ID: aa4d5ce5380507c37b584d84d5ead918cbf76e51721c9e22753475d8037a937e
                • Opcode Fuzzy Hash: f9a90736b45680c4fcaf1ee515a216c91e53d5ab4d54f978768167240106776b
                • Instruction Fuzzy Hash: F0125EF26047019FE764CF2DC5D162AFBE1BB89310F148A3EE6D687650E772E9448B41
                Function 00FDD6B8 Relevance: 5.4, Strings: 4, Instructions: 387COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: $HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                • API String ID: 0-2084224854
                • Opcode ID: 7773e49f5f6ad9e8e146f98ac2f35a16116ef6dd5e19a1c43a8b6f7881a1ed89
                • Instruction ID: d544b0b6c3c686a5e7cbf94fdf9681c568244f50b0a28c49b01416d81f00fb3b
                • Opcode Fuzzy Hash: 7773e49f5f6ad9e8e146f98ac2f35a16116ef6dd5e19a1c43a8b6f7881a1ed89
                • Instruction Fuzzy Hash: 7FE10435A046559BCB29CF28C451BBABBF2BF48310F18C49EE8D68B346D734E945EB50
                Function 00FD7730 Relevance: 5.3, Strings: 4, Instructions: 270COMMON
                Download Yara Rule
                Strings
                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01026E97
                • HEAP[%wZ]: , xrefs: 01026DB7, 01026E7B
                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 01026DD3
                • HEAP: , xrefs: 01026DC6, 01026E8A
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                • API String ID: 0-1657114761
                • Opcode ID: ecf1a2862a43f9430f8bfbe71528f3c1f02cf0fcc1b1c5e73c19b699acdc0bd1
                • Instruction ID: e344a404b24dd7ded0a8d2312cbf47a145e0f185e24119d50cfe3ed095794d11
                • Opcode Fuzzy Hash: ecf1a2862a43f9430f8bfbe71528f3c1f02cf0fcc1b1c5e73c19b699acdc0bd1
                • Instruction Fuzzy Hash: 3EA11671E04745CBDB14EF24C481BBAF7F2AF14310F28856AD4968B741E334A945EB91
                Function 00FE6A6B Relevance: 5.2, Strings: 4, Instructions: 247COMMON
                Download Yara Rule
                Strings
                • .Local, xrefs: 00FE6BFF
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 0102AF64, 0102B03C
                • SXS: %s() passed the empty activation context, xrefs: 0102AF69
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 0102B041
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: 20b8d6f2839e4ed9a60bb6bf3ad911fc428b71e70548c4a114157abb37c05d3a
                • Instruction ID: 2037101818f6b2a0990d1ffd84dc7d8b22d0ca4653d7220af12632c52ded3ef6
                • Opcode Fuzzy Hash: 20b8d6f2839e4ed9a60bb6bf3ad911fc428b71e70548c4a114157abb37c05d3a
                • Instruction Fuzzy Hash: BEA1CE71A0022DDBDB24DF59CC88BA9B3B1EF68354F2401EAE949E7251D7349E81DF90
                Function 00FDE74C Relevance: 5.2, Strings: 4, Instructions: 186COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: LDR:MRDATA: Process initialization failed with status 0x%08lx$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1943796572
                • Opcode ID: fe5509eb75fd0a26d892d733b0b953977ead43f54133e11ab7ec27d7c1b03959
                • Instruction ID: 2552e5c00920abf4382fe4f027c8a720c6357b8404a563c75288cd52a78b97c0
                • Opcode Fuzzy Hash: fe5509eb75fd0a26d892d733b0b953977ead43f54133e11ab7ec27d7c1b03959
                • Instruction Fuzzy Hash: 04614531E013029BEB25FF50C891BEE77A2AF40720F58416AE5856F3C1CB795C01EB92
                Function 01038544 Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                • API String ID: 0-1880532218
                • Opcode ID: fbf030e8b6e5c1d683637776202aff3fd138d0fe6846458742bacb03119042eb
                • Instruction ID: ce00ffa6c3b7d71b135f3a27764d4a12f62e164b3d2eef74201d86f9c3c5c4cc
                • Opcode Fuzzy Hash: fbf030e8b6e5c1d683637776202aff3fd138d0fe6846458742bacb03119042eb
                • Instruction Fuzzy Hash: 7D213B35A40604ABDB11CF189C41BA9B7F9AFC4708F0981AAF944A7382E735EA05D755
                Function 0106656E Relevance: 5.1, Strings: 4, Instructions: 54COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                • API String ID: 0-4256168463
                • Opcode ID: aff50388fe96f99386c8854bbef4e5da850924ec39d4d5402f21961a4f0a6df5
                • Instruction ID: e431dd08237b4f1db1fe0faebb3a5b0bbfc1f8acfaf7e6d45cc4ab6cf98136b7
                • Opcode Fuzzy Hash: aff50388fe96f99386c8854bbef4e5da850924ec39d4d5402f21961a4f0a6df5
                • Instruction Fuzzy Hash: 6C01F9721507109FCB51EB78C842FD977FCEB42B50F084099F48197286DB79E949D691
                Function 00FD3753 Relevance: 4.3, Strings: 3, Instructions: 562COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                • API String ID: 0-3178619729
                • Opcode ID: 73bb7dbdb3067ce8710bf33a9a311feb7234066cddc82c1b7200ecd972b897c7
                • Instruction ID: bd25f857c9b1b15ea67873df3fd89b0ba9efcbead09246232e7e478f13b30542
                • Opcode Fuzzy Hash: 73bb7dbdb3067ce8710bf33a9a311feb7234066cddc82c1b7200ecd972b897c7
                • Instruction Fuzzy Hash: AB226670A00651EFDB15DF28C885BBABBF6EF05704F18C09AE5858B382E734D986CB55
                Function 00FDB510 Relevance: 4.3, Strings: 3, Instructions: 520COMMON
                Download Yara Rule
                Strings
                • HEAP[%wZ]: , xrefs: 01028368
                • HEAP: , xrefs: 01028375
                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 0102838A
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                • API String ID: 0-3178619729
                • Opcode ID: 016105a1d36449457a5b29cf88693be55fda9f245d32780565d121dd7bd44741
                • Instruction ID: fa3a20b09704ad985a813e99539085f7886ed10779ebd1239afa9f18c9c28406
                • Opcode Fuzzy Hash: 016105a1d36449457a5b29cf88693be55fda9f245d32780565d121dd7bd44741
                • Instruction Fuzzy Hash: A612B134A04662EFDB25CF24C480B76BBE2BF45314F19C59EE4898B385E734E845EB91
                Function 00FD7280 Relevance: 4.1, Strings: 3, Instructions: 395COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: e9064584b4c48bd1ac35ffe11f5f20329705712ff47bb33106e1281580433093
                • Instruction ID: 23e1c9d573481787d1acd64d5533fe501be0dc40dc26273dd3bf6b004ff8e775
                • Opcode Fuzzy Hash: e9064584b4c48bd1ac35ffe11f5f20329705712ff47bb33106e1281580433093
                • Instruction Fuzzy Hash: BFF1D031A04606DFDB16DF28C894B6AB7F6FF45300F2881AAE8469B341E735ED81DB51
                Function 00FACD68 Relevance: 4.0, Strings: 2, Instructions: 1507COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: $
                • API String ID: 0-227171996
                • Opcode ID: 265040a2d87c8e2cae3fe53d40d62c9c867ee03c0af6c22f357a70a2ac8e0eb1
                • Instruction ID: 98a333d5b5dc57c469492bf56447c425f79c41ce954aebcb85e7c94c7f747fcb
                • Opcode Fuzzy Hash: 265040a2d87c8e2cae3fe53d40d62c9c867ee03c0af6c22f357a70a2ac8e0eb1
                • Instruction Fuzzy Hash: 12C28FB2A083819FD725CF14C840BABB7E5BF8A754F04892DF98AC7651D774D804EB52
                Function 00FDA960 Relevance: 4.0, Strings: 3, Instructions: 254COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-3610490719
                • Opcode ID: 2aed8bb4845075a8aa32fa013ecfed2246e9023415a2927db8e523c6b2b74588
                • Instruction ID: 1b1472b49dcfb16829be695902bc741227f9de09cc48a5e9913b06baa191f5a8
                • Opcode Fuzzy Hash: 2aed8bb4845075a8aa32fa013ecfed2246e9023415a2927db8e523c6b2b74588
                • Instruction Fuzzy Hash: 6B91F671B006419BD726DB24C985B6AB7A7BF80720F0C055AF9418B381DB38EC45EB9B
                Function 00FDE463 Relevance: 3.9, Strings: 3, Instructions: 170COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                • API String ID: 0-2283098728
                • Opcode ID: b1a67765e745a022fc63808e18c448f8360c3afe1d6df64bcdda774aaa190b2b
                • Instruction ID: 6cc8ba0e777a02769619ef6f7b0c87e65c0b15d91efb0d7d8ebafb1d75479a98
                • Opcode Fuzzy Hash: b1a67765e745a022fc63808e18c448f8360c3afe1d6df64bcdda774aaa190b2b
                • Instruction Fuzzy Hash: 4D51D3317407029BC724FF28D986B6A73A2BB85764F5C062EE4958F391EB74EC04E791
                Function 010640D5 Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                Download Yara Rule
                Strings
                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 01064263
                • HEAP[%wZ]: , xrefs: 01064243
                • HEAP: , xrefs: 01064250
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                • API String ID: 0-3815128232
                • Opcode ID: 00bc91b0b0cb77d2c6ec2e7d4552539080e43ffd3f89dda37c2528760e174b16
                • Instruction ID: a7af5676585b570af890aff5473014dfc86ac43cdb54584fdb72c9d8c8ea8e46
                • Opcode Fuzzy Hash: 00bc91b0b0cb77d2c6ec2e7d4552539080e43ffd3f89dda37c2528760e174b16
                • Instruction Fuzzy Hash: CE513674300250CEE3A4CF2DC8447B27BEAAF65744F55488AE9D2CF281D63AD847DB21
                Function 00FB4745 Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                Download Yara Rule
                Strings
                • @, xrefs: 00FB47E0
                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00FB47B1
                • InstallLanguageFallback, xrefs: 00FB47FC
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                • API String ID: 0-1757540487
                • Opcode ID: e5bce9c1551fc102003be43426d4b3ccb1697e6f611fa6e3dfeba62e213bd7fe
                • Instruction ID: f2c04a660cf7e8e5531d7355ebe478fa0f0895e95a6d11cdacacaeecf7865d58
                • Opcode Fuzzy Hash: e5bce9c1551fc102003be43426d4b3ccb1697e6f611fa6e3dfeba62e213bd7fe
                • Instruction Fuzzy Hash: 9151B2765083469BC720DF68C844BABB3E8BF88754F04096EFA85E7251F738D904DB62
                Function 00FDA3C0 Relevance: 3.9, Strings: 3, Instructions: 156COMMON
                Download Yara Rule
                Strings
                • HEAP[%wZ]: , xrefs: 01027A35
                • HEAP: , xrefs: 01027A42
                • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 01027A4D
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                • API String ID: 0-1596344177
                • Opcode ID: 29a3fc8e87cf60de06bd8918a55bd288caf64a0e116fe1029782e75787ecdbf5
                • Instruction ID: 2f0169807357c93e8d169f3cd5a84b264daed001f011e27cd6fd08702ad4062e
                • Opcode Fuzzy Hash: 29a3fc8e87cf60de06bd8918a55bd288caf64a0e116fe1029782e75787ecdbf5
                • Instruction Fuzzy Hash: EF51E371A00111DFCB15CF68C484AAAFBF2FF45320F29819AE455AB342D775ED42DB92
                Function 00FA609F Relevance: 3.9, Strings: 3, Instructions: 128COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                • API String ID: 0-1151232445
                • Opcode ID: a706393f5906fa83a11493cf84bf6c5b589904d12ad2f0c8e29fef28f1924ae6
                • Instruction ID: d48402233b5086617d66a680e01ca5cea45fcda658d40036dc5cd59c9e0907af
                • Opcode Fuzzy Hash: a706393f5906fa83a11493cf84bf6c5b589904d12ad2f0c8e29fef28f1924ae6
                • Instruction Fuzzy Hash: 2A410E715046804BEF37CE5CC8C4BAA7BD1FB02B28F1C40A9D9C68B14BC769D855D761
                Function 0103A6D8 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 0103A80E
                • minkernel\ntdll\ldrredirect.c, xrefs: 0103A81F
                • LdrpCheckRedirection, xrefs: 0103A815
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: 916bdc26feed27ec5941af88d6037f1a60d5f2b8889cdff295c0f0a3c9569f5b
                • Instruction ID: 159d653c4a91075d32240b60bface06a569d24cc04f550a2c03fcb82c68e15cf
                • Opcode Fuzzy Hash: 916bdc26feed27ec5941af88d6037f1a60d5f2b8889cdff295c0f0a3c9569f5b
                • Instruction Fuzzy Hash: 36418F3A704712DBCB62DF18CC8096A77F9BFC8750B0505A9EDCAD7651E731D8009B91
                Function 0104A5C4 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: baf3e9ee1ff7a0bad4faa0cc10817a499fcf285c2e7016890274ecc0b5011df4
                • Instruction ID: c4595f139053723feb22e41ed9617b326450e50c9f1c81854f3f1fdcfaab7e1c
                • Opcode Fuzzy Hash: baf3e9ee1ff7a0bad4faa0cc10817a499fcf285c2e7016890274ecc0b5011df4
                • Instruction Fuzzy Hash: E741C4B1A41244CBEB25DB98CD85B9DBBF9EF85340F1404AED982EF392E7749901CB11
                Function 01038BB0 Relevance: 3.8, Strings: 3, Instructions: 34COMMON
                Download Yara Rule
                Strings
                • LdrpInitializationFailure, xrefs: 01038BC3
                • Process initialization failed with status 0x%08lx, xrefs: 01038BBC
                • minkernel\ntdll\ldrinit.c, xrefs: 01038BCD
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: 466d7e1c59c5c3dfa0831782745f89974a0159d253df78ee32ce4cc1b6ada8cd
                • Instruction ID: dfc3e88da871e34a5df4bbcc57aa4da84b1838b123b793f89320cdffb386b645
                • Opcode Fuzzy Hash: 466d7e1c59c5c3dfa0831782745f89974a0159d253df78ee32ce4cc1b6ada8cd
                • Instruction Fuzzy Hash: 51F08271681208BBE620B749CC47FDA3AADDB80B54F400096B540AF2C6D9E0AA40D796
                Function 00FCAE90 Relevance: 3.2, Strings: 2, Instructions: 660COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: :$:
                • API String ID: 0-3780739392
                • Opcode ID: fc03f3c09c398e2d4e5ae6a4c58aa50decdb7ba5aaef53d0c1b46c398d784510
                • Instruction ID: ca1e609cb7e29b2586019a0af20eafdc7b88a14a805c17b9028679e76b009f3a
                • Opcode Fuzzy Hash: fc03f3c09c398e2d4e5ae6a4c58aa50decdb7ba5aaef53d0c1b46c398d784510
                • Instruction Fuzzy Hash: 28428B79D0425ACBCB28CF98C683BADB7B1FF08310F28456EE415AB255E7749C45EB90
                Function 00FD0D50 Relevance: 3.1, Strings: 2, Instructions: 648COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @$@
                • API String ID: 0-149943524
                • Opcode ID: bb0d461d72386de770e925f9d13e78813c529876275623dffa4a6555425c48fd
                • Instruction ID: 0d1ebe176d7b32bb790881a79c17dfb0a9a222fd288c186288cf960c4e99399e
                • Opcode Fuzzy Hash: bb0d461d72386de770e925f9d13e78813c529876275623dffa4a6555425c48fd
                • Instruction Fuzzy Hash: 93329E719083619BC7248F18C894B7EB7E6BF89710F18491EF9C687790E735D884EB92
                Function 00FD6500 Relevance: 2.9, Strings: 2, Instructions: 441COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Exit, xrefs: 00FD6555
                • LdrResSearchResource Enter, xrefs: 00FD6543
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: 528da0f8c0bbb493fa4cb3d2885d87b6bd71d802f9dd553b0daddaf08c724f03
                • Instruction ID: 70271195e9a3622cb7e22abc09a292a32ec460e0e3aa115c853e3e8bfa7bba41
                • Opcode Fuzzy Hash: 528da0f8c0bbb493fa4cb3d2885d87b6bd71d802f9dd553b0daddaf08c724f03
                • Instruction Fuzzy Hash: C4F15072E002199BDF15DF99D990BAEB7BAAF44320F18402BE911EB394DB74DD40EB50
                Function 0105A060 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                Download Yara Rule
                Strings
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages, xrefs: 0105A0F2
                • @, xrefs: 0105A24B
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                • API String ID: 0-154450740
                • Opcode ID: 3ec3821711494c7a4bab1aa9b198b583238ad2fd462d95abfcfc1dd77b7404ed
                • Instruction ID: 260cc3708c232048b289ea5ca2480acaac8a303a7f7a55d62f209d4334af40e0
                • Opcode Fuzzy Hash: 3ec3821711494c7a4bab1aa9b198b583238ad2fd462d95abfcfc1dd77b7404ed
                • Instruction Fuzzy Hash: 2DA19E716083069FD351DF28C881B6BBBE8EF84B84F004A2DFAC497251DB79DD049B92
                Function 0103862D Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @$AddD
                • API String ID: 0-2525844869
                • Opcode ID: ad765e5ee325fbcad3bd232990a7efdae6f589cecf414b38ec2a5c011aa0e2f5
                • Instruction ID: 040b16b8dafa37113cc1257e7d5e24048ecf9c0c9c33e9d89090791f513b3d9a
                • Opcode Fuzzy Hash: ad765e5ee325fbcad3bd232990a7efdae6f589cecf414b38ec2a5c011aa0e2f5
                • Instruction Fuzzy Hash: 17A13CB1A00218AFEB15CB94DD45FEEB7BDEF84300F1482AAF650E7250E775A905DB60
                Function 00FEA3A0 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @$TargetPath
                • API String ID: 0-4164548946
                • Opcode ID: bab1f3e4468a28419baf78299e8f3944112be86b542e04cf88104d13772435d5
                • Instruction ID: cb55915054cd9c0fff100a2aec93e9e362ef809a8b0065d8d6c7f7fc65779365
                • Opcode Fuzzy Hash: bab1f3e4468a28419baf78299e8f3944112be86b542e04cf88104d13772435d5
                • Instruction Fuzzy Hash: A78112729042568FEB20DF18C984A6FB7E8FF84714F01892DFA8597260D375EC09DB92
                Function 0104C200 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Log$RXACT
                • API String ID: 2994545307-2401810139
                • Opcode ID: 61ab6507cb0c36bec6d7a87155ba3a5c0c9609fb48478b3da6f60b5a3e7ff91d
                • Instruction ID: ccb90583d4ba719eda9395557e8fbd0e4fc211fc1ed19e14325b78fc452a9078
                • Opcode Fuzzy Hash: 61ab6507cb0c36bec6d7a87155ba3a5c0c9609fb48478b3da6f60b5a3e7ff91d
                • Instruction Fuzzy Hash: 1D7158B2209349AFE711DF54CD80E6BBBECFF88744F004929B68497221DB79DD049B92
                Function 00FD6AD0 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                Download Yara Rule
                Strings
                • LdrpResGetMappingSize Enter, xrefs: 00FD6AEA
                • LdrpResGetMappingSize Exit, xrefs: 00FD6AFC
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                • API String ID: 0-1497657909
                • Opcode ID: 9b313b9789e9a62d9a40ab9ed2439097e84215a86b4ecba5e6b8ac92890f37e0
                • Instruction ID: 35a50c5db6915c2dc9fec8494ec9d6e00001d88327f88bc0831c13d02d9202bc
                • Opcode Fuzzy Hash: 9b313b9789e9a62d9a40ab9ed2439097e84215a86b4ecba5e6b8ac92890f37e0
                • Instruction Fuzzy Hash: 2E71BD71E116558FDB25CFA8D850BADB7B2FF48724F18406AE841EB390E7789C40EB60
                Function 0105A8F3 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: 6f62325318078072fbaf6cfe9181ae81a6aacbd8490e7e105c1556badc18bae4
                • Instruction ID: bcfa640293a4c2cd6ab11b956af839e2ead7661f77f8bf9e4f665863d5b74936
                • Opcode Fuzzy Hash: 6f62325318078072fbaf6cfe9181ae81a6aacbd8490e7e105c1556badc18bae4
                • Instruction Fuzzy Hash: 54514871E0021DAEDB51DFA4CD81EEFBBB9FF08754F010229EA41A7290D7359905DBA0
                Function 00FD8155 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Exit, xrefs: 00FD819B
                • RtlpResUltimateFallbackInfo Enter, xrefs: 00FD818D
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: bc463a43b35b190f6f245c7ab45efab4f4b1413577660ec4e8f932f148aad3fb
                • Instruction ID: a3ec1d1420f4b798fc91cb5b856d110bd9b3518bf9c9622ada615180686b3f6b
                • Opcode Fuzzy Hash: bc463a43b35b190f6f245c7ab45efab4f4b1413577660ec4e8f932f148aad3fb
                • Instruction Fuzzy Hash: E2412431A00645DFDB11DFA9C844B6A77F6FF92350F2840AAE940DB392EB34D946DB50
                Function 0100E0D9 Relevance: 2.6, Strings: 2, Instructions: 110COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @$\Device\SrpDevice
                • API String ID: 0-624458963
                • Opcode ID: d4b0a8356e43ec9c38844ac6df09ee41c74f901c92df923af13df60912044503
                • Instruction ID: 2ae403195c5892018740bbeb2dc7e84baad36ab25104da6fb46066ec285fb267
                • Opcode Fuzzy Hash: d4b0a8356e43ec9c38844ac6df09ee41c74f901c92df923af13df60912044503
                • Instruction Fuzzy Hash: 3631ABB2D00119AEEB22DF88CC41AEFBBB8EF44744F004466F944B72A0D7348E04D7A0
                Function 00FEE0FA Relevance: 2.5, Strings: 2, Instructions: 42COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: e02cc65f8631def4f1b1faafcc1843fd2c0b658deffbd68735e1929e1d5f88e2
                • Instruction ID: db384000441158a1b1fa522859c2588c0060753708c7081d956bbc6ffeadea80
                • Opcode Fuzzy Hash: e02cc65f8631def4f1b1faafcc1843fd2c0b658deffbd68735e1929e1d5f88e2
                • Instruction Fuzzy Hash: 8801D6B2A00689EFEB21DF60DD05BA977F4EB00709F0044B5A644DB194E77CDA80DB45
                Function 00FD2960 Relevance: 2.2, Strings: 1, Instructions: 944COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 7b5f77b2d549a1bc206ea717b4783d2c12ddc38f13cf96fcf93c7b0ba9bd4fa8
                • Instruction ID: d7208d0170388800739ece059d36e519dd3b66ecaf64f1268245888ebbcfb525
                • Opcode Fuzzy Hash: 7b5f77b2d549a1bc206ea717b4783d2c12ddc38f13cf96fcf93c7b0ba9bd4fa8
                • Instruction Fuzzy Hash: FC827F75E002199FDB64CF99C880BADB7B2FF18710F18816AE915AB350D7349E81EF91
                Function 01063305 Relevance: 1.9, Strings: 1, Instructions: 638COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: bbfabebb05dde19d610d6a7eccfc0a66a4a1998a805f450864745d3fa615423d
                • Instruction ID: 8ce306c0088ae85ffe706a1a023348af8ea9bc5a6703059ccb3d1491883f8f26
                • Opcode Fuzzy Hash: bbfabebb05dde19d610d6a7eccfc0a66a4a1998a805f450864745d3fa615423d
                • Instruction Fuzzy Hash: 4B72F570D012188FDB94DFAAC4C4AAEB7F2FF88311F75C159D9846B649C3356A16CBA0
                Function 00FBE810 Relevance: 1.8, APIs: 1, Instructions: 253COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1bce3c271abf875d8a40840555ae9e25bacae62127161b8b6ee955632ac663d7
                • Instruction ID: 50db3294fa9c8cbf8bca0298d875363d400406de1f0a881303b833677801f1d3
                • Opcode Fuzzy Hash: 1bce3c271abf875d8a40840555ae9e25bacae62127161b8b6ee955632ac663d7
                • Instruction Fuzzy Hash: E5A16871608742CFC720DF29C480AAABBE9BF88350F244A6EF58597351E734E945DF92
                Function 010189CC Relevance: 1.8, Strings: 1, Instructions: 501COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: <unknown>
                • API String ID: 0-1574992787
                • Opcode ID: 3a72afc6cb1ce6d771a13afa6bfccfa3a9ec7b4686636eb48835547939ae15c7
                • Instruction ID: ea8ff8775d389d2c812654b9252ea59635fbc522e12164c9ca446fb2fec015a1
                • Opcode Fuzzy Hash: 3a72afc6cb1ce6d771a13afa6bfccfa3a9ec7b4686636eb48835547939ae15c7
                • Instruction Fuzzy Hash: A12215B1A083818FD364CF29C580B9AFBE5BFC8304F54892EE5C997355DB74A944CB92
                Function 010792BB Relevance: 1.7, Strings: 1, Instructions: 486COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: f49c29b10d6d3d5acc7594840bd8262e0d84fbe0ce62d67095025a886e27dcb6
                • Instruction ID: b8858b58ae37bed90f76c8f5c3adea7c088522feb23f3cc67577740c10077097
                • Opcode Fuzzy Hash: f49c29b10d6d3d5acc7594840bd8262e0d84fbe0ce62d67095025a886e27dcb6
                • Instruction Fuzzy Hash: 91020574A046518FDBA4CF2DC440779BBF1BF45328B1481DAE9D6CB282D735E842DB68
                Function 00FAF780 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: 0
                • API String ID: 0-4108050209
                • Opcode ID: dab1a3454f656c7dc982d39c25d1b27ad3f034af2d6b5a0f6ec16aecb171aa3e
                • Instruction ID: a26f1a58732bb55882f2cc0affa8b8290185b16477e7eba17b27688ff55927cb
                • Opcode Fuzzy Hash: dab1a3454f656c7dc982d39c25d1b27ad3f034af2d6b5a0f6ec16aecb171aa3e
                • Instruction Fuzzy Hash: 0F02A1B1A087469FC725CF64C480B6BBBE1AF89764F14487DF8898B251DB38D908EB51
                Function 00FBB513 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: PATH
                • API String ID: 0-1036084923
                • Opcode ID: 2ba6e638df4b3531571a6156d5915fe8165ef2912b6104c5f0eb37c4a6f06c11
                • Instruction ID: 4e7b79d0a47875d43657e2b54532057673e8c40981ac170d56b745ad6b76a2bd
                • Opcode Fuzzy Hash: 2ba6e638df4b3531571a6156d5915fe8165ef2912b6104c5f0eb37c4a6f06c11
                • Instruction Fuzzy Hash: 1DF19D76D002199BCB20DF9AD981BFDBBB1FF88710F244019E581AB254D7B5AD42EF90
                Function 00FAA857 Relevance: 1.7, APIs: 1, Instructions: 173COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: _vswprintf_s
                • String ID:
                • API String ID: 677850445-0
                • Opcode ID: a3d132d08c444e49883c91dd79d9aec980fad5297a83a859c87942d4f9c14410
                • Instruction ID: 5a7aa53cdcfc802ef17c42ffc377067c6b9dca3eabd20ef86e74ae824b9b4a4f
                • Opcode Fuzzy Hash: a3d132d08c444e49883c91dd79d9aec980fad5297a83a859c87942d4f9c14410
                • Instruction Fuzzy Hash: FE61BE71D003298FEF318F68C8407AEBBF1BF44710F2081A9E899AB286D7754985DF91
                Function 00FBE46C Relevance: 1.7, APIs: 1, Instructions: 164COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FBE4C5
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID:
                • API String ID: 885266447-0
                • Opcode ID: 408b65f3cb1c337c059448561206e2e47dcca672af248bdf268926842fcc5ed3
                • Instruction ID: 0944e223754ad1d0f2c0101a39eeba500c2e52341a70ef12f62c6bc96e44fbcb
                • Opcode Fuzzy Hash: 408b65f3cb1c337c059448561206e2e47dcca672af248bdf268926842fcc5ed3
                • Instruction Fuzzy Hash: 90513271A08341CFC720DF29C580AAABBE9BB98714F28496EF595C7355E770EC449F82
                Function 010683E9 Relevance: 1.6, Strings: 1, Instructions: 376COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: .
                • API String ID: 0-248832578
                • Opcode ID: 4c36c47b6b3670acb84991b56f74bd619a52cd2fa751042c8e3d4aaa2fba9cef
                • Instruction ID: 9c81b57428abf09727672ebed541e999b73598bf7c425734655dfb41aee137c4
                • Opcode Fuzzy Hash: 4c36c47b6b3670acb84991b56f74bd619a52cd2fa751042c8e3d4aaa2fba9cef
                • Instruction Fuzzy Hash: C9E19B75D003688FDF61CFA8C840ABDBBF5FF48700F54809AE985AB295DB349992CB50
                Function 01045160 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: __aullrem
                • String ID:
                • API String ID: 3758378126-0
                • Opcode ID: 3543f7cfa01b00a8c08cca8aef322bfa6a3ffd288e15e722567e9dace042a7c7
                • Instruction ID: facc3634cd6e50482e2d6b493194c12216fb9fc85b4b66078740c6a10221804d
                • Opcode Fuzzy Hash: 3543f7cfa01b00a8c08cca8aef322bfa6a3ffd288e15e722567e9dace042a7c7
                • Instruction Fuzzy Hash: 564191B2F001199BDF18DFACC8815AEF7F2FF49310B14867AE615E7290D634AD008B80
                Function 00FB8990 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 89126578703be047b7f7ac4e6f3ee1f26ef984a35ad04a86ba49d2de6fb720e4
                • Instruction ID: 7b073477cfde33aa40068dd11f203ed5f7e2c679f1af05f0ee4103b03926f1c1
                • Opcode Fuzzy Hash: 89126578703be047b7f7ac4e6f3ee1f26ef984a35ad04a86ba49d2de6fb720e4
                • Instruction Fuzzy Hash: 6FB12DB1B043286ADF289A26CC41BF93BAC5FC5794F144095EE869B281DF79CD42EF50
                Function 0106AEE0 Relevance: 1.6, Strings: 1, Instructions: 310COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 674a02586636d02613fd0efb80999926751181e8427e19676cbce3c67d0b0fae
                • Instruction ID: 7b8af280377c470aac98407a32a8c0c1079a00d66d9047300c4edca2010415a2
                • Opcode Fuzzy Hash: 674a02586636d02613fd0efb80999926751181e8427e19676cbce3c67d0b0fae
                • Instruction Fuzzy Hash: DDA113B1704318AAEB749A698C45BFE7FEC9F85710F0840D4BED5EB281DA75CA44CB60
                Function 0103C3F0 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 014c1a0b20e5f47cca7a2604dea590763e24481abf828e6b026b00482ea3e65b
                • Instruction ID: 8c0c9bddd3c08494cfae4c55d73edd27ab6feb9a9e94dd69af76542dbd4e83c1
                • Opcode Fuzzy Hash: 014c1a0b20e5f47cca7a2604dea590763e24481abf828e6b026b00482ea3e65b
                • Instruction Fuzzy Hash: C2914072A40219ABEB21DF98CD86FAE77B8AF49B10F104065F600FB1D1DB75A900DB54
                Function 01064764 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: ab075a3bcb8e59cccf03f21354e43e4d66fde039f7add16557c302ccfe1246c1
                • Instruction ID: e5d988c63be9e4779fb07fc77097ad0a4d84c63a654d8b9457810d4c62acee8b
                • Opcode Fuzzy Hash: ab075a3bcb8e59cccf03f21354e43e4d66fde039f7add16557c302ccfe1246c1
                • Instruction Fuzzy Hash: 4891BE32941549BADB22AFA4DD41FEFBBBDEF45740F100029F640E7251DB789901EBA0
                Function 00FEE190 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: 43f2f985623334f832b879ec50e0a6c03a9857f49970dd48e8be6fb890c67304
                • Instruction ID: cc33d27bdc20a1544f63428c7fe28d355e9ca1c2ef77adf51783f9286a3d705e
                • Opcode Fuzzy Hash: 43f2f985623334f832b879ec50e0a6c03a9857f49970dd48e8be6fb890c67304
                • Instruction Fuzzy Hash: 1A716D71E002599FCF28CF9AE8906EDBBB1BF58710F14412EE846E7294E7349841EB54
                Function 01064500 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                Download Yara Rule
                Strings
                • System Volume Information, xrefs: 0106450E
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: System Volume Information
                • API String ID: 0-764423717
                • Opcode ID: 01cd1f4f6e59c604b77453df9e32cae6d5158240cf5d827fdb8612ff0833f945
                • Instruction ID: 52cfd3d09a97c6bf43160b8aea0b09a0954efe551edee531c7753865feb425b2
                • Opcode Fuzzy Hash: 01cd1f4f6e59c604b77453df9e32cae6d5158240cf5d827fdb8612ff0833f945
                • Instruction Fuzzy Hash: F5618771108345AFD311EF54C881E6BB7EDEF98B50F00092DFA859B2A1E678DD44DBA2
                Function 00FE6405 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: d6ec2d76f19e8dda845e4743d875802e3b32f4f616965c8af80328db11298894
                • Instruction ID: fd5e9a5794af644435b0532b0d4f013ff538b310edc7d67026313befbfa87c9b
                • Opcode Fuzzy Hash: d6ec2d76f19e8dda845e4743d875802e3b32f4f616965c8af80328db11298894
                • Instruction Fuzzy Hash: 85618E72E0025DEFDF21DF99C844BAEBBB5EF84760F240169E911E7290DB749A01EB50
                Function 00FB86F0 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                Download Yara Rule
                Strings
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00FB87F4
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                • API String ID: 0-996340685
                • Opcode ID: a4449ff2f5c7d69b8cd9d21b63292576236f9c35aeb6d94f646a72161c9f73ee
                • Instruction ID: bf053cfd455f48e6f394952e07be1bc1adaeb12539aac2e3272c56a6a406e467
                • Opcode Fuzzy Hash: a4449ff2f5c7d69b8cd9d21b63292576236f9c35aeb6d94f646a72161c9f73ee
                • Instruction Fuzzy Hash: B3718A715087459FCB20DF65C880AE7B7E8EF89790F14492EE9D9C6240EB30E945DF62
                Function 0100C917 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                Download Yara Rule
                Strings
                • %04x:%04x @ %08d - %S - %S, xrefs: 0100CA94
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: %04x:%04x @ %08d - %S - %S
                • API String ID: 0-3895103025
                • Opcode ID: 7dbbb197489df797d1534efc35aa8e031e1a6a788c1bf1b866fd235f8118acfd
                • Instruction ID: 7c1e492c6c4f7ade5fbf83a5fa662705646c0714385325b33d227b3df35419fc
                • Opcode Fuzzy Hash: 7dbbb197489df797d1534efc35aa8e031e1a6a788c1bf1b866fd235f8118acfd
                • Instruction Fuzzy Hash: E26172B29001189BEB25CB24CD84FDAB7B9EF89700F0441E5E649A7291DA349E85CF58
                Function 00FE82B9 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: Flst
                • API String ID: 0-2374792617
                • Opcode ID: 8e9af3ffe6cd00fc20f48a300489b3fae2afdbbfcaff9da87fee79f591bfff40
                • Instruction ID: 3b05e940ee2126e71966eff2b6edf9e66ca799a884f8c7bbd4fc96d9346d84da
                • Opcode Fuzzy Hash: 8e9af3ffe6cd00fc20f48a300489b3fae2afdbbfcaff9da87fee79f591bfff40
                • Instruction Fuzzy Hash: 2841BBB16053418FC714DF19C580A2AFBE0FF89B90F2485AEE599CB251DB71D842DB92
                Function 00FBC909 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: Actx
                • API String ID: 0-89312691
                • Opcode ID: 1c0c62299e93e757ea1dbcf57365cd00dd21002141225d01ad2ce485744a40dc
                • Instruction ID: 997c91e57363a3c443ed8bbea7925ee891146027dfe3d648524e535bd0a76a03
                • Opcode Fuzzy Hash: 1c0c62299e93e757ea1dbcf57365cd00dd21002141225d01ad2ce485744a40dc
                • Instruction Fuzzy Hash: 6611C272B056028BF728492FC4547B77F95EB86370F244226E4A5CB794C671CC00BAC0
                Function 0103E936 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0103E96A
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: 614e2ebeaeb20298ee5586d58905e5c253d2500b50d9315f614383908165fea7
                • Instruction ID: cca043da7aa461f3158b0e5f584ba7fb43c03113610bd8eef69eb3ea724bbd81
                • Opcode Fuzzy Hash: 614e2ebeaeb20298ee5586d58905e5c253d2500b50d9315f614383908165fea7
                • Instruction Fuzzy Hash: 9F014E312106069BE6B07F96EC81E5B7BADFFC1750B04026EEAC2075D5CB25B845C7D1
                Function 0100E306 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: TLSHeap
                • API String ID: 0-1904230165
                • Opcode ID: 1f80b0ae219d81af8e475ca3f79ff020d659c6bb7e18c3bc15ef35ef46ac4b01
                • Instruction ID: f111e0c5978d80eec45bafa3b26c78ecdf45aaa96cb84805474c7dcbc0bd1497
                • Opcode Fuzzy Hash: 1f80b0ae219d81af8e475ca3f79ff020d659c6bb7e18c3bc15ef35ef46ac4b01
                • Instruction Fuzzy Hash: E001DB70A05618EBEB32DF69C809B7E7BF4BB04700F41455AA4D1E7281D778E900CB91
                Function 01012B0E Relevance: 1.0, Instructions: 958COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9d6538081073dc3499068bba4f610ad7cb5e8686024e58ce7c86017c90fc64c0
                • Instruction ID: 51584dac79c3a536b1eb0fa317df3ba4a84c3421285da6137c5f03a750827466
                • Opcode Fuzzy Hash: 9d6538081073dc3499068bba4f610ad7cb5e8686024e58ce7c86017c90fc64c0
                • Instruction Fuzzy Hash: 37727431B002694BCB658E2CDC916DCBBF1FB89720F1481E9D689DB345CA749D85CF94
                Function 00FF2F85 Relevance: .9, Instructions: 918COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 64bdf2c018da5ab0da3e7d8b7c7942640f629a30af587943ed053e12c3a5ae57
                • Instruction ID: 411ada39ee18d8b39de5e35364799d09c6ba3c1910a5481c97474b1ff38751a8
                • Opcode Fuzzy Hash: 64bdf2c018da5ab0da3e7d8b7c7942640f629a30af587943ed053e12c3a5ae57
                • Instruction Fuzzy Hash: 98725176F103188FCF58CFADDC916DDB3F2AB88314B198529E816EB345DA34AC558B84
                Function 00FF93D4 Relevance: .8, Instructions: 785COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bf0f01437ec9d30a88c0a7e5fc889601c082d44b96efa6c2140f2b39ff85abd8
                • Instruction ID: 1cd736b5141bd3123bb085f2429a1df584a11448684e6287feaae3aba0a6d6ff
                • Opcode Fuzzy Hash: bf0f01437ec9d30a88c0a7e5fc889601c082d44b96efa6c2140f2b39ff85abd8
                • Instruction Fuzzy Hash: 32628032C0C64E9FCF25CF08D4906BEBB62BE91314B59C55CC99A27624D3B1BA54EBD0
                Function 01015B42 Relevance: .8, Instructions: 772COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ac4659dd292133da0d2752636e21cd65dffbf344a79c868f7978b3dfd3439f9
                • Instruction ID: 46c4eae3f79b36016c68107c058ce84292b999109756350eae8a763a23c138cd
                • Opcode Fuzzy Hash: 4ac4659dd292133da0d2752636e21cd65dffbf344a79c868f7978b3dfd3439f9
                • Instruction Fuzzy Hash: A7529E71E00215CFCF19CFA8C8815AEBBF2FF84310B1984AAD985AF259D775E941CB91
                Function 010584D0 Relevance: .8, Instructions: 755COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b7d779dfd9155afc71b3d5371e38ba0d46ed6018ab0be8187029c0f83109391
                • Instruction ID: 9827bdc6b4463220875caffce4cfb8211d9b8ba304a08c8d6404a4fcfe3947c3
                • Opcode Fuzzy Hash: 0b7d779dfd9155afc71b3d5371e38ba0d46ed6018ab0be8187029c0f83109391
                • Instruction Fuzzy Hash: 2742C2716083019BE795DF1AC881A6BBBE5BF88700F08896EFEC697250D735D805CB92
                Function 01014333 Relevance: .7, Instructions: 739COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50dea3d07807784a825cd24fa7cccf53ec5b3da9fcae2708bb2cf084e016250d
                • Instruction ID: d521557cef21b7c216731256bf32a77955650cac8c094e7987e478761e314b99
                • Opcode Fuzzy Hash: 50dea3d07807784a825cd24fa7cccf53ec5b3da9fcae2708bb2cf084e016250d
                • Instruction Fuzzy Hash: F8525D71A00215CFCF08CF69C8905ADB7F2FF88310B1985AAD956EB369E738D941CB95
                Function 01010367 Relevance: .7, Instructions: 709COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 626f6b1979e7a1a3f1f7822025f2df36a666a24ac016f770bb0e2ba2303feaf4
                • Instruction ID: f4088c00acb9c501cc22ef04562fd34aba1588f8a2efc2f89777b1fd6ecb0c4b
                • Opcode Fuzzy Hash: 626f6b1979e7a1a3f1f7822025f2df36a666a24ac016f770bb0e2ba2303feaf4
                • Instruction Fuzzy Hash: A142A571A002169FDB15CF59C490AAEF7F2FF88314B14855DE5D2AB349DB38E881CB90
                Function 0100A360 Relevance: .7, Instructions: 652COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                Function 0104E41D Relevance: .6, Instructions: 644COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2110573b773ed2a7e00c9ee8cab20cb400c9aa0e7eea0e5e1bca40c22c8e7a84
                • Instruction ID: f489649aeb3c9a4a9d15e45c100b1e14202ca06528ca4abb9870aa57b7ca380b
                • Opcode Fuzzy Hash: 2110573b773ed2a7e00c9ee8cab20cb400c9aa0e7eea0e5e1bca40c22c8e7a84
                • Instruction Fuzzy Hash: A64265B5E002158FEB65CF58C881BADB7F5BF45310F1481A9E989EB241D738AD84CF50
                Function 00FDC180 Relevance: .6, Instructions: 602COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62930a0d7ccc15ced828664d2e11c61be2769382b99c516577cfa64c8926b34b
                • Instruction ID: 9addc3bad6bf7d8370ebdbdf8c72ac0baf85b76ac545d69efc25c3e5b68037da
                • Opcode Fuzzy Hash: 62930a0d7ccc15ced828664d2e11c61be2769382b99c516577cfa64c8926b34b
                • Instruction Fuzzy Hash: 8522B131E007568BDB24DF69C894BBAB7E7AF45314F18412BE8869B780D735AC41FB90
                Function 010604EE Relevance: .6, Instructions: 596COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 27316ceb335c1fa0a3435baa138b434608e3a8a81a05581f43e8bbe95d96f221
                • Instruction ID: 066e2942cfed8bed0164cd9b0b1ebab3861a481ee86f9efe8f9f9d4db632ee73
                • Opcode Fuzzy Hash: 27316ceb335c1fa0a3435baa138b434608e3a8a81a05581f43e8bbe95d96f221
                • Instruction Fuzzy Hash: 1F32C0706807518FE765CF28C05077ABBE5FF45344F18899AF5C68B28AD374E992CB60
                Function 01078509 Relevance: .6, Instructions: 584COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2921c02a16d3e65ef57a4d35f235596e7faf232669d95dfeb2f318517fbf2df
                • Instruction ID: 0596d5e6a1e53bda1c042cc5e208e45f586187a5117f4876a81c343c353281bf
                • Opcode Fuzzy Hash: a2921c02a16d3e65ef57a4d35f235596e7faf232669d95dfeb2f318517fbf2df
                • Instruction Fuzzy Hash: 8622B271E002168FDB59CF58C8846BEB7F2FF88314B2485AED5929B345DB34E942CB94
                Function 00FE0AC0 Relevance: .6, Instructions: 563COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3f9a3834c7160e325d23db7550491fa0ddf082d3a84d2d2377bb9f3291d5f962
                • Instruction ID: 49c60c27447e99c6141533a41cde9f87c3983228629b6ebcc5eb98290749a664
                • Opcode Fuzzy Hash: 3f9a3834c7160e325d23db7550491fa0ddf082d3a84d2d2377bb9f3291d5f962
                • Instruction Fuzzy Hash: E822A271E002599FCF24DFA9C894BEEBBB2FF98314F280129E845A7351DB759841DB90
                Function 00FEE560 Relevance: .6, Instructions: 560COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5bedb2408d0c39b2917d0240608dc29abf584b8c68ccd4c070c0af79269e987
                • Instruction ID: fd27d152ead84cf9e605b61fcf534f7105bd658a0170553171a565a8364a3e4c
                • Opcode Fuzzy Hash: f5bedb2408d0c39b2917d0240608dc29abf584b8c68ccd4c070c0af79269e987
                • Instruction Fuzzy Hash: 5722C271A00219EFDF14DFA8C880BEEBBB5FF44310F144169E955EB281EB74AA41DB94
                Function 01078BC3 Relevance: .6, Instructions: 557COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: feff9e355300627d00c7602cb5d35ce3087d9424ee455c8c0afd8f371e6fd039
                • Instruction ID: be951bfbbca2f5bd9da2d04b03aa903bcfb5b91ac4a7aadfd46c290fc3283ab8
                • Opcode Fuzzy Hash: feff9e355300627d00c7602cb5d35ce3087d9424ee455c8c0afd8f371e6fd039
                • Instruction Fuzzy Hash: 6422C471A047128FD759CF18C894A6AB7E2FF88324F1489AEE5D6CB381D730E845CB95
                Function 0107B258 Relevance: .5, Instructions: 480COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 88338a96d1ecac0508ed78ec9a8042a73fbf1c2df45869b6097e7dc6e28affa5
                • Instruction ID: ba3d376677e2a09e360a77bf87950754889ace3cdf19f66edfac794846d6317e
                • Opcode Fuzzy Hash: 88338a96d1ecac0508ed78ec9a8042a73fbf1c2df45869b6097e7dc6e28affa5
                • Instruction Fuzzy Hash: 36124D71E0025ACFCB15CF98C480AEDFBB2FF89314F288569D595AB355E730A942CB54
                Function 00FA9500 Relevance: .5, Instructions: 451COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db385b9c3e065aa03506c00d160a7c02178ca19d7808d0a88328a2fd27bb9bcc
                • Instruction ID: 92edaa5b4fb4b7d56378873642fcd96e92335f3d7bfbd1bbe68507242d04dd9b
                • Opcode Fuzzy Hash: db385b9c3e065aa03506c00d160a7c02178ca19d7808d0a88328a2fd27bb9bcc
                • Instruction Fuzzy Hash: CCF1D0B16083129FE715CF28C480A6BBBE5EF89314F04892DF8859B291DB34DD45DBA2
                Function 00FCBA90 Relevance: .4, Instructions: 447COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0aaac8135c75464d6cf57e3c8562cb8f69212f933738bd15a49dc7cc1ecee4f5
                • Instruction ID: 2c04584834ceb2b2fcc6f464eced9b3385222f324840c3d2bd5909f6135d79f8
                • Opcode Fuzzy Hash: 0aaac8135c75464d6cf57e3c8562cb8f69212f933738bd15a49dc7cc1ecee4f5
                • Instruction Fuzzy Hash: 05027C75A083528FC724CF19C692B2AB7E1FF98714F14891EF98A8B250E735DC41EB52
                Function 01093010 Relevance: .4, Instructions: 441COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3f776637e4bc3e50dc108c0400df4bf93f9539daba6c72c065e1c86de0bd825e
                • Instruction ID: 83f2684c15ed096d2758d69ce56d38bd8ae655df100e14c0d96f081479a1cc16
                • Opcode Fuzzy Hash: 3f776637e4bc3e50dc108c0400df4bf93f9539daba6c72c065e1c86de0bd825e
                • Instruction Fuzzy Hash: 50F1D472E001159BCF19CFB8C8A167DBBF6FB8821071981AAD496EF391D634EA41DF50
                Function 010698D0 Relevance: .4, Instructions: 439COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5d4e0d2b9bfd6705f625ba08b828e17ac2778e38716154807b7a56b18697fd5c
                • Instruction ID: 80551a85186c08430fe5bd87c8493dfac3d1e567062e58b3c8b5fe1f7e8b5507
                • Opcode Fuzzy Hash: 5d4e0d2b9bfd6705f625ba08b828e17ac2778e38716154807b7a56b18697fd5c
                • Instruction Fuzzy Hash: A3F11531D0029A9FDB20CFACC5906FEBBF5EF45318F44845AD4C6EB681E275A946CB50
                Function 00FC0370 Relevance: .4, Instructions: 417COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96db06ee65915b620de8cbf16f2b1088c147c70aa920306a80d99d3dc3989d1e
                • Instruction ID: d2eba2513a2c203c88cffdb91439aabe611d493fe0ca35f3656f1af2082cdc9b
                • Opcode Fuzzy Hash: 96db06ee65915b620de8cbf16f2b1088c147c70aa920306a80d99d3dc3989d1e
                • Instruction Fuzzy Hash: 3DF17E71E0025ADFDB14CF98C581BADB7B1FF48320F24416AE955AB292DB35AC42DF60
                Function 0109284D Relevance: .4, Instructions: 405COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2923878aa1d1c1f3e16ddc6893c96c1865c92bbf0947375cc892ffa14e87c8b3
                • Instruction ID: 2f1341f0250e9db66992b84f58418e61326e0b4031825c0e9fa4c6807276c9fb
                • Opcode Fuzzy Hash: 2923878aa1d1c1f3e16ddc6893c96c1865c92bbf0947375cc892ffa14e87c8b3
                • Instruction Fuzzy Hash: F7E11673E001166BCF18CEA8C8A15BDFFF5BF99210B194269D496EB381D734E941DB90
                Function 01014B1F Relevance: .4, Instructions: 398COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b7f95941836e49f4ea486ae8ba709f01827b153d80e284a27582a3065fde1ce3
                • Instruction ID: d0f6aa9c699d8f10745eced03cc46557445d8f0b768087d9c9322fa749564a54
                • Opcode Fuzzy Hash: b7f95941836e49f4ea486ae8ba709f01827b153d80e284a27582a3065fde1ce3
                • Instruction Fuzzy Hash: 5CE18F72E0021A8FCF05CF68C8905EDBBF2FF89310B19816AD995EB355D734A945CBA0
                Function 00FDA6F0 Relevance: .4, Instructions: 385COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 68187246c8c4749be9de75ae257186c10649b92a84d60e80274506cab19ae0e3
                • Instruction ID: 1c9b4a396701dda1b2f141d60ffef2b4f41c6ba60683b3d86a4b5d39d81793b9
                • Opcode Fuzzy Hash: 68187246c8c4749be9de75ae257186c10649b92a84d60e80274506cab19ae0e3
                • Instruction Fuzzy Hash: A8F18F70E0021ADFDB25DFA8C880BAEB7F5FF58300F2481A9D9559B246E735DA41CB90
                Function 00FC56B0 Relevance: .4, Instructions: 374COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41fc34a0413b342338d1d5b8563a9c6d00d4ade0284c4514e6bfe5398ebb989a
                • Instruction ID: acdc88ecd6b2f70d5cc08742928a5c0ecba97415315d2d06a742ae346c9b7488
                • Opcode Fuzzy Hash: 41fc34a0413b342338d1d5b8563a9c6d00d4ade0284c4514e6bfe5398ebb989a
                • Instruction Fuzzy Hash: 77F17E31E01B2A8FDB20CF54CA91FAAB7B1AB44B10F0441DDD949AB281DB75ADC4DF51
                Function 00FD19F0 Relevance: .4, Instructions: 365COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c3a19b31e581c870456c98303d5a3a8433b6845a8590ba3f7b77c7de82ee5645
                • Instruction ID: bddfb997ada8ae4a2441cc55e0731abc1b14d66f784e767a0a9bc37d651324ae
                • Opcode Fuzzy Hash: c3a19b31e581c870456c98303d5a3a8433b6845a8590ba3f7b77c7de82ee5645
                • Instruction Fuzzy Hash: 4FD17472E01219ABDB14CF98C9807EDB7B3FB84724F29426BE815AB341D7359D41EB90
                Function 00FE1300 Relevance: .4, Instructions: 351COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 59b06f03d4d06f354e72b51404e8fb52b01fb30801b06b88dca59cf7936ab7d5
                • Instruction ID: a5beffd9584b467c638b4b5c4d65ccec6e849a605387e5f5476a187a64ec2f99
                • Opcode Fuzzy Hash: 59b06f03d4d06f354e72b51404e8fb52b01fb30801b06b88dca59cf7936ab7d5
                • Instruction Fuzzy Hash: 73E1A075A00259CFDB18CF5AC880AADB7F1FF88310F688199E956EB391D734E941DB90
                Function 00FE2E60 Relevance: .3, Instructions: 349COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8fc8640347049ef481ea228778ea0fba5ff5a12a5c7147efb59ed23f5a83af2
                • Instruction ID: 1188b24bea42587cdbd909e6323f158a3d3ab0aad40f3577efc6d8be840120ba
                • Opcode Fuzzy Hash: f8fc8640347049ef481ea228778ea0fba5ff5a12a5c7147efb59ed23f5a83af2
                • Instruction Fuzzy Hash: 0FB15A33F105B487EF9C8A19C8A537D6667EFD5324F19C26AD9538F3D9D6388900A341
                Function 0108199F Relevance: .3, Instructions: 331COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 32e5276e110a07e2760a9ff7163b3d0434977c88351b69b7e275fd8bdfe3bd3e
                • Instruction ID: 22b2c36bbb8c7de923ef32797a36cc8e413d5ce2633755b487698048545c6849
                • Opcode Fuzzy Hash: 32e5276e110a07e2760a9ff7163b3d0434977c88351b69b7e275fd8bdfe3bd3e
                • Instruction Fuzzy Hash: 3FC191312087069FD765EF28C841B6AB7E6EF84314F048A6DF5E6C7290D778D906CB51
                Function 01013887 Relevance: .3, Instructions: 329COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fdf9085052f17dc08624c3933af9005e424b738cfe30fd28b32accb984728781
                • Instruction ID: 320a7970072983f653665edce646b01b05e5c74c601c1b2b9f571f7d4349ce4c
                • Opcode Fuzzy Hash: fdf9085052f17dc08624c3933af9005e424b738cfe30fd28b32accb984728781
                • Instruction Fuzzy Hash: BBD16F72E002268BCB14CF59C4815ADFBF1FF48324F2585AAD985EF349D7789981CB94
                Function 0103E259 Relevance: .3, Instructions: 320COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ee7286a3629de57f4131d70a83182f815931521e62350aed2b0902102307905
                • Instruction ID: e43d723cd1723b7cd437c79828d8c31ea68ce2e6cf8702b0b60d67d649d674bd
                • Opcode Fuzzy Hash: 1ee7286a3629de57f4131d70a83182f815931521e62350aed2b0902102307905
                • Instruction Fuzzy Hash: 0FB19371A00209AFDB64DF58C940EAEBBFEFFC5304F108569A98297791DB35E906CB50
                Function 00FF4A0D Relevance: .3, Instructions: 318COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2551061e8fa0eb3ddb972a11b4e7183a2f0ca0577e505c812db179e21fcc9f81
                • Instruction ID: 7c0dd449f122a243ba8d3a62e849eb7e63b6c611d898bd1c0e88a51f7e14a0cf
                • Opcode Fuzzy Hash: 2551061e8fa0eb3ddb972a11b4e7183a2f0ca0577e505c812db179e21fcc9f81
                • Instruction Fuzzy Hash: 1ED14A719012049FDB51DF68C980BA67BE9BF88300F1444BAEE49DF21AE735E945DBA0
                Function 010127EA Relevance: .3, Instructions: 308COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a26ee0d1ee42a9abaf769af07e42890919bba77ed9d1aa2b3c1631e250a04990
                • Instruction ID: 45bfb8796350e8da0981810629f0d47e16161f39ab6f3478a5bed20d18e0fafb
                • Opcode Fuzzy Hash: a26ee0d1ee42a9abaf769af07e42890919bba77ed9d1aa2b3c1631e250a04990
                • Instruction Fuzzy Hash: 21B15F72E0021A9FCB19CF6CC9915ADBBF2FF88210B29856AE995E7354D734AD01CF50
                Function 00FAC5BE Relevance: .3, Instructions: 287COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aa0ab8c6df1a37ae4b8d107ca65f4b7862fc197ced9de83487a86c6d858a10e1
                • Instruction ID: 9f5b511ac77dbfc4b32ecc08d65ccfa60d354ffd32132d1ab5cc641efac489ee
                • Opcode Fuzzy Hash: aa0ab8c6df1a37ae4b8d107ca65f4b7862fc197ced9de83487a86c6d858a10e1
                • Instruction Fuzzy Hash: 56A13F71A00659AFEB129F58CD46FBF7BB9AF45710F010054FA40AB2A1DB79DC10EBA0
                Function 0108C100 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d79074290f48ed65d2c50fb3dc543fe2ae9522820ea190724136da6441bebe2
                • Instruction ID: 78ec35e1e30a2e91f853b838483df8e78a75e86748b8b105a6f4106c5d95c99e
                • Opcode Fuzzy Hash: 3d79074290f48ed65d2c50fb3dc543fe2ae9522820ea190724136da6441bebe2
                • Instruction Fuzzy Hash: A8A1FD726086029FE721EF58CA81FAABBF5EB48300F54456CF5C997661C738E841DBA1
                Function 00FD705C Relevance: .3, Instructions: 277COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd17e40d8b0566264216d3acf498199e8dedce0ba289035bc1e357534b27db98
                • Instruction ID: 20571f5d11f88af831cf4709828ea514e50af70c88f80ec11a489f7fa80edc14
                • Opcode Fuzzy Hash: cd17e40d8b0566264216d3acf498199e8dedce0ba289035bc1e357534b27db98
                • Instruction Fuzzy Hash: C5A11571A047459FDB11DB68C881BBEBBFAEF44300F280195E992DB382EB75D901EB50
                Function 00FF418E Relevance: .3, Instructions: 269COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 9a1417603215fa2e53ec9448b320b9ee56d463c8a41533b14fb635b2ebf457c9
                • Instruction ID: 8bd2bb9b27060ae1840624280b04b0dce5a076c1d9deea553b9cd9e9537ddf8c
                • Opcode Fuzzy Hash: 9a1417603215fa2e53ec9448b320b9ee56d463c8a41533b14fb635b2ebf457c9
                • Instruction Fuzzy Hash: B6A1BF75A0061A9BDB24DF69C881BBBB7A5FF54324F184129EB45D73A1DB38BC01EB40
                Function 0103C0A0 Relevance: .3, Instructions: 263COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 531ae57ba737c530728acdbd27564e35974a5a539b8079882bf4e9599f91f1e1
                • Instruction ID: 1ff36747c5a9c7ef621ff7a96293aaa25d260371385b51c22471148ca6319de0
                • Opcode Fuzzy Hash: 531ae57ba737c530728acdbd27564e35974a5a539b8079882bf4e9599f91f1e1
                • Instruction Fuzzy Hash: 8291B471D00215AFEB15CF99CD85BAEBBB9AF89710F14406AE644FB240D734DE00ABA0
                Function 00FE8C30 Relevance: .3, Instructions: 262COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: faaef1e3f08dbb789bcdfa4851b9d34b1d366ba4b286e6100487f27555d7eea0
                • Instruction ID: 18af37a1e10eef795774ecc0e734ba65e790b863ed515e2422ac05b0b7fd0cbc
                • Opcode Fuzzy Hash: faaef1e3f08dbb789bcdfa4851b9d34b1d366ba4b286e6100487f27555d7eea0
                • Instruction Fuzzy Hash: A3913B32E042A98FDB219E6DC8C02ADBBA0EF62340F3445B6D986DB341C674DD47E791
                Function 01073548 Relevance: .3, Instructions: 262COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1fd669a9d05b553efb8e336f513ce017a8719f0441d04f8b27cd889bd62146b1
                • Instruction ID: bf2a89f788fcad51dc692db38ef719a0559fb0a75e06970ea8792c118392c732
                • Opcode Fuzzy Hash: 1fd669a9d05b553efb8e336f513ce017a8719f0441d04f8b27cd889bd62146b1
                • Instruction Fuzzy Hash: 01A19D75E0020E9BDF14DFA8D4919EEFBB5FF58300F144029E582AB341E734A946DBA8
                Function 00FBE055 Relevance: .3, Instructions: 260COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d26bacf46a4bfac0fb0684f0689b01ac1e7999aace5d0f55174b6f64fabbd646
                • Instruction ID: 5b724a1e134ebe807467dfb87a159a200d81885aa6270c2592df31173c5601b7
                • Opcode Fuzzy Hash: d26bacf46a4bfac0fb0684f0689b01ac1e7999aace5d0f55174b6f64fabbd646
                • Instruction Fuzzy Hash: 8891F731E00225AFEB31DB99CC48BEEBBB5BF04754F150265EA50AB2D1C7789D40DB91
                Function 01086FDA Relevance: .3, Instructions: 259COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d14a5832a927378c34eef55910ee0e39acd9b75cdf165a550c9b9cec49227d65
                • Instruction ID: e9eb8685103bd193bb22084315ec11157b00be4687851e86849d04c4f5461e17
                • Opcode Fuzzy Hash: d14a5832a927378c34eef55910ee0e39acd9b75cdf165a550c9b9cec49227d65
                • Instruction Fuzzy Hash: 08911931A086059BDB55DF6CC84077ABBE2EF84310F2885A8E9D5CB38AD775E901CB90
                Function 01086C1B Relevance: .3, Instructions: 258COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3fc507822f30cf3e0e226a159e78a3cface37f52d08f7b6f739bf7508c2bae56
                • Instruction ID: 58fbdd1ba2de36e0c59488c6a2750ac1e6ba83a8ab15777ec9c9abd4573826c8
                • Opcode Fuzzy Hash: 3fc507822f30cf3e0e226a159e78a3cface37f52d08f7b6f739bf7508c2bae56
                • Instruction Fuzzy Hash: 34A1D472A106158FDB18CF68C8916BEBBF1EF88310F1986A9D8D5DB386D735E441CB90
                Function 00FE83EC Relevance: .3, Instructions: 256COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e3c2e4820cdc1fe2f75a0fac49252ec9ce56804c8a8f914db144c632e903d3a2
                • Instruction ID: e3be752ef86953b7d82e132186868af4f347905325cc9cfaeb68b814d194fbac
                • Opcode Fuzzy Hash: e3c2e4820cdc1fe2f75a0fac49252ec9ce56804c8a8f914db144c632e903d3a2
                • Instruction Fuzzy Hash: 36B11575E002598FDB54CFA9C980AADBBF1FF48300F18846ED959AB352D731A942DB50
                Function 01002230 Relevance: .2, Instructions: 240COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c82ebb8f67976932b9cd1a481c456d1554a6078df36200107dd85026fac25e00
                • Instruction ID: a44d35c19c46c342ac657df27ca6a6907c12ef30a22cce3f3c146c03abc1d2cb
                • Opcode Fuzzy Hash: c82ebb8f67976932b9cd1a481c456d1554a6078df36200107dd85026fac25e00
                • Instruction Fuzzy Hash: 7C913A72510A028BF76ACE2DC889766BFE0FF45328F258A58D5EAC76E0C735E551CB00
                Function 0107475C Relevance: .2, Instructions: 236COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e4fc5ec6c60505f3cca492772d1b2ac5f6cc625dd17f353231434ba451e739c2
                • Instruction ID: 27bd3eac6a3715841c5a19d5f95dfb7c12650ff182802b5ca98756632e2367a6
                • Opcode Fuzzy Hash: e4fc5ec6c60505f3cca492772d1b2ac5f6cc625dd17f353231434ba451e739c2
                • Instruction Fuzzy Hash: 2891C074D002569FDB25CF59C480AAEFBF1FF49720F14819AE595EB282D3708882CF98
                Function 0101714A Relevance: .2, Instructions: 236COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e07f41b346816b5bd5cdf22349ca3cb49b1fbb6240cdd8089018df1292d7aa9
                • Instruction ID: cdc7a3cf501801724d663729e4a5bf3b1b99c31d76f866ed9e476ea11ee65567
                • Opcode Fuzzy Hash: 6e07f41b346816b5bd5cdf22349ca3cb49b1fbb6240cdd8089018df1292d7aa9
                • Instruction Fuzzy Hash: CF916E72E001158FCB58CF69C891AAEFBF5FF5C310B19856AE856EB341D638E941CB90
                Function 0107F5C2 Relevance: .2, Instructions: 236COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1cdb14bca666b2ade20f99692d78b869caebbf3989ceb546462c2bbbc4898013
                • Instruction ID: 79844f4d53cee8817185bd6339e5367a6406bd115ceec974c834da00b31c100b
                • Opcode Fuzzy Hash: 1cdb14bca666b2ade20f99692d78b869caebbf3989ceb546462c2bbbc4898013
                • Instruction Fuzzy Hash: 40816172E0011B8FCB58CFBCC8805BDB7F2BF88220B294269D5A5E7391E774A951CB54
                Function 00FD799E Relevance: .2, Instructions: 229COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 21e3e1d6448ced0696f94596564b699c7502716035e2b469bc7edd28c2a40594
                • Instruction ID: 9635f92e269d887433d3c88f226f55fc01c3abd884c68dd120bc4d37ed88900e
                • Opcode Fuzzy Hash: 21e3e1d6448ced0696f94596564b699c7502716035e2b469bc7edd28c2a40594
                • Instruction Fuzzy Hash: 2281F532A042569FCB14DE69C8909BEBBB3FF81350768815AE8559F345E734EE01EB90
                Function 0108219B Relevance: .2, Instructions: 224COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ccb52d750aecb7da1163907fe91ed1ad57b9d16193bdd3d3d14d5588fdbb4322
                • Instruction ID: b9ea8ff7e15fed12e3d621f019415cf04a1af7f9a52db9f50942b8c1d65dbc80
                • Opcode Fuzzy Hash: ccb52d750aecb7da1163907fe91ed1ad57b9d16193bdd3d3d14d5588fdbb4322
                • Instruction Fuzzy Hash: 08819231A0420A9FCF59EF98C590AAEB7F2FF88300F148169D995AB345DB74D902CB50
                Function 00FE28F0 Relevance: .2, Instructions: 216COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 07992d6ff624d9af035eeadab1bda059c779c8ced7b5c7ac64aa33d11dbb0d4f
                • Instruction ID: 7ced9d3d66f7a25d751c63c9d9b9fee82040966c4d488340bf7e07d9908f5e18
                • Opcode Fuzzy Hash: 07992d6ff624d9af035eeadab1bda059c779c8ced7b5c7ac64aa33d11dbb0d4f
                • Instruction Fuzzy Hash: 1F819072E0027A8BDF55CF68C9807EDBBF6FB84318F298169C856B7205D6359940DB90
                Function 010721BB Relevance: .2, Instructions: 215COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87935040c37bf9038c42da4d21236c07fb6dc1801c7b22c9b35e65d58a2be513
                • Instruction ID: 99cf03f6a40253594afec4c4bee47cd6bffca91db371e4dc613e26a3f4938a1b
                • Opcode Fuzzy Hash: 87935040c37bf9038c42da4d21236c07fb6dc1801c7b22c9b35e65d58a2be513
                • Instruction Fuzzy Hash: 52719631E0011A9BDB54DF59C491ABEB7FABF40740F18C0AAEDC1AB241D735D981DBA8
                Function 00FF6520 Relevance: .2, Instructions: 215COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 974b4d5ad8362f6c95a72adf9fe8e6bb0b3bd628cf942af9bd75b23a56bde579
                • Instruction ID: ad8e8e99b445d2600ec79869926629e3c80ae0795270b430dbc98cab8a45f6d8
                • Opcode Fuzzy Hash: 974b4d5ad8362f6c95a72adf9fe8e6bb0b3bd628cf942af9bd75b23a56bde579
                • Instruction Fuzzy Hash: 97710571A007488FDB11CF7988417BEBBF5AFC4314F18461DE696E72A1DB7899019B90
                Function 01016813 Relevance: .2, Instructions: 213COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b99d866e8d62836060248a8809fc500cf6298a6367245ea5d58d9abfd98b81c5
                • Instruction ID: 5127eb475b372bece27a5fa7a8af265497e48872f012b9923d235d711e226028
                • Opcode Fuzzy Hash: b99d866e8d62836060248a8809fc500cf6298a6367245ea5d58d9abfd98b81c5
                • Instruction Fuzzy Hash: B78150B1B0060AEFCB18CF6DC8809ADFBF6FF48310B248669D485D7648D775AA51CB94
                Function 00FE10F0 Relevance: .2, Instructions: 213COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be66e93723e7cce16ba7a3bb7ac2506d3b1580e3305e864cc2487e8a49024527
                • Instruction ID: dec8ac98fcda6bffa99670d6beb705eb88b806228b8389be0fbeb2b635027369
                • Opcode Fuzzy Hash: be66e93723e7cce16ba7a3bb7ac2506d3b1580e3305e864cc2487e8a49024527
                • Instruction Fuzzy Hash: F87127357042A09EE764CE2BCC8077673E6BB84714F24855DEAC6CB2C5D779E806EB60
                Function 00FF2227 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df65a9d002f60e9f40199bab46fd16d20630644798b95f11338ad4ad821d507a
                • Instruction ID: 4df1776173ce34f34d58930958984d0f24ae7a993c1f1244d2cefb8a751a3117
                • Opcode Fuzzy Hash: df65a9d002f60e9f40199bab46fd16d20630644798b95f11338ad4ad821d507a
                • Instruction Fuzzy Hash: 5D81A171A00609AFDB51CFA8C880FEEB7FAFF48354F144429E696A7260DB74AC45DB50
                Function 0107EDD5 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb9f719cd2382b07746779e3c5d06faad794db15103217923203744e343e0535
                • Instruction ID: 3a9ebf2d03f41898f3ae35f92fb2c4d8088cea3d1f097a7838e511b70bc85979
                • Opcode Fuzzy Hash: fb9f719cd2382b07746779e3c5d06faad794db15103217923203744e343e0535
                • Instruction Fuzzy Hash: 1D719275E002199FCF54DF69C880ABEBBF2EF88300B0481A9E995E7345DB34D945CB64
                Function 010751E5 Relevance: .2, Instructions: 204COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10324540998592aa4a498e56ddf0a82fd7664ffa0e5d7f6631bcb2efc78bf1b7
                • Instruction ID: cbc96106e599743a02338acd43a5b8710168fb799a7a45f38b1f7ff6115496cd
                • Opcode Fuzzy Hash: 10324540998592aa4a498e56ddf0a82fd7664ffa0e5d7f6631bcb2efc78bf1b7
                • Instruction Fuzzy Hash: 7071F872E002119BDB18CF68C8917ADBBF1EF89310F1981A9E996DF385D735D902CB94
                Function 0106C4F3 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e3ef4e85f07f5dc9210cba412914b8228423f9235c877e4bb5adc104e3e1eba3
                • Instruction ID: d3195b9f8e067fa996f4af2594e6e42940dbedb4b47115528d7c84b2c1aec24b
                • Opcode Fuzzy Hash: e3ef4e85f07f5dc9210cba412914b8228423f9235c877e4bb5adc104e3e1eba3
                • Instruction Fuzzy Hash: CA61F471A0021A9BFB218E6CCA40BEE77FDEF48754F044169E9D1E7291D738ED418BA1
                Function 00FF09A7 Relevance: .2, Instructions: 200COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50a753b2b165d479c19197360bb4f4a06072647c725694f31fd5eb0c18452207
                • Instruction ID: a57a4b82cfcdd374f19fb175c0e2d5889c7eebd2ee494c02411b87fe52ce380c
                • Opcode Fuzzy Hash: 50a753b2b165d479c19197360bb4f4a06072647c725694f31fd5eb0c18452207
                • Instruction Fuzzy Hash: 27619071E0024A9FDB18DF68C882BBEB7B5FF48324F154169E615EB2A2DB349D01DB50
                Function 0104C710 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 83a942647b86d6ba9a5d4a312374053135ddea5ecea51493f1f915772b4f0777
                • Instruction ID: d73223f8a96572f6b56e5315e9d7b79b1de6812dc9014c3b3554ff99155bc1fd
                • Opcode Fuzzy Hash: 83a942647b86d6ba9a5d4a312374053135ddea5ecea51493f1f915772b4f0777
                • Instruction Fuzzy Hash: 767111B6201701AFF722CF18CA85F6ABBE5EF44720F14483CE686972A1DB75E844DB40
                Function 00FC08C0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f7b3ae85a450427bcb6dfdef0b4393ab16b9154d0270101271d22255c0866a30
                • Instruction ID: 2993a1b8ce85041b1023e7f39e998e3b845bd95691a52426233ebe8db0eea323
                • Opcode Fuzzy Hash: f7b3ae85a450427bcb6dfdef0b4393ab16b9154d0270101271d22255c0866a30
                • Instruction Fuzzy Hash: B4816B36605702CFCB65CF58C680F2AB7E5BB88310F24886DE9858B756CB35EC46DB91
                Function 01078148 Relevance: .2, Instructions: 190COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9779803b2019b284f70ae16c0d9a9c1326911b5aaf37efe3026484b3666029bc
                • Instruction ID: 05c415b7fc96cca3ddaaa0c88a9bf763089a49e0f8d86c2a1e675a58a666f92f
                • Opcode Fuzzy Hash: 9779803b2019b284f70ae16c0d9a9c1326911b5aaf37efe3026484b3666029bc
                • Instruction Fuzzy Hash: 00815D75A00245CFCB09CF68C484AAEBBF1FF58310F1581AAD859AB355D734EA41CBA4
                Function 0100C5A0 Relevance: .2, Instructions: 190COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de2a2282e06c0496dd1f8fedfcf03ffc2b415fac3b133e366b262986d748c7a9
                • Instruction ID: f0f5fb054be5a0e140119092e969e6083005eb551ec86af9e72ae2bd338e4d5b
                • Opcode Fuzzy Hash: de2a2282e06c0496dd1f8fedfcf03ffc2b415fac3b133e366b262986d748c7a9
                • Instruction Fuzzy Hash: D791ACB19193958FE370CF19C581B9ABBE8BB89700F008A6EE5C9C7250E7B09544CF92
                Function 010875A1 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c77380e4e3cc9bbb54a89f971801277ec669b002c192e522abe166aafe4f4261
                • Instruction ID: 8ae09593ae8014c4211e3013eefa39993984ac7b1526b494674eb7ed16a98490
                • Opcode Fuzzy Hash: c77380e4e3cc9bbb54a89f971801277ec669b002c192e522abe166aafe4f4261
                • Instruction Fuzzy Hash: 5961E071E0421A9FCB14EF68C8859AEFBF5FF48310B248669D895EB285D731AD11CB90
                Function 01084506 Relevance: .2, Instructions: 180COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e948073867338cafa09cbe2cd5c2c0351e0b27917a1ab115d38347d44014580
                • Instruction ID: e857a4a3db0c2927e6356dcc349e376d775088b73f5b58346d17d3d1c8b08694
                • Opcode Fuzzy Hash: 4e948073867338cafa09cbe2cd5c2c0351e0b27917a1ab115d38347d44014580
                • Instruction Fuzzy Hash: E651583260C6438BDB55EE2C88907AEBBD6AFD4210F0985ADE9D5CB347DB30D905C7A1
                Function 0105A490 Relevance: .2, Instructions: 172COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e48240d9b98955029075b627c669d8cb19c2b4f86b904e22c59ebfa692d4a36f
                • Instruction ID: 5caddedc57a2c059f2aaad84b7a883d5ede4a28881b198b57d28c99f460a3290
                • Opcode Fuzzy Hash: e48240d9b98955029075b627c669d8cb19c2b4f86b904e22c59ebfa692d4a36f
                • Instruction Fuzzy Hash: 57518F717083029FDB94DF2CC841A6BB7E5EBC8314F158A6EF996C7250EB34D9058B92
                Function 010807BD Relevance: .2, Instructions: 172COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e255f7c086f2be8beaea38d9d1bc54d2fe08eebb8cc410e58658dae13dbab14f
                • Instruction ID: 2c67b444c5ee08f6a119e1c9e755e95f8e8ea47d3460f8c665294f45914846e3
                • Opcode Fuzzy Hash: e255f7c086f2be8beaea38d9d1bc54d2fe08eebb8cc410e58658dae13dbab14f
                • Instruction Fuzzy Hash: DC610531618742CBE311EF28C844BAABBE0BF90704F1804ACF9D58B295DB75E949CBC1
                Function 00FAA049 Relevance: .2, Instructions: 171COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd82234dd6c3d83dc468327e12a8d236a055a541aa78eb4c6ba8e32aac830ff5
                • Instruction ID: 8c62174042e30feccefd0cd7d633e9f49a281e011d66a88d2a29c4fc9d490874
                • Opcode Fuzzy Hash: fd82234dd6c3d83dc468327e12a8d236a055a541aa78eb4c6ba8e32aac830ff5
                • Instruction Fuzzy Hash: 084122B2600701ABDB299F29DD42B27BBA5EF45720F10847DF599DB251D738AC01EFA0
                Function 01056210 Relevance: .2, Instructions: 168COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50b8348c9053b75e9e875a7885b94bd3c831726d906fc065650d13358e9191cc
                • Instruction ID: 9965c9285523121488c43eb9c0bce413575a58161d1336307af1e6ab1f18fa92
                • Opcode Fuzzy Hash: 50b8348c9053b75e9e875a7885b94bd3c831726d906fc065650d13358e9191cc
                • Instruction Fuzzy Hash: A2510531A001A04FCF5A8F6A84905FDBFF1DE8121675D80EAE9D6D7283C6369589EB30
                Function 0105E950 Relevance: .2, Instructions: 162COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d410b691bfa8f92a148a9545b43071f454317e688321c48cad17faebe730a71
                • Instruction ID: f68942610102b2c9780b30681fc818e09341e34068fdf26a65274564b80f553e
                • Opcode Fuzzy Hash: 7d410b691bfa8f92a148a9545b43071f454317e688321c48cad17faebe730a71
                • Instruction Fuzzy Hash: B351F1709007059FD761CF69C884AABFBF9BF84710F10461EE9D2976A1C7B0BA45CB50
                Function 00FA6581 Relevance: .2, Instructions: 160COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 23c3b69735c1b410dfedc4a903101bf75e135be3ecf2af4806e5be7666b68d04
                • Instruction ID: b5b5bb092bf3a90475066bcff74fac792967625e04baededa1b23320fde0009d
                • Opcode Fuzzy Hash: 23c3b69735c1b410dfedc4a903101bf75e135be3ecf2af4806e5be7666b68d04
                • Instruction Fuzzy Hash: D651BF71604342AFD722AF24CD42B2BBBE4EF44710F18082DF5D587252E739E844EB91
                Function 0105A680 Relevance: .2, Instructions: 160COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc1ba43f655f7794368260f95785ff8bde95e5238fdb1c87fe9a455875b9209c
                • Instruction ID: 1c97032780c578daf4e83b487cba8d6dc9437e58d3b6536806cc9bf93140ea4c
                • Opcode Fuzzy Hash: cc1ba43f655f7794368260f95785ff8bde95e5238fdb1c87fe9a455875b9209c
                • Instruction Fuzzy Hash: E45124716083419FD790DF28C980A6BBBE5FF88704F144A2EF9D9D7250EB30D9068B92
                Function 0107F13D Relevance: .2, Instructions: 160COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f4d8ce3311861de975908d9b7020b9b15e971f27a18cb4247b52ea238cea38fd
                • Instruction ID: dd747298f444f97f58a10474ed3e6d0e8bbb3ef041d66bfc35d44d66b56b7ce9
                • Opcode Fuzzy Hash: f4d8ce3311861de975908d9b7020b9b15e971f27a18cb4247b52ea238cea38fd
                • Instruction Fuzzy Hash: C751A175A1014B8BCB08CFACC4816AEBBF2FF98310F15816AD955D7355EB34D616CB84
                Function 00FF23EF Relevance: .2, Instructions: 157COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 748d1f7e0f8d29b81c78c10d0a78fb28974fb17bd970c59d038326a49bc71495
                • Instruction ID: 6f52c3013d8f860566ff623594d67b8a653ba8d8908e61fbbd2c81dd622ba9e0
                • Opcode Fuzzy Hash: 748d1f7e0f8d29b81c78c10d0a78fb28974fb17bd970c59d038326a49bc71495
                • Instruction Fuzzy Hash: 5D518D72600A09EFCB61EF64CA81F6AB7B9FF04740F500469E68297662D778E905EB50
                Function 01034230 Relevance: .2, Instructions: 157COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6e4a97b968a367cc8cdef10dbfd1c246d57af88a8836a56c51b3ef092e4acb7
                • Instruction ID: 2fa82cc9de3a11eed42e97fe31710f334acdc4a771475929fd8afaf2e3f24d92
                • Opcode Fuzzy Hash: a6e4a97b968a367cc8cdef10dbfd1c246d57af88a8836a56c51b3ef092e4acb7
                • Instruction Fuzzy Hash: 8E510274600216DBDB14DFA9C480ABDBBFDFF81700B1481A9E981DF681EB74D990CB90
                Function 01034000 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 380c494615fa7f943942649350ebc811d673cf1a9ecf5c0daf7dc9b3a2207b8c
                • Instruction ID: e39e25527ba9d9ac1e97478c726f5a01432d49ba15edb4fb4a73fb5efc4fda1f
                • Opcode Fuzzy Hash: 380c494615fa7f943942649350ebc811d673cf1a9ecf5c0daf7dc9b3a2207b8c
                • Instruction Fuzzy Hash: FE41E5726047169BCB219F69CD42ABB7BEDEF94744F000469FEC0CB251E639C805E7A1
                Function 00FF0570 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fffbbcd75db3fc1fef7f67353af51fcb172ce840d00463cb6b668033541dfa5e
                • Instruction ID: f062bf227d9a29071e0a5c6932029353729886a34a1c54efe832ea2e4fc454c2
                • Opcode Fuzzy Hash: fffbbcd75db3fc1fef7f67353af51fcb172ce840d00463cb6b668033541dfa5e
                • Instruction Fuzzy Hash: F051B336A0020F8ADB24EE19C940B797795AF80371F2845AAEA05CA173DE31E880FF51
                Function 00FEEA40 Relevance: .2, Instructions: 155COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1fe995e4842213adc793ea5c400241bfaf6a5dece9784c22f1e30f16b644d9e
                • Instruction ID: a2ce219ba61f1c15958822d1c9f7297a6d9f8e481691581effc6ae08092b2cef
                • Opcode Fuzzy Hash: a1fe995e4842213adc793ea5c400241bfaf6a5dece9784c22f1e30f16b644d9e
                • Instruction Fuzzy Hash: A65101B15042659FD730EF64CD81F6A37A8EF80764F040A2EF595872D2EB39E800DBA5
                Function 01044B50 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1491dd0757acf2dde68890cb6cb83564b7d00f315ec40be43be9c130865619fa
                • Instruction ID: f7f9c953d0c27c730a8bcbfa748a17cc93cef33fd98912f42329292106256fae
                • Opcode Fuzzy Hash: 1491dd0757acf2dde68890cb6cb83564b7d00f315ec40be43be9c130865619fa
                • Instruction Fuzzy Hash: 5D51F4B190020DABEF619F94CDC5BAEBBF9AF00324F194275E690E7290D7349E40DB94
                Function 00FB82B6 Relevance: .2, Instructions: 153COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a675649f0692467bc796a9d80514c3bd3b258294e9e4b8481408cc6d9ed5355
                • Instruction ID: 4ba3edd1b7e151af9585e4c0e5f802268bed783959ee5bd8dc19e0dc04094d87
                • Opcode Fuzzy Hash: 3a675649f0692467bc796a9d80514c3bd3b258294e9e4b8481408cc6d9ed5355
                • Instruction Fuzzy Hash: EE519E716083419FC300DF19C885AAABBE9FFC8354F14492DF9A9C7282DB34D906DB92
                Function 010848F8 Relevance: .2, Instructions: 153COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e5a5f567a5894f13847576c9523cb0a617c5748a817925f7ce9de60b7f9f74a2
                • Instruction ID: ae8f1e240bd369be49d085b5ac59d0ae90eca038f6ea154db32570bb5abdf2a5
                • Opcode Fuzzy Hash: e5a5f567a5894f13847576c9523cb0a617c5748a817925f7ce9de60b7f9f74a2
                • Instruction Fuzzy Hash: 3E5167726083429FD710DF68C880B6ABBE9FBC8254F04892DF9D5CB241D734E905CB96
                Function 00FE08B0 Relevance: .2, Instructions: 151COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 620f522c41e748b0fa340b10e725ffe03fdf3df7b0eb5f0f0d9d6ea3a35bd456
                • Instruction ID: fe02f4c76b5f949b688344a734541866ccd2dce792e0fd5850d7e9137ac71479
                • Opcode Fuzzy Hash: 620f522c41e748b0fa340b10e725ffe03fdf3df7b0eb5f0f0d9d6ea3a35bd456
                • Instruction Fuzzy Hash: A8413532B00365ABEB219E9ACC52F6E77B1AF44764F144428F5459B343DAB8CC80EB94
                Function 0107E8F1 Relevance: .2, Instructions: 150COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1103298541110f481d4209586ea69c34d6651a71f7d1c0958805ed3050a1272e
                • Instruction ID: 6eb7bba07a6be7553e46660e73bb96d34743f59b2a6cf96421f1ee1201782ec9
                • Opcode Fuzzy Hash: 1103298541110f481d4209586ea69c34d6651a71f7d1c0958805ed3050a1272e
                • Instruction Fuzzy Hash: 9D51E532E0021AABDF55DF68C8806BEBBF5FF48344F1441A9D995E7241DB34AD11CB84
                Function 00FBCA53 Relevance: .1, Instructions: 149COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3e659f632d185fd670e8c7814df0ba0605ad42650456021f1239660d266f4100
                • Instruction ID: 39d63589ec8ac350054c247a913ee06b33cdbd02f03759ea73006a6ef3b3396f
                • Opcode Fuzzy Hash: 3e659f632d185fd670e8c7814df0ba0605ad42650456021f1239660d266f4100
                • Instruction Fuzzy Hash: 38519C72A04215DFEB21DFAACC81BEFB7B4BF44354F248019E941E7251D7789840AF90
                Function 00FF61B5 Relevance: .1, Instructions: 144COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 593c9e9461f71315c167d4aa311b157727517bf0edebf883a73715052463e8fd
                • Instruction ID: 8125e9496cfb86906adf6ec7a3ea332e048f3bc4b2dee489bb12aedc8585a130
                • Opcode Fuzzy Hash: 593c9e9461f71315c167d4aa311b157727517bf0edebf883a73715052463e8fd
                • Instruction Fuzzy Hash: 0A418271A01208AFDB21DF54C941FAABBB8EF44754F10846AFA45E7250DB74AE01EB90
                Function 00FBA8A6 Relevance: .1, Instructions: 144COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c774b81dc7da430390106851ccde35ad7e613c67701efeac02b908f44c2208af
                • Instruction ID: 94b5c46d52641e006b0b452d79a3283d14d3022757ac6d7195c99da9f6a4390e
                • Opcode Fuzzy Hash: c774b81dc7da430390106851ccde35ad7e613c67701efeac02b908f44c2208af
                • Instruction Fuzzy Hash: 9E51AC71A00616DFCB20DFAAC480BAEBBF1BF18310F21855AD595E7345DB34A940EFA1
                Function 00FF2908 Relevance: .1, Instructions: 143COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2391787063ec51b3d7caacbbf1bce93079b36868dc5e489ad218fe87df5e0537
                • Instruction ID: 1174d0680bcac8b295396c1520970790685cc898280716863c25344212d5c5a5
                • Opcode Fuzzy Hash: 2391787063ec51b3d7caacbbf1bce93079b36868dc5e489ad218fe87df5e0537
                • Instruction Fuzzy Hash: EB418572D0012BABCB619B98C941EBFB7BC9F08754F1501AAFA44E7211D678DE01A7E4
                Function 00FCC1A0 Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c3d2f488b02cd9200ead060c7b21ac0752dc2a7ad274cde0364c7c150beeffe
                • Instruction ID: 35829e5bee5d85ecdfb9c5524fba14775db246f145eb8e69a8e1725bf94166e5
                • Opcode Fuzzy Hash: 5c3d2f488b02cd9200ead060c7b21ac0752dc2a7ad274cde0364c7c150beeffe
                • Instruction Fuzzy Hash: D751B432A007929BD326CB9DDA46F667BD5EF80750F09816DFC588B291D778DC00D690
                Function 00FF68EA Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f37e1a7b99f57258e354914413412004348cfd945c7642002e6996717bbe121
                • Instruction ID: a0f4ea55eaa1a0dbea0fb896d93b5ba3f79202f76229c5012960fe8b368e02fb
                • Opcode Fuzzy Hash: 1f37e1a7b99f57258e354914413412004348cfd945c7642002e6996717bbe121
                • Instruction Fuzzy Hash: 84513776A00215CFDB51CF99C580AAEBBF5FF88710F2441A9D955EB391D730AE42CB90
                Function 00FA6320 Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 942b9c539ea19f2db0180b660663215edaac013e7e01731f433d990ebb063dc7
                • Instruction ID: 2120c9723937047bec599e4bd67d460fe76835c6fa59c5f0b39f55fe5834efa6
                • Opcode Fuzzy Hash: 942b9c539ea19f2db0180b660663215edaac013e7e01731f433d990ebb063dc7
                • Instruction Fuzzy Hash: 0841E572204302AAC711DF14CD42F6FB7A5AF89710F15482DFD858B291EB39DD06E7A6
                Function 010581DB Relevance: .1, Instructions: 135COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b24145b349f1a7a6056af63000643e5e835da4262997a225b06f6d7d62eb790
                • Instruction ID: 6fb9fd86ce08227c242b01031a301663f06c1702f76d3d1368a8e083bb3986ba
                • Opcode Fuzzy Hash: 7b24145b349f1a7a6056af63000643e5e835da4262997a225b06f6d7d62eb790
                • Instruction Fuzzy Hash: 4C412431A00505AFDB919E9AC844FBFBBA5EB44790F05C466EE85DB261EA34CD41C790
                Function 0108688C Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 86d939a83078e8995cc2c4bfd84b6cff76311c1e5dab336c2b738a2ecdc46ccf
                • Instruction ID: 47cd85aab2cee8d7ee63b39919c6e957b0fff0232e44be8ec6554bfe09ba0c10
                • Opcode Fuzzy Hash: 86d939a83078e8995cc2c4bfd84b6cff76311c1e5dab336c2b738a2ecdc46ccf
                • Instruction Fuzzy Hash: 0741BC302082419FD708DF29C461ABABBE1EFC4321F15C99DF4DA8B292C735D889CB91
                Function 00FC0AED Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 538f2622fade6962ca451c55162dd2bcc1fa489ba4f24553beefb96f1389c80b
                • Instruction ID: 559d2b2bc15196333a78173983c8efc71df4e2e83f5c9c2944a1b9a0c8f6e807
                • Opcode Fuzzy Hash: 538f2622fade6962ca451c55162dd2bcc1fa489ba4f24553beefb96f1389c80b
                • Instruction Fuzzy Hash: 51515D7190025ADBDB14DBA8C941FEEB7B4FF48320F14426AE550EB291DB749D42DBA0
                Function 01063BCC Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f4111077d4bb2f8f4f589cc1495d077ad6571148e54b9a71d39482fc99090834
                • Instruction ID: d392b2238798d1230d9e267bc3ff3d7d39f0945d6f7862b223a13b8d3bc5aebf
                • Opcode Fuzzy Hash: f4111077d4bb2f8f4f589cc1495d077ad6571148e54b9a71d39482fc99090834
                • Instruction Fuzzy Hash: EB412230A082999FCB14CF2AC4866BAFBF1FF49310F058499F5C58F24AD335A456DBA0
                Function 01072665 Relevance: .1, Instructions: 126COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 499b6037cb2ee391360edcd61025ec1a102f5dc42bea4a23a926faceb7396f28
                • Instruction ID: 93ac40d588f2c91efd78c07b698c7ec219be41e6d341629aed4d0a18c5a70d74
                • Opcode Fuzzy Hash: 499b6037cb2ee391360edcd61025ec1a102f5dc42bea4a23a926faceb7396f28
                • Instruction Fuzzy Hash: AC41CE75E04205ABDB21DF68CA40BAABBF8FB08750F41806AF985DB391D734DD80C7A4
                Function 00FE4020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9b1ec7fbd929122bd01d631655a880f38c29a81dfd0e78739cc226fe943dec9
                • Instruction ID: 33f423f0935e2e8cbf8d3d240d18a91481597f6039c720b0047dfb5d431cd862
                • Opcode Fuzzy Hash: f9b1ec7fbd929122bd01d631655a880f38c29a81dfd0e78739cc226fe943dec9
                • Instruction Fuzzy Hash: 47417C71A00649EFCB25CF99C980AAAB7F5FF58700F20856DE256D7690D730FA44EB90
                Function 00FE2C39 Relevance: .1, Instructions: 120COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6f63a65b1ea47e50ff08432392c22c39fb994b30a453814dcf815df5f4267f61
                • Instruction ID: 31a30fb447b732c81621ee42cfc01b4d30a665861372d802b878185a831bc2a5
                • Opcode Fuzzy Hash: 6f63a65b1ea47e50ff08432392c22c39fb994b30a453814dcf815df5f4267f61
                • Instruction Fuzzy Hash: B741C732B042149BE70DCF6DDC916A9B7F7EFC8300F08C06AE909DB2A5EAB54D119754
                Function 010873F5 Relevance: .1, Instructions: 120COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 59b53c1d32e3e139eb19893fdafcce58db6aa0ed679a46dfd12563fd22e3a13e
                • Instruction ID: b7545641453d603fa8d14fdf20001237a38f918f80e47c767685c9051e17c33c
                • Opcode Fuzzy Hash: 59b53c1d32e3e139eb19893fdafcce58db6aa0ed679a46dfd12563fd22e3a13e
                • Instruction Fuzzy Hash: FD411571A04105AFDB14DF6DC845AABFFE5EF48310F58C1A8E898CB249DB35E901CBA0
                Function 00FAA210 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 86979f607e2ea1d9c6bd3f3b8a797d7f9985faeb036834771a56796762493319
                • Instruction ID: 46289c4e380466ca3e55a836b0a18411a9b5fceba992820af167e40a521ec2e4
                • Opcode Fuzzy Hash: 86979f607e2ea1d9c6bd3f3b8a797d7f9985faeb036834771a56796762493319
                • Instruction Fuzzy Hash: 6131D0B2900604AFC721DF18C940B6AB7E9EF86760F148269FD554B291C732EC56DBD1
                Function 00FDA5D0 Relevance: .1, Instructions: 112COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d581dc2518ca2879a3ad57bd8d6121b2d42a6cbe7f2898dab40891803eb4c466
                • Instruction ID: 802f4671541ba7da6be1cca2c73580e685d8d88cec93b0ce92c6aeb076c5dd3c
                • Opcode Fuzzy Hash: d581dc2518ca2879a3ad57bd8d6121b2d42a6cbe7f2898dab40891803eb4c466
                • Instruction Fuzzy Hash: 7941AF71A06744CFE730CF28C415B2677E2BF44760F184A5EE4A28B795D738D880EB86
                Function 0108A9CC Relevance: .1, Instructions: 112COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc3f12086dfc8309f81c1328e8f289a1f0cbb1993f6d8faf9de574bbca454022
                • Instruction ID: 0bd02984eeb8d82cf61e944a7f75583af4f880ee9d7b963821778d3a4e676f3a
                • Opcode Fuzzy Hash: fc3f12086dfc8309f81c1328e8f289a1f0cbb1993f6d8faf9de574bbca454022
                • Instruction Fuzzy Hash: 3241B672A00109EFCB15DF58C980AAEFBB5FF44350F1440A9EA85AB741E330EE41DB90
                Function 00FA64E0 Relevance: .1, Instructions: 110COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 06e9d08e884fb21ce958ed6fe88900bfd6b5ccd86c9bc59d462613e254505453
                • Instruction ID: 100cc2690295999e576605ccd3ee4a1f7f9897de247b11f592ba7f030484148e
                • Opcode Fuzzy Hash: 06e9d08e884fb21ce958ed6fe88900bfd6b5ccd86c9bc59d462613e254505453
                • Instruction Fuzzy Hash: F5312832A00611EFC722AF1CCD42F2EBBA1EF41760F594969F9858B1A5D734D900E790
                Function 0103697F Relevance: .1, Instructions: 107COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a463cba5b339171157186c75354e0aabbc8186961756d1a775817a5b26c0f09
                • Instruction ID: 5c3420aa1093db4dda6665b13c9d70e82fdc02d9ba32ed77c8e630bbad3325e2
                • Opcode Fuzzy Hash: 4a463cba5b339171157186c75354e0aabbc8186961756d1a775817a5b26c0f09
                • Instruction Fuzzy Hash: E741AEB1D00608AFDB14DFAAD941BEEBBF8EF88310F14806AE555E7251EB759A01CF50
                Function 00FBE3B6 Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7fac144cd7682ee86d9bf73542d94d9d8d4535c1f4bff7dc3e192187dd353155
                • Instruction ID: f9fe0f5b21fd8a276b97400d9d23d5f49f8ec2e67b08748135e70635e7b401c2
                • Opcode Fuzzy Hash: 7fac144cd7682ee86d9bf73542d94d9d8d4535c1f4bff7dc3e192187dd353155
                • Instruction Fuzzy Hash: 4531CD35601A12EBCB56AB66CE81BD9BBA5FF44300F144029E94187A61DBB4E821EFD0
                Function 00FB849A Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96a829e51bab0e71796ac3b9a1efe321297f8e8ab7799eeb0b03ae0c18083cc7
                • Instruction ID: c83a4f37406d761fa2bb31a38f3efabf92ae2f43b0b70dca74d62f044e44f8b4
                • Opcode Fuzzy Hash: 96a829e51bab0e71796ac3b9a1efe321297f8e8ab7799eeb0b03ae0c18083cc7
                • Instruction Fuzzy Hash: 1B41F332A047858BDB21DF65C8017EFBAE5AF85364F14482DD097A7241CF389806EF98
                Function 00FC421F Relevance: .1, Instructions: 103COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e7ff76579ac201f87d3bfb9b1fd46ae3f4c07574066fe3ea9e1fd7565bb636f
                • Instruction ID: 03fde27c7478a62ebd26a464fd33825c0ed0f989f5e30cdffb5addf6f6f8dba1
                • Opcode Fuzzy Hash: 1e7ff76579ac201f87d3bfb9b1fd46ae3f4c07574066fe3ea9e1fd7565bb636f
                • Instruction Fuzzy Hash: 2B314832A00241ABDB21DF68CD46FDEBFA9EF44350F084169F855D7392C678A844EB60
                Function 00FAC75D Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10eefdd7ca2fb620e376a3f047a7f3da7f0ee1ec5b766f835fab84b15c18a2d6
                • Instruction ID: 6849f54dc30f88b4ed85a2afb2c6955d94a509083e9ed45a537d56e06358a865
                • Opcode Fuzzy Hash: 10eefdd7ca2fb620e376a3f047a7f3da7f0ee1ec5b766f835fab84b15c18a2d6
                • Instruction Fuzzy Hash: 863173B2E0022D9FDB219F18CC41BAAB7B9BF46710F0001E9F548A7241DB749D44DF91
                Function 00FAE18F Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87ca3076e50955b52f9f59f1607e3f0b940d5c13a16b2fce766abd88787f16f2
                • Instruction ID: 93866183db48e92e4a1b6979ecbd8eed3261f71451aafe2f3640f97d175f57f4
                • Opcode Fuzzy Hash: 87ca3076e50955b52f9f59f1607e3f0b940d5c13a16b2fce766abd88787f16f2
                • Instruction Fuzzy Hash: 893128B2900109EFCF169F89C990AAEBBB9FF0A314F50406DFA4597220C735DD91EB50
                Function 00FEE016 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e2df73c8a2e063c17e995df1f85b3cb2c64b70fc26b1391eaf0af304dd42780
                • Instruction ID: 708abab693cfd855ad4117387c290d513afbf537f656868cb6972eecf3052091
                • Opcode Fuzzy Hash: 4e2df73c8a2e063c17e995df1f85b3cb2c64b70fc26b1391eaf0af304dd42780
                • Instruction Fuzzy Hash: 9E317E72B00B459FD764CF2ADE41B57B7F8BF08B50F14442DA69AC3750E670E8009B54
                Function 00FDE2C0 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 476dbd670f67e86446959aaf3b0a531d8f902a541af7b1863e13bd3223e0583e
                • Instruction ID: 6afbaa95713b40df1c952f67ce6e246f8de6b24876883e9156bb2a264d7ebb23
                • Opcode Fuzzy Hash: 476dbd670f67e86446959aaf3b0a531d8f902a541af7b1863e13bd3223e0583e
                • Instruction Fuzzy Hash: 63318D72A09701DFD364DF19C900B6AFBE5FB88714F19896EE99887740E378E840DB91
                Function 01018595 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d6d3504f0e42d1ad60a8f8a2449a0b516f613007ac760786a1f26a620bbb185
                • Instruction ID: 0b64c50e43857ea0340448d6c86c31a0ed36d3788b2c3c06d1173cf072f45ea7
                • Opcode Fuzzy Hash: 4d6d3504f0e42d1ad60a8f8a2449a0b516f613007ac760786a1f26a620bbb185
                • Instruction Fuzzy Hash: 4231B531A011299BDB30DF19CC48EAEB7B8EF48704F0544E6E949E7215D6389F41CF90
                Function 00FBE750 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aad21a935e98608e17f5af9540b79e1a03ee377e8fdefc452dcb79a17543074b
                • Instruction ID: 038ca7e3c7621ff1ce18ea1bc58f4e7ec0a3fa3337222663cf08b44188b7ab8d
                • Opcode Fuzzy Hash: aad21a935e98608e17f5af9540b79e1a03ee377e8fdefc452dcb79a17543074b
                • Instruction Fuzzy Hash: DB31AB35715A06BFDB56AB64CE80BE9BBA6FF44340F505059EC8187A61CB34E830EF90
                Function 00FA891C Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4793532c62dba1a46fdb0feb1ba7e9436addf392c3717e24738e653bc1363cbc
                • Instruction ID: ace081fd3c28d8cf5c52ac28a36476f3218a12f85cb266db8ba0f8fba2466b56
                • Opcode Fuzzy Hash: 4793532c62dba1a46fdb0feb1ba7e9436addf392c3717e24738e653bc1363cbc
                • Instruction Fuzzy Hash: 94314872600A11AFC711DF59CC81F6ABBA9EF49744F144069F149CB252DA79ED02EBD0
                Function 00FE634A Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6bcef2bc4ec0cb55d84d388cddca1cb5df5b7bc86be714bd490410856b631b8b
                • Instruction ID: 6d3c5894d4debcc21a0e140ccd12229dbdd9ea9d589a2316089085c9441f222c
                • Opcode Fuzzy Hash: 6bcef2bc4ec0cb55d84d388cddca1cb5df5b7bc86be714bd490410856b631b8b
                • Instruction Fuzzy Hash: 0331ABB26083598FC701DF18D840A5ABBE9EF88350F0105A9FC91D7362DB34DC04DBA2
                Function 00FA83C0 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f292e6faee270c67e70b90e91c12c74940045014f24d0cc51c6566f06711a1d0
                • Instruction ID: 9f175a849b2dbc3f43451b0a2f1d846735499b4ee6779174f61a4686f6b29a57
                • Opcode Fuzzy Hash: f292e6faee270c67e70b90e91c12c74940045014f24d0cc51c6566f06711a1d0
                • Instruction Fuzzy Hash: 102106B2A00712AFC321DF58C801B1ABBF4FB89B90F124428A9959B251DBB4ED05E790
                Function 00FE878A Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 367c91763a5176ffb8c3adccb04b73768550caf945ecf88f8e81859a140d49c0
                • Instruction ID: 021155d0a0ff7a945861993b629d1e40a8297f73813fef50c7c77bf006de77ba
                • Opcode Fuzzy Hash: 367c91763a5176ffb8c3adccb04b73768550caf945ecf88f8e81859a140d49c0
                • Instruction Fuzzy Hash: 54218871A00644EBCB11EF55C980A9EB7B6FF48350F508469FD199F281DA74DB05AB90
                Function 00FE86B0 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e16a3767a84f5a4a4f664e759b6b3996fc02ec3c4261ed8a85cbe7c93f425e2
                • Instruction ID: 899c0c991107c07c38b3e1378de25d4ddc5b187a8e5d86ce712dab7184ccefff
                • Opcode Fuzzy Hash: 6e16a3767a84f5a4a4f664e759b6b3996fc02ec3c4261ed8a85cbe7c93f425e2
                • Instruction Fuzzy Hash: EC21C1726047559BCB21DF19D881F6BBBE4FF88750F14491AF9889B281CB70E901DBA2
                Function 00FBA758 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3b5ad5658a57a520d607db499ea33e3835a21fdfb38e28f1f0916403a9f444d
                • Instruction ID: c20b1a0c9c4f20ae332a51c27332072f884d27f2845a5137c0bd584116a481ef
                • Opcode Fuzzy Hash: a3b5ad5658a57a520d607db499ea33e3835a21fdfb38e28f1f0916403a9f444d
                • Instruction Fuzzy Hash: C621A176604114BFC711CF5ACD80FABBBB9EF85750F210455E50297211E634AE00EBA0
                Function 00FB486D Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29e0d884b37790dd025dc6a3217944869b4cc72c8711b41ec6696834815bfbe9
                • Instruction ID: efbde5b19b0caa1a4dd9b4af0087619c92c52dcc064921104a5c0c4cba7d47b1
                • Opcode Fuzzy Hash: 29e0d884b37790dd025dc6a3217944869b4cc72c8711b41ec6696834815bfbe9
                • Instruction Fuzzy Hash: 88212736E00296AAD7209FE98841BEFBBB8BF04740F014075AA65EB241E378DD00D7E0
                Function 0105E540 Relevance: .1, Instructions: 85COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b589e660dae327c8082204416e52b158a10da157beacd28536026a9a9f70b62
                • Instruction ID: 060e46fb7b2d937a1adbb6233e95b2c4ca80cd1dc3e504f68ff917fa1a1a60e7
                • Opcode Fuzzy Hash: 4b589e660dae327c8082204416e52b158a10da157beacd28536026a9a9f70b62
                • Instruction Fuzzy Hash: CB312C75E002168BCB55DF99C884AEEFBF5FF4C290F15802AD982B3250D7359A41CB64
                Function 01060224 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85c697f4f187765762fd5f58d8d9d347ee4e7f8e61565c1f8d451ec3b5bf1eb3
                • Instruction ID: cab5aca1fc93266c05fba7e37c26f51834370c620d7a03d54ab9575cd26fbf0c
                • Opcode Fuzzy Hash: 85c697f4f187765762fd5f58d8d9d347ee4e7f8e61565c1f8d451ec3b5bf1eb3
                • Instruction Fuzzy Hash: C231CE71600B828FD364DF6AC540766BBE9EF89324F148A6DE4EA87295CB35D806CB41
                Function 00FBA4B0 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f89302d6be925b5f42c9069b7f2dea21def1956aa0c4dd2f42507bed15fa036b
                • Instruction ID: 0d8f40fadd2b5e4e664ff132ea0e340b4ed6174610dc455f88b8fa79bddc462f
                • Opcode Fuzzy Hash: f89302d6be925b5f42c9069b7f2dea21def1956aa0c4dd2f42507bed15fa036b
                • Instruction Fuzzy Hash: 80318972A00714CFDB21CF6AC840BAEB7F1AF84724F144159E855AB391C378EA01EF91
                Function 01070B05 Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cf4a39edc4d947adbcd49fc74f71860332da39907288df85a5059abf969cc4a
                • Instruction ID: e4ffd71ab4f80131fc80d49032f00ca5768701fc8c460b21281f0119537eaff6
                • Opcode Fuzzy Hash: 3cf4a39edc4d947adbcd49fc74f71860332da39907288df85a5059abf969cc4a
                • Instruction Fuzzy Hash: 73212872E00615ABCB12DF98C980F6FBBB9EF45754F100169FA00AB255D671DE01D7A4
                Function 01036BF4 Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52ff04614d4e78e08b6b43e5d32d1a8a38f7b6bdeb800edfd5e8079496de5d1c
                • Instruction ID: 1a943053c8479ad974843840cdbbb6c9ed329d6cf9d8e226662d74761c96b803
                • Opcode Fuzzy Hash: 52ff04614d4e78e08b6b43e5d32d1a8a38f7b6bdeb800edfd5e8079496de5d1c
                • Instruction Fuzzy Hash: B821AB71A10608BBDB11DB58D945F6ABBE8FF88700F0400A9F944DB691E639EE00DBA4
                Function 01074570 Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 528fdc85a4c706553d992092fc98e2fc0bb3e117a7a5a7db9e944e04f27c52c7
                • Instruction ID: 4f6e26ff19e96d3d0c7b230de4d0f0641ba2b021cbf06784b8995d078ef8907d
                • Opcode Fuzzy Hash: 528fdc85a4c706553d992092fc98e2fc0bb3e117a7a5a7db9e944e04f27c52c7
                • Instruction Fuzzy Hash: 0C21D031A0020AAFDB22DE68CD81BABBBE9EF44718F104468E644C7222E775D910DB94
                Function 01070980 Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4baf1cdb297b4e43bd0ec4cf3b5d76fe1a9554de4c1c0158ec7e9aa04adf189
                • Instruction ID: 03f67a0c5446dc8ed26be6a94244508ac4a36c06f7524fbda829977a5e7bc38f
                • Opcode Fuzzy Hash: a4baf1cdb297b4e43bd0ec4cf3b5d76fe1a9554de4c1c0158ec7e9aa04adf189
                • Instruction Fuzzy Hash: E721ED36A00609BFCB21AE45C801F9BBFBAEB80760F10052DF6448B251DA71EE05EB90
                Function 00FAA617 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 9e4a422c9f12e894f5a2c1cdfd7eeac5c25518a49be2f6c01d2b1b98c5b93d5f
                • Instruction ID: 893dc81b71f2c172013fc9183af3ef3223600841b037bca7b39533c57c9590f4
                • Opcode Fuzzy Hash: 9e4a422c9f12e894f5a2c1cdfd7eeac5c25518a49be2f6c01d2b1b98c5b93d5f
                • Instruction Fuzzy Hash: A6215772500A01DFC726EF58CD42F5ABBF5FF08714F14456CE2869A6B2CB39A845EB44
                Function 01074460 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d870025f34dc513c55024982cc81c3e554eb7b00cdaf98cad914c773778add26
                • Instruction ID: e0c8d5d748b3ea8665800bf783ba2c7a2876affd793e3698bf30b62be04a2e83
                • Opcode Fuzzy Hash: d870025f34dc513c55024982cc81c3e554eb7b00cdaf98cad914c773778add26
                • Instruction Fuzzy Hash: 0E11E137900664ABC7229F19CC41F7B7BA9EF41B60F160455FA84CB262DB24EC00E7A8
                Function 00FD4AB0 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9af3727edaf4739166bce24cdeda003735f5b7bb0eabf5648841e4e3aebc97e6
                • Instruction ID: ad6e7a3e185fa72413a6e525f9b23e44a18cf4d766839854cd8f97e724a79495
                • Opcode Fuzzy Hash: 9af3727edaf4739166bce24cdeda003735f5b7bb0eabf5648841e4e3aebc97e6
                • Instruction Fuzzy Hash: B421D432205591CBD7269B5CC990B6677EAFF45710F1C00A6FD418B7D2E73AEC10E651
                Function 00FA6466 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c41b1822f46801f9733b9d21d7fb31d43a938490236f66eabcf427c10f5da12
                • Instruction ID: 0b46d10aa16c5a10bc4e36a3f3ffdf034b381bcd0cccd7e05e8e6d721d6db66c
                • Opcode Fuzzy Hash: 3c41b1822f46801f9733b9d21d7fb31d43a938490236f66eabcf427c10f5da12
                • Instruction Fuzzy Hash: ED1136B2900211ABCB31EF68C941BBEBBE1EF09710F28046AFD86D7344DA38D841E650
                Function 010460C1 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e2128b564750e377eb3d92a253dbf203168bac005fc199b61879b722e2b3682
                • Instruction ID: aa633fdcc754484d1ff6883001e3264bd621608b443fbed7b5c99aeeb10bbe08
                • Opcode Fuzzy Hash: 5e2128b564750e377eb3d92a253dbf203168bac005fc199b61879b722e2b3682
                • Instruction Fuzzy Hash: 5911BBF1600A116BD7614E6C9D84761BBB5BF02366F0D0375A9A0935F2DB76EC90C7D0
                Function 00FDE200 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 78f2b2f51251203b3b18d8e56eefe002cd20e3420114a9585a5a259cc76f01b5
                • Instruction ID: 1fdf5c4e19ea685b7d056fc044c35c2ecab604840e523fb9c10de8b73fd151cc
                • Opcode Fuzzy Hash: 78f2b2f51251203b3b18d8e56eefe002cd20e3420114a9585a5a259cc76f01b5
                • Instruction Fuzzy Hash: 12216272B046008FD725EF09C580A6A73EAEB98325F1C85AED95A8B744C734FC41DB50
                Function 010865A9 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ddf0c276dbb85fad67d2a51863947fde8feba482209fd849dc29624eec4fcb1a
                • Instruction ID: 0292a3bbe9319faab14275500a165144d46fa3a9142d015f48af8061aa439e02
                • Opcode Fuzzy Hash: ddf0c276dbb85fad67d2a51863947fde8feba482209fd849dc29624eec4fcb1a
                • Instruction Fuzzy Hash: 6C21AF33A108129B9B58CB3CC8054AAF7E6EF8C35436A427AD952DB2A8D675B911C7C4
                Function 00FE0A02 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e0369fc0ced8525ee6958f6cae0dd62fa4dffb471c0890ac1a5d50867eba472
                • Instruction ID: 0166add53eb82ad72dbe12f488ea3274b3bb4d6831ca0a1e5377845680a8c825
                • Opcode Fuzzy Hash: 6e0369fc0ced8525ee6958f6cae0dd62fa4dffb471c0890ac1a5d50867eba472
                • Instruction Fuzzy Hash: 7411B171B0038A9BD711EBBACC81AAF77F8AF84710F000439E645D3281DEB8D9419761
                Function 010101B0 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c5287e53fd8d6e4cb508b73817cee8475c45d55593099486e2fd8e9b76bddf6
                • Instruction ID: 9bad7da1614540c14898a9827a168295b9b6f8dbe0525a204d780f0055f06ccf
                • Opcode Fuzzy Hash: 6c5287e53fd8d6e4cb508b73817cee8475c45d55593099486e2fd8e9b76bddf6
                • Instruction Fuzzy Hash: 5F11C1326415125BD3B29A69CA55ABF7BE4EB84690B094518FDC69B20CC63DED80D3A0
                Function 0105E0CF Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8021cdfc5a7a5f6a2f7ea1b9cf34e8e3f332b2a90e94772ed8af32aa4f135995
                • Instruction ID: 33cd5f966265f81842a363178842f7b59fc18c96c850eed5706c574ba86a5060
                • Opcode Fuzzy Hash: 8021cdfc5a7a5f6a2f7ea1b9cf34e8e3f332b2a90e94772ed8af32aa4f135995
                • Instruction Fuzzy Hash: B7213971E00219DFDB54CF88C890BEEF7B0FB49721F1082A9D991AB291C7745941CF54
                Function 01018887 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8bbd17054b128e51ea609bae1c09b5b0105469ae311a0da88af53f391b3e36c5
                • Instruction ID: 2189fd15ee1a6b5a45750ff3e361180e63a7c0e10f15aa9ab2463075a43a4ea5
                • Opcode Fuzzy Hash: 8bbd17054b128e51ea609bae1c09b5b0105469ae311a0da88af53f391b3e36c5
                • Instruction Fuzzy Hash: FA11D372E00215ABD721DFAC8940BAFFAFEAF54700F08406BE984E7355D678DA0087A1
                Function 00FDA2F0 Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 547c7b90fdcfe210ab802d102f1d55fe5fa7adbf59339f00133e4b041b485c12
                • Instruction ID: f5b42ce03ba34279ed9ed185b605e597b272ef6fafd5768595ea58510c02a074
                • Opcode Fuzzy Hash: 547c7b90fdcfe210ab802d102f1d55fe5fa7adbf59339f00133e4b041b485c12
                • Instruction Fuzzy Hash: D6218C72600640EFC7209F68C841BAAB3EAFF44350F54882EE49AC7351DA71AC40EB65
                Function 00FE42B0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 872aa79c73456547c0c4a8d54fe825c504d332c6952515d451d031611ffbd848
                • Instruction ID: a60d5427c9c6c8805f266e8551fa357e2ce66cffb2e5273bcfb151669a250e7a
                • Opcode Fuzzy Hash: 872aa79c73456547c0c4a8d54fe825c504d332c6952515d451d031611ffbd848
                • Instruction Fuzzy Hash: 1E1166337001119BCB19DA69CD86B2F76ABEBD6370B24413DF6A2CB291DD30EC02D690
                Function 00FDA8DB Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 07dabccf643dda10051b66c336a3ce07444e7c436f2a3fd3dbc2aa7e9fee3a88
                • Instruction ID: 9f35b515008cd5677225433e8084d35f97e2387079cacf78bf9d7befd2f02f82
                • Opcode Fuzzy Hash: 07dabccf643dda10051b66c336a3ce07444e7c436f2a3fd3dbc2aa7e9fee3a88
                • Instruction Fuzzy Hash: E9119031A00305EFDB268B64C800F6AB7FAEB85314F29819AE4425B341E675ED42EB95
                Function 00FEA0C7 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 806cbdc3a7988f4fc9cc7da93e50d13e73eda2ea303bc18a56ae790783f233d7
                • Instruction ID: 12af99c32c45a63d697b1ceea27d29cbd321cac4be0e315f35aea25ac961bc27
                • Opcode Fuzzy Hash: 806cbdc3a7988f4fc9cc7da93e50d13e73eda2ea303bc18a56ae790783f233d7
                • Instruction Fuzzy Hash: 9A112B33641685BFDB225F46CE42F677B6AEB84B90F150438FA045B2A0CA79DC01FB90
                Function 0104493E Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c95e2d962bcee70618ac38a4a0bd5c1aa12d9a3ea7564a87a5309ae0a757086
                • Instruction ID: 34d983dba38bfd9a5b555dff3da0abadeb19f097e6c18ad99d4b60106e1ef233
                • Opcode Fuzzy Hash: 9c95e2d962bcee70618ac38a4a0bd5c1aa12d9a3ea7564a87a5309ae0a757086
                • Instruction Fuzzy Hash: 0711CEBA200604AFE720DE08D981B5ABBE5FB41750F068579EA88DB221D731EC40EB90
                Function 01034461 Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b60a4a69b3c0c3cfa2b1e8d7eba25d36074b254e3996f81ca17b3b50abdb3b8
                • Instruction ID: 88fc30606705fbb201fa4776402dd9c572a1e449fcf0d601bb2b958308e9db45
                • Opcode Fuzzy Hash: 6b60a4a69b3c0c3cfa2b1e8d7eba25d36074b254e3996f81ca17b3b50abdb3b8
                • Instruction Fuzzy Hash: C911E572504208BBCB059F5CD9819BEBBB9EF95304F10806DF984CB351DA358D55E7A4
                Function 010743A9 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 579c3120efa7171da04e5a507c7953e75d686a57f9618cb700c2a726ab512a9d
                • Instruction ID: 4e3071aac439610b3fdd9a7b7a315de1b1ce2f453d0f254ddfdef2b141e46e30
                • Opcode Fuzzy Hash: 579c3120efa7171da04e5a507c7953e75d686a57f9618cb700c2a726ab512a9d
                • Instruction Fuzzy Hash: 19016176A0010AAB9B14DAA5CC45DAF7BBDFFC1744B004058BB41D3200EBB4EE06E764
                Function 00FE8560 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 437fb588bad2a9a541208aec09e80ffaf04cc5349fc4f203a989c52a07b0e908
                • Instruction ID: a97e9d8a24608277ad85eac665fe46d86fa73d1d4dfab8a9a461fa21668217ad
                • Opcode Fuzzy Hash: 437fb588bad2a9a541208aec09e80ffaf04cc5349fc4f203a989c52a07b0e908
                • Instruction Fuzzy Hash: 65117975A0428ADFD700DF19C480B86BBE4FB09360F09866AE848CB301DB35EC81DFA1
                Function 010448B4 Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4f64cc30bd25a0ee22002a8e4bc6a6180cb4065bf6ab1a5e481e988d7517beae
                • Instruction ID: d1bfd47e15d9fe33dd87235634e437097cfdc3cb5ccb3f09b1f16025a03dedc0
                • Opcode Fuzzy Hash: 4f64cc30bd25a0ee22002a8e4bc6a6180cb4065bf6ab1a5e481e988d7517beae
                • Instruction Fuzzy Hash: FC0104B6600105BFE7219E48CC82B5A7BE5EB45351F0584B4F984DB261D775CD00E790
                Function 00FA8330 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee0dd90ca415901d7b24dd20c982bc4bdd2c37a88f469d85744644db953203f0
                • Instruction ID: 7f92aa4eca135ed310548bef1a42c0561b403fac1ffe8422af05d5474d56fcf3
                • Opcode Fuzzy Hash: ee0dd90ca415901d7b24dd20c982bc4bdd2c37a88f469d85744644db953203f0
                • Instruction Fuzzy Hash: C20192B2541310ABD7219A11CC41E6AB769EF82BE0F154129F5568B151CEB2EC03A7A0
                Function 0103C010 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad425b1a4efc52b9f85bfbf3442f6332bef6f532f5db484f092d91b12a07c452
                • Instruction ID: 9fff3f6aedfe704545ad5db3d2001cb67f47c4c3ebd3d1eabf53714786fab83a
                • Opcode Fuzzy Hash: ad425b1a4efc52b9f85bfbf3442f6332bef6f532f5db484f092d91b12a07c452
                • Instruction Fuzzy Hash: 2611177290011DABCF11DB94CD85EEFBBBCEF48354F044166E906E7211EA35AA05DBE0
                Function 0104C970 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b27424a9711d03e10a1eaa37b6c56929fc6ea765798c8e598460b740042ce1ed
                • Instruction ID: 539e0bec7949ca6d74d37cffb148586b09da6e4a4fe80ab564b2e9529fa981c3
                • Opcode Fuzzy Hash: b27424a9711d03e10a1eaa37b6c56929fc6ea765798c8e598460b740042ce1ed
                • Instruction Fuzzy Hash: EA11E576245145AFD701CF58D940BA6B7E9FB56304F088169E8C9CB352D732EC40CBA0
                Function 010429AA Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0ef23f3292d9357830a3eefef84355658e8bb74e96e320f2b66c61ae276160d9
                • Instruction ID: 1e53c6dec278a7fcb336e93a63a12fac6d1081e953cb16b5e377ccf94df72ce2
                • Opcode Fuzzy Hash: 0ef23f3292d9357830a3eefef84355658e8bb74e96e320f2b66c61ae276160d9
                • Instruction Fuzzy Hash: C0113CB1A002099FCB10DFA9D9819AEBBF8FF48310F14406AF914E7341D778EA01CBA4
                Function 00FBA310 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a0e1fb3817998e15add1bbb205bcfd54708c5e851741bbef62e9ab496a57e86
                • Instruction ID: 883a9fc6c889459d52ffd46bc9630528211f65c5be296540d97cb9967b769811
                • Opcode Fuzzy Hash: 1a0e1fb3817998e15add1bbb205bcfd54708c5e851741bbef62e9ab496a57e86
                • Instruction Fuzzy Hash: 71110636900951DFCB21EF48CD41F9ABBB9FB08704F5901ACE681A7621C739AC00EB94
                Function 00FF258A Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a965d93ad5f62602aab192311bf471bb21a793a56110d0052090cf583bea0b6
                • Instruction ID: c0bcc6c6eccfd1a376af3173d42fd143004bdd20bd79ca8b16cea73f286a21db
                • Opcode Fuzzy Hash: 5a965d93ad5f62602aab192311bf471bb21a793a56110d0052090cf583bea0b6
                • Instruction Fuzzy Hash: C7018472240546BBD355BB69CE82F57BBACFF84790B040129B21583562CB28EC01E6A4
                Function 0107685C Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0f796e9ce3b593a38deac9399709d44981721c14c816ea94557df5e56f4e3a0
                • Instruction ID: ffb9124fa5bcbce1aeed18974bdf603538e75dd01b09a4c953220080f3d3ad66
                • Opcode Fuzzy Hash: b0f796e9ce3b593a38deac9399709d44981721c14c816ea94557df5e56f4e3a0
                • Instruction Fuzzy Hash: 89118471E01209AFDB00DFA9D846EAEBBF8EF44740F004066B915EB391D678DA05CBA0
                Function 010170A2 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c70bdeee53d9ed661111c813b28a7e0cd07971b67dc9f14d439abf7b34ed382
                • Instruction ID: 8e1b07f43cfe7e2a4e8f3698f8e220b769d642f834f049fcf7de28b30cb10d72
                • Opcode Fuzzy Hash: 6c70bdeee53d9ed661111c813b28a7e0cd07971b67dc9f14d439abf7b34ed382
                • Instruction Fuzzy Hash: 4801CD333245115B8B5DCE3AD86183FB3D7ABCC664319C87EE897CBA44DA60F8518790
                Function 010425F0 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e4c166c3decd0c4add132593fb254883f60e1719fb8af577185b536e65141140
                • Instruction ID: db60bf069b3eaa9d3eda05bd3f309543d93fd1fffa56706e7e814f8a7dd0f9de
                • Opcode Fuzzy Hash: e4c166c3decd0c4add132593fb254883f60e1719fb8af577185b536e65141140
                • Instruction Fuzzy Hash: C3116D71A01208EBDF15DFA8D895EEE7BB6EF88740F0040A9BD41A7390DA35E911CB90
                Function 0108C6C0 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e94a18b18d9ae175ddfa7513f4b7ca25ce8ddcd0f40fbd3d17b055bf64e3266
                • Instruction ID: e6906ad442a15f005fa34de8d562007bac1d8e8918b6a1af4bc3d88c5842d0c9
                • Opcode Fuzzy Hash: 5e94a18b18d9ae175ddfa7513f4b7ca25ce8ddcd0f40fbd3d17b055bf64e3266
                • Instruction Fuzzy Hash: AC01F136204A019FE721BA69CA05FD6B7F6FBC5200F48445DE6C28B650DA70F842C7A0
                Function 01042B28 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 73e7249eab3867eca25ee9c52772b573783c10d5fcff2c4b6ca2b2a279826493
                • Instruction ID: 15a00e1847c5e6c4320931935b83dcefd0fdfa1bd690cc204cf6ad420be98fb3
                • Opcode Fuzzy Hash: 73e7249eab3867eca25ee9c52772b573783c10d5fcff2c4b6ca2b2a279826493
                • Instruction Fuzzy Hash: 97115EB16193049FC700DF69D88195BBBF4EF88750F00896EFA98D7351E634E900CB92
                Function 01042BC3 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85f7d3d8b3b8ac4962fc1de4d2726e768a084a3384e78ea0915281e3ed73531f
                • Instruction ID: 9e979c30162a00d9ddbf2255016a6d877284ef6eb17bb651d07c94e74a7997f4
                • Opcode Fuzzy Hash: 85f7d3d8b3b8ac4962fc1de4d2726e768a084a3384e78ea0915281e3ed73531f
                • Instruction Fuzzy Hash: BC118EB16183089FC700DF69D881A5BBBF4EF88710F00896EFA98D7351E634E900CB96
                Function 0107614F Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdb7484cd8fc5c0c3192f0ac4d908d67ee84fc9ad33e680fbadd88d953635e24
                • Instruction ID: d1c5f39ca7aa85eea4debfdc7c0ec21933adc732f96cf718151d10df4232dcac
                • Opcode Fuzzy Hash: cdb7484cd8fc5c0c3192f0ac4d908d67ee84fc9ad33e680fbadd88d953635e24
                • Instruction Fuzzy Hash: 2701B570E00208AFDB00DFA8DC46FAEBBB8EF44700F044066B905EB381DA74DA01CB94
                Function 010762CC Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 38194c1260857fe3e733c7c5af0218fd3842c21bcf6c0e7963e0ec265dda42e8
                • Instruction ID: 92dec342aa2e907355ea42baf96421012bd0126d1763f87476b17a21363140fd
                • Opcode Fuzzy Hash: 38194c1260857fe3e733c7c5af0218fd3842c21bcf6c0e7963e0ec265dda42e8
                • Instruction Fuzzy Hash: 4D01B570A00208AFDB00DF68D842FAEBBB8EF44700F404066BA40EB281D674DA05CB94
                Function 01076746 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 27241ded0b5d9e0f698b597087582f380fe23093d1d3a30d7fd59e83a41176e4
                • Instruction ID: 1400b99c26127e4c0ec94079d698915001987088c7aadb9c0483c77b3151010e
                • Opcode Fuzzy Hash: 27241ded0b5d9e0f698b597087582f380fe23093d1d3a30d7fd59e83a41176e4
                • Instruction Fuzzy Hash: 7601B571A11208ABDB00DFA9DC46EAEBBB8EF44750F004066B941EB381D678DA01CB90
                Function 010767D1 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6fe88d053a7c9028a61dc58ac523a8fd8e9dd88793f68b955d8ccbadcab26ae
                • Instruction ID: cd0a927710b0d77e1e956f600596c8c6f56b517c2ed4fad9e9e0c691c68e5fdf
                • Opcode Fuzzy Hash: a6fe88d053a7c9028a61dc58ac523a8fd8e9dd88793f68b955d8ccbadcab26ae
                • Instruction Fuzzy Hash: E5017571E01208AFDB14DFA9D846EAEBBB8EF44710F404066F951EB381D678DA05CB94
                Function 01076630 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 024b2584ea2854de21fcda8c82fec035c0450b6507b6871591272cdb152c51a2
                • Instruction ID: 03130a426179563bcc07fe7115e97a1bca6496cf18acca5617eed0022f260cd2
                • Opcode Fuzzy Hash: 024b2584ea2854de21fcda8c82fec035c0450b6507b6871591272cdb152c51a2
                • Instruction Fuzzy Hash: F4017971A01309AFDB14DFA9D846EAEBBB8EF44710F404056F941EB381D679DA05CB94
                Function 010766BB Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8b667da3e1199852c7a8a3953e687a8383de4e1637d7aff931084292867ba5cf
                • Instruction ID: d3c51fd5a02aebfc7f309babafc1f3eb611d3c94e49f6c8e5c08841186d80942
                • Opcode Fuzzy Hash: 8b667da3e1199852c7a8a3953e687a8383de4e1637d7aff931084292867ba5cf
                • Instruction Fuzzy Hash: AF01B571A01248ABDB04DFA8DC46EAEBBB8EF44750F004066B941EB381E678DE01CB94
                Function 00FF03A0 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b07dd0153128c30a19335532a54de052dcd49a5d5c4fbe2bb01b9474169e4f4
                • Instruction ID: 7f24ece37b0bc552aef2fdc29091a2ce40ccbc434a346c5fd801d66fdf1d913f
                • Opcode Fuzzy Hash: 9b07dd0153128c30a19335532a54de052dcd49a5d5c4fbe2bb01b9474169e4f4
                • Instruction Fuzzy Hash: FFF0F07170020AABCB14DB19C881F6E77E9FB84324F248664FA20DB691DA38EC009B50
                Function 01076057 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 514df06cc4833fc67164bf833900f57f35df421e2f382863d5619574c58c9960
                • Instruction ID: 48176af66192031259440695f6cf2c4897e88fb7982844d78ed4be346e3049e0
                • Opcode Fuzzy Hash: 514df06cc4833fc67164bf833900f57f35df421e2f382863d5619574c58c9960
                • Instruction Fuzzy Hash: 6E018471A10218ABEB10EBA9DC46FAFBBB8EF84740F044066B545EB281D679DA05C794
                Function 01076536 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ec15dc5f5e605921fca515b16ee398e47943666c1fd1a1b1d47766a2836f8f7
                • Instruction ID: d63e5c1bdf789fec5c6fd1df2ac5f9a636f4b3ebb200abdc671a59d5c1342a89
                • Opcode Fuzzy Hash: 5ec15dc5f5e605921fca515b16ee398e47943666c1fd1a1b1d47766a2836f8f7
                • Instruction Fuzzy Hash: E8018471A00218EBEB10EBA9DC46FAEBBB8EF44700F444066F541EB281D678D901D794
                Function 01074B78 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 26519e4a5d79875d38c19f0e3db57e78d5bb73f3d62920b9ce16a43a4ecdaa65
                • Instruction ID: e0396d21188e3e19f1bebf23b3c88ec5cfe19f5aa24994dc0ff2704cf46bd78c
                • Opcode Fuzzy Hash: 26519e4a5d79875d38c19f0e3db57e78d5bb73f3d62920b9ce16a43a4ecdaa65
                • Instruction Fuzzy Hash: 53016771E11248ABDB14DFA9D846FBEBBB8EF44704F044066BA00EB291DA78D905DB94
                Function 0108CBDB Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 751b91f4f025d039700eade10006464abeae693ce0d69cf10915d34aa294b0ac
                • Instruction ID: 79941f0b481eb7132ca289bd00f9223c76afa9950c105ad6b3fc65fbd9604d48
                • Opcode Fuzzy Hash: 751b91f4f025d039700eade10006464abeae693ce0d69cf10915d34aa294b0ac
                • Instruction Fuzzy Hash: 9D0117B1A0020DABDB00DFA9E9419AEBBF8EF48300F10406AF941E7341D6789A018BA4
                Function 01074BFD Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca351b02bf13ad344f6295df59f8a0ceca47a4d52351221bf9c379df07668412
                • Instruction ID: 2d4f3b1d1fb80526c2d0760da715e7222d00c6091dfa3cce9240778e93624725
                • Opcode Fuzzy Hash: ca351b02bf13ad344f6295df59f8a0ceca47a4d52351221bf9c379df07668412
                • Instruction Fuzzy Hash: F601A770E0020CABDB14DBA9D846FAEBBF8EF44704F004066BA14EB291DA74EA01C794
                Function 00FB49FD Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 08a17d77fc9341ae268e89dbcc5759ccc6e4309fd1be1b75460bf7c945ea50e3
                • Instruction ID: e8f550d7574a6c1077783f1972ee36d3db29e1d0d09c532de8e70c11e2a3e925
                • Opcode Fuzzy Hash: 08a17d77fc9341ae268e89dbcc5759ccc6e4309fd1be1b75460bf7c945ea50e3
                • Instruction Fuzzy Hash: 62F0C8336855229BC7325E574D41B9BB59D8F91B60F160039B5059B201CA7CEC02BFD4
                Function 00FF040B Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2bf501c372a109085d1857121c0bb1e675a22d7b7021dc04d9fe9c65632546f
                • Instruction ID: d06e0686577fded3c34156638010d57aefd93cc6e6dc8a062da67fe320e84774
                • Opcode Fuzzy Hash: e2bf501c372a109085d1857121c0bb1e675a22d7b7021dc04d9fe9c65632546f
                • Instruction Fuzzy Hash: A401F9326006959BD322975DD904F69BBE9EF42750F5840A1FF409B6B3DAB9C800D610
                Function 010764B0 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fdc0ed723cf4ce7d40255cced9b9f969bf06366580f7b63af51da6fc2df1b64e
                • Instruction ID: 45c7add04946e7ebf3cfa927d50c5d41a120a74b8bc24f5e806c0d9e1483887b
                • Opcode Fuzzy Hash: fdc0ed723cf4ce7d40255cced9b9f969bf06366580f7b63af51da6fc2df1b64e
                • Instruction Fuzzy Hash: 0F0100B0E0060D9FDB54DFA9D545AAEBBF4AF48300F108069F955E7351EA74DA00DB54
                Function 00FA6283 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8d83a981bbff76bdce0ffa1628f272e6b121c32499c185ee61fe7e84bcfa142
                • Instruction ID: 93756ff6e8ff38bdec85958ad975f91bb26aae4cdac09146504c36fa2f486db7
                • Opcode Fuzzy Hash: e8d83a981bbff76bdce0ffa1628f272e6b121c32499c185ee61fe7e84bcfa142
                • Instruction Fuzzy Hash: F1F044B6B01114ABDB15DB58C941FEEBBFDEB85710F180069A901E7241DA71EE05E790
                Function 0103C380 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 88ac553c3301f7035681f37d06d9f68bedc8d6fc6d3bc6cab5980757b43882fa
                • Instruction ID: 977a1ace5fa85fd9609b1115cc0303f851c659fe76d398d69ee799e399a2ab83
                • Opcode Fuzzy Hash: 88ac553c3301f7035681f37d06d9f68bedc8d6fc6d3bc6cab5980757b43882fa
                • Instruction Fuzzy Hash: 2AF0127210010DBFEF019F94DD81DAF7B7DEF59698B104125BA11A2120D775DD21E7A0
                Function 010765BB Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a441e158626f4714b9870d97051b5551ece5cea97a8ed8fa9de97c7dbc7d9b8
                • Instruction ID: 82258c90b1c01e152df06d83e39b351cac655d673a32402501bb106fc4044aef
                • Opcode Fuzzy Hash: 8a441e158626f4714b9870d97051b5551ece5cea97a8ed8fa9de97c7dbc7d9b8
                • Instruction Fuzzy Hash: 88F0C871E11708AFEB04DBB9C806EEEB7B8EF48710F4080AAF551FB291DA74D9058790
                Function 010405C0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3450fb452d4f67e8cd68fbac1b3c447a1df46412f9f047a198acd2bc9ae36de0
                • Instruction ID: 48b6ac0961ea5ab4d79bfe3320a8411327e6b68268dc1e81dfa7e3955d902839
                • Opcode Fuzzy Hash: 3450fb452d4f67e8cd68fbac1b3c447a1df46412f9f047a198acd2bc9ae36de0
                • Instruction Fuzzy Hash: 9C01973610011AABCF129F84DC80EDA3FA6FB4C754F068111FE5966228C636E970EF80
                Function 00FB6529 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 376cb0367a9d9e6406faccfc6fcc830cf93caf11da32d366654c639fa2e2e57c
                • Instruction ID: 93528d21d5da9b80e2bd09640524c578d3c0efc66396a607c2f1eca02479ea14
                • Opcode Fuzzy Hash: 376cb0367a9d9e6406faccfc6fcc830cf93caf11da32d366654c639fa2e2e57c
                • Instruction Fuzzy Hash: 92F0C272E012546BE724EB668840BFBBBA8DF80720F088515ED41D7649E638ED50AAE0
                Function 01074B08 Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82bd2c8b3c68945f745b8000ca05d48a3df9e0819e460431b4026f8c6c3816bf
                • Instruction ID: c8b485ab24d1bba201356dc6a62d807e8af6d2f4c291ff324fcb883a3f589ce2
                • Opcode Fuzzy Hash: 82bd2c8b3c68945f745b8000ca05d48a3df9e0819e460431b4026f8c6c3816bf
                • Instruction Fuzzy Hash: D3F0CD71B10248ABEB04EBA8DD06E7EF3B8AF84700F4040A9B611EB291EA74E905D754
                Function 00FDA7D0 Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b00e27eefa121cdaf98c855fbbc2a69ee8af4019735afb64d0b647d8306bbd42
                • Instruction ID: a21b07dfc12478bd330a20510747631041e2a335dfb8e8e86f48c0377be21f32
                • Opcode Fuzzy Hash: b00e27eefa121cdaf98c855fbbc2a69ee8af4019735afb64d0b647d8306bbd42
                • Instruction Fuzzy Hash: C2F0B477B1150597C6209BDCAD02F9A3368E784BB1F140039F542DB645C629D801F3A4
                Function 0105A895 Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a557fefb4548c616b658e2003a5db16f23f02d629a7d3d4dee3ec7d435d8188
                • Instruction ID: a0b6c79c016e9172961eab04e8c2e5b19ac288c1ad0f48ac06ac483e0cf07a39
                • Opcode Fuzzy Hash: 4a557fefb4548c616b658e2003a5db16f23f02d629a7d3d4dee3ec7d435d8188
                • Instruction Fuzzy Hash: 33F0E031741913C7E7F56A1E581073FBAD99F80F11705026D9ED5D7240DE14D802D790
                Function 0106C490 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 91117eff2435ce31f38cb9bb623434285707de1af5d62af2b9acdc7909a04527
                • Instruction ID: 3efe392b3123a4be3621d4478854e0f66aedd778ef2b2ad3a98e585ce37d10ac
                • Opcode Fuzzy Hash: 91117eff2435ce31f38cb9bb623434285707de1af5d62af2b9acdc7909a04527
                • Instruction Fuzzy Hash: 09F0BB33244145BBDB229E45DD01F973B6AEBC4B50F100028F64447260CD35DC11E7D0
                Function 010449D5 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 18e09d06488ff548f2a03423e56fc47cd982fd353f73d500d096a9f6ed58bedc
                • Instruction ID: ec388854cbb36d70a5aca6d3489eaf0bc13f541fe7da51fb8508a68ec0d1d024
                • Opcode Fuzzy Hash: 18e09d06488ff548f2a03423e56fc47cd982fd353f73d500d096a9f6ed58bedc
                • Instruction Fuzzy Hash: DDF0BE73301652ABD321DE4DDDC1F12BBA9AF85A20F2900B8A684DB260C760EC01E794
                Function 010760DC Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c7c7259cdd13e3c0dec68bba481886f056d7875d62a8742d3a1016c17d73a34
                • Instruction ID: 6cdf3d889de05c09350b7c708483f8f14edabacd2d4b2e5686387c340ea3d562
                • Opcode Fuzzy Hash: 9c7c7259cdd13e3c0dec68bba481886f056d7875d62a8742d3a1016c17d73a34
                • Instruction Fuzzy Hash: A9F04470E01248AFDB04EFA8D945E9EBBF4FF08300F444059B945EB392D674DA00CB54
                Function 00FF466B Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 576fcc16b735db64399bed97c794e62f884a664ec5a4dc5e48e166c47f2e91c7
                • Instruction ID: 35450b32d55a218ea46afea1f66da22607d1f263190ac28ffca878b9f2412c56
                • Opcode Fuzzy Hash: 576fcc16b735db64399bed97c794e62f884a664ec5a4dc5e48e166c47f2e91c7
                • Instruction Fuzzy Hash: CDF027713405029AFB76AE28DE00B2372E1BFA1B10F144838F285CBAB0D668DC81F780
                Function 00FBC0B8 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28bf3e09f25c74c2196ba679c6ef4e245345ab7e5ea4cadc990ecc6aa55d6dc4
                • Instruction ID: c6ec066ca920e3ba9bb8aa6090ef9e3f74fe8f5fc8370fe53ab108d8f97fb4c8
                • Opcode Fuzzy Hash: 28bf3e09f25c74c2196ba679c6ef4e245345ab7e5ea4cadc990ecc6aa55d6dc4
                • Instruction Fuzzy Hash: 5CF09A32D1A690DFE721A32A8504BE3B7D89B107B0F198566D845E7542C264DCC0FAD8
                Function 010763E1 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1b9f05b24d994694054769088b441e23719b51767fadbd78a4259bf51731147
                • Instruction ID: 7c6078a3da88f3058b5b589741b9e2078e0f4dd5bd824c057f85583d5f7b238a
                • Opcode Fuzzy Hash: d1b9f05b24d994694054769088b441e23719b51767fadbd78a4259bf51731147
                • Instruction Fuzzy Hash: 83F09670E10248EFEB04EFA8D946EAEBBF4BF04300F004069B641EB391EA78D900CB54
                Function 00FF67A5 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 76627a336991017c6f35d7fd83fafb232fc1a2fe51c223a6be29b4344b2a5729
                • Instruction ID: eab88de78da702e52f3eab3cbd5d7748dda2899f01c97e10aaf39164ef127f53
                • Opcode Fuzzy Hash: 76627a336991017c6f35d7fd83fafb232fc1a2fe51c223a6be29b4344b2a5729
                • Instruction Fuzzy Hash: E8E092723005002BD711AE598CC1F67775EAF82B24F040439B6085F152CEEADC08A2E0
                Function 00FB6849 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e08198244f6151464ac4fcaa05c9caa004020c1ca2462b12346a004a12ec79b3
                • Instruction ID: 6de03c98c8de4b8808c572b6d75d821399b375ff0cea42057c529c73f642aa36
                • Opcode Fuzzy Hash: e08198244f6151464ac4fcaa05c9caa004020c1ca2462b12346a004a12ec79b3
                • Instruction Fuzzy Hash: 75F02731A266B48FE7B2D71CC940B62B7E8EB00B70F3410A4D88587912C774EC80C740
                Function 00FB6A63 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51e441eff58052d9626f5cee4d155c84b436205212ccf1616ffb340be3fb732b
                • Instruction ID: f2b6312871a1ea293d38ca02bfb2480937a22dcb23b9aa81248ecba9a03669ee
                • Opcode Fuzzy Hash: 51e441eff58052d9626f5cee4d155c84b436205212ccf1616ffb340be3fb732b
                • Instruction Fuzzy Hash: 2DF0BE329156928EDB21E71AC504B96B7EC9B14730F28C921D845E7681C62CEC81FB50
                Function 00FB64DE Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b36519b63f3ddfa9e596dff413e157fc755d7a5a0354f5972a2cf0c1ac9d46f
                • Instruction ID: 6faaf3cb6b7544c81d8287d2ca7b8c4fd77d5d0f5f3ee3cf14e8cedffacd3d4e
                • Opcode Fuzzy Hash: 0b36519b63f3ddfa9e596dff413e157fc755d7a5a0354f5972a2cf0c1ac9d46f
                • Instruction Fuzzy Hash: 8CF0E2316156E08FE7B2D71CC580F52B7D89B017B0F1542A1E48487556C7B8EC82D650
                Function 0107644E Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14601d554f34ed0b961c997a9cee836aac4411a700eb41b729fe0a6fd8ae3675
                • Instruction ID: a226fd7081cbd0d3939b0f69f06c9aac0fa8a62baa85711b48bdc2d7ab0f74e7
                • Opcode Fuzzy Hash: 14601d554f34ed0b961c997a9cee836aac4411a700eb41b729fe0a6fd8ae3675
                • Instruction Fuzzy Hash: 3DF0A771A01649ABEB04EFA8D94AE9E77F9EF08704F440099F642EB2C1DD78D905C758
                Function 0107694F Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 18743ae8220f9c58cad06ec3888b87d1dba640187d47d920f8ff6421b9a77d8d
                • Instruction ID: 10f049049e1ff13945957ad08ea72c3268cbb17392ba7b92832d028358d3931e
                • Opcode Fuzzy Hash: 18743ae8220f9c58cad06ec3888b87d1dba640187d47d920f8ff6421b9a77d8d
                • Instruction Fuzzy Hash: BDF0A770A01649ABEB04DBE9D94AE9EB7F8AF09704F440099F642EB2C1E979DD04C758
                Function 010769B1 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de2333741e004abda8b76639e818070dba80b181a8ee831b9c335533789d2b03
                • Instruction ID: 335e9b6e937d927e2b56a5944810c38c2702642b920695ef665060a0355608d8
                • Opcode Fuzzy Hash: de2333741e004abda8b76639e818070dba80b181a8ee831b9c335533789d2b03
                • Instruction Fuzzy Hash: 42F0A771A01248ABEB04DBE8D94BE9EB7F8AF08704F440099F642EB3C1D979D904C758
                Function 010768ED Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca7c99a092c3addce4688be17c6b7f41fa3fef48a28d9ef90c35d9d999512b24
                • Instruction ID: 2c7f1ea4a38f22bca922202835453a5c40695432f9e568bf4c947e3c81d9f433
                • Opcode Fuzzy Hash: ca7c99a092c3addce4688be17c6b7f41fa3fef48a28d9ef90c35d9d999512b24
                • Instruction Fuzzy Hash: EAF08270A01248AFEB04DBA9D95AEAE7BF8AF08704F440099F642EB281D978D904C758
                Function 0104C490 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e6cc582ce1bc2176869308fe2e737e37775ba5e93fd6341939ec6d06926c4718
                • Instruction ID: 7066c4845e182b48ddb19117757a868512715829cdca537d7b237ccbcb7399a8
                • Opcode Fuzzy Hash: e6cc582ce1bc2176869308fe2e737e37775ba5e93fd6341939ec6d06926c4718
                • Instruction Fuzzy Hash: FBF0A0B21412049FF3209F09DB80F62BBE8EB85364F02C075E6498B161D739EC40CB94
                Function 00FA6247 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2ddfd3f1685d95304d37e5b8a8800bd2800d658af1fb5506636e8c0438e9b09
                • Instruction ID: 27377c4825f653711b25cbaabb13807ff2cba0607226742a4db9f0a177f83a0a
                • Opcode Fuzzy Hash: e2ddfd3f1685d95304d37e5b8a8800bd2800d658af1fb5506636e8c0438e9b09
                • Instruction Fuzzy Hash: 89E0E57254024597CF21AB80C801F66B7FA9B53710F188075E4008B151D6649C45B3D0
                Function 00FB4943 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49878ae6b9aa484612e4357b56e8cb35873aec3b6288eba0e8c890d5ba013c0d
                • Instruction ID: 9890949625bb19698d629f903521b0f97dd70f6be6a2be47bb33f9b66c4dc5a1
                • Opcode Fuzzy Hash: 49878ae6b9aa484612e4357b56e8cb35873aec3b6288eba0e8c890d5ba013c0d
                • Instruction Fuzzy Hash: 8FE0DF32A00220BBDB21969A8E06F9BBABCEB80BA0F004454B504E7191D660EE00E6D0
                Function 00FECA20 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ee19d9d84ccea321b250f10d16285a1f32eb2ba3f21f36512a50e315e197498
                • Instruction ID: eb441ce26db5bd81cb9ed4eed26aaa857f9fa6b07a81f3a4feece261ed0f809d
                • Opcode Fuzzy Hash: 1ee19d9d84ccea321b250f10d16285a1f32eb2ba3f21f36512a50e315e197498
                • Instruction Fuzzy Hash: D4E09233501458BBCB22EB81CD02EAE7B6DEF51760F108025B90196151CA39CF11F7E0
                Function 00FDE705 Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bf4d8ee6e5642a94bed905fc8a6123b1d8a882613ef38b95f256a02030aedd92
                • Instruction ID: b9df0669a3ac9cc7050fd59eb633e27cad50fc5dece2d256b17f55b75c7097fe
                • Opcode Fuzzy Hash: bf4d8ee6e5642a94bed905fc8a6123b1d8a882613ef38b95f256a02030aedd92
                • Instruction Fuzzy Hash: 94E0D832610A4147D731A2499808B9777DA97D1634F184296E8B8873D1DBA99C42C3A5
                Function 0103A000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: 29bdd850d38dd6d98b3480f462df49589acaf2dec7306dc69b99c2092ba7e1d1
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: AAE0C238300305CFE755CF19C044B62BBEABFD5B10F28C0A8A9888F205EB32E842CB40
                Function 00FF035E Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 73c6dcea22216e8047bc0ad9d0a618d8f882901d42423708bbf9d7cec0223539
                • Instruction ID: 07f5531e58a89a6866008327e8f29b66219c1795260d0a94654791d0581d8789
                • Opcode Fuzzy Hash: 73c6dcea22216e8047bc0ad9d0a618d8f882901d42423708bbf9d7cec0223539
                • Instruction Fuzzy Hash: EBD0C732408020ABCBB02A29AE41FA23A5AEF44760F020860F608A2032DA28CC81B2C4
                Function 00FB8450 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d428fdf44c6e25574cb36e32a8bc296ee76f2a034c0c5548e545e7015250527
                • Instruction ID: b489f1a5ded6685f5671c1d4360c140ef80bea986c03b17348bba3c8817961e2
                • Opcode Fuzzy Hash: 2d428fdf44c6e25574cb36e32a8bc296ee76f2a034c0c5548e545e7015250527
                • Instruction Fuzzy Hash: 56E0DF33A20286CBC331C616C8827A237ECE7E07ACF244424E941CA481DA29E843EA80
                Function 01072050 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dca269fbea382783e7651d45777f747beaed2805df9b65c22c1515cb7c06599e
                • Instruction ID: 009952dffea88e725ffd7156b656a379bbc80e165fbe371ecf2b2acfb11095e7
                • Opcode Fuzzy Hash: dca269fbea382783e7651d45777f747beaed2805df9b65c22c1515cb7c06599e
                • Instruction Fuzzy Hash: B5E0CD31680505B7DB331E44CC01F657A56DB50B90F104031FA445B651C5759D91F6E8
                Function 00FAA308 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 392f08d7e0067b454a915862cb50cca1b8b9126ea0c5704fbf5e37d43df21929
                • Instruction ID: a355a0b420f06834154c845a7b38d3b54c71f8168b7b55668326a76ec090c2d2
                • Opcode Fuzzy Hash: 392f08d7e0067b454a915862cb50cca1b8b9126ea0c5704fbf5e37d43df21929
                • Instruction Fuzzy Hash: E2D05E32151610ABCB322F15EE07F827AB6EF42B11F05052CB141664F1CAAEEC88FA95
                Function 00FBA5C1 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b1e3a34deccee43734bfbe4251a0513b3bf2b0fe3b9d44a5b2e56604ff808207
                • Instruction ID: dd8e61849517547e3b436b1db20abc1dc7839b2e0a14a438ef237c9909e22e36
                • Opcode Fuzzy Hash: b1e3a34deccee43734bfbe4251a0513b3bf2b0fe3b9d44a5b2e56604ff808207
                • Instruction Fuzzy Hash: DFD05B33D015649BCF728F44CD01F9BBAB9AB44B20F950094D59063211C779DD01FB84
                Function 00FF254B Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1dd94518efafb643d8eb5fdb3c7f8739c987146cc41cd894428463edd8a1711e
                • Instruction ID: 76d565f5dfd00e2dddf7a537c88e4346399ac647fa062dbce9d81dc504b0a3d4
                • Opcode Fuzzy Hash: 1dd94518efafb643d8eb5fdb3c7f8739c987146cc41cd894428463edd8a1711e
                • Instruction Fuzzy Hash: 06D0A7331409509BC772AA1CFC04FC273E9AB88761F010459F054CB152C3649C419644
                Function 00FEE400 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a33baea1219915fcf8a8921d70c10d218803693d938cb9a64f491f4ff3c932e
                • Instruction ID: 89a17e7955eb55ebec770629ea09866026f9ac581daf14b3bef7bf914e2a8912
                • Opcode Fuzzy Hash: 6a33baea1219915fcf8a8921d70c10d218803693d938cb9a64f491f4ff3c932e
                • Instruction Fuzzy Hash: 39D022370D010CBBCB019F61CC02F907FA9E750B60F044020B504870A0C63AE850E584
                Function 00FCC5E0 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bfaebae62b5ff429e3afc56c6f5529868a76f2a408f0a36e3e00eb240462f5f1
                • Instruction ID: 205f6187932ba80ed6673bfddab2b255ab9a5191587969b0cbcded78dea2d333
                • Opcode Fuzzy Hash: bfaebae62b5ff429e3afc56c6f5529868a76f2a408f0a36e3e00eb240462f5f1
                • Instruction Fuzzy Hash: 5FD0C935312A80CFCA26CB1CC950F0673E4BB40A45F8504D4E404C7B52CA2CE940C904
                Function 00FAA8E0 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6899153fae8f7285b5d2bff4eb4fb7b27c2c1914b9042efe9365dc5ce442fd0e
                • Instruction ID: 3a95e6deb356e7b7c853344840f7beb0b996ce04bba5689527d27d3b0562749f
                • Opcode Fuzzy Hash: 6899153fae8f7285b5d2bff4eb4fb7b27c2c1914b9042efe9365dc5ce442fd0e
                • Instruction Fuzzy Hash: E6C08C33180248BBC712AE91CE02F02BF6AE790B60F000031B60446671C5B6E820F588
                Function 00FC6A70 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4a133ddafa95af8f576f0cc87808edfcfc4d7fb44a1f61d201654ba7d0e127c
                • Instruction ID: 1fddaa291cbec70980011ae9beecaff357a8797fe5c1a9e8664d9125daf411a2
                • Opcode Fuzzy Hash: c4a133ddafa95af8f576f0cc87808edfcfc4d7fb44a1f61d201654ba7d0e127c
                • Instruction Fuzzy Hash: DFD01236100289EFCB01DF40D951E5A7B2AFBC8710F108019FD19076118A35FD62DA50
                Function 00FB4A60 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c57894ee479f2bf1fa456dd11114bf2badc558ff45dd90bd3bc245de4e410f5
                • Instruction ID: 17de585a2ad0c2a3dfc2bfad021aa36e38fc9029eea3ebb3b372d4284dd2ceaf
                • Opcode Fuzzy Hash: 4c57894ee479f2bf1fa456dd11114bf2badc558ff45dd90bd3bc245de4e410f5
                • Instruction Fuzzy Hash: E6C08C302C1A009AEB261F20CF02F0036A5BB00F45F8404A0B304D90F1EB7CDC01FA04
                Function 00FCC5B9 Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a84cbc753116aafaeabfa2f281879aef338ef01a48113140bd4e76cbcbf8c45f
                • Instruction ID: f752fb6ea24bdde7da499664c1e3222da40c34f7a356f0ea1bfa73d923a94ddc
                • Opcode Fuzzy Hash: a84cbc753116aafaeabfa2f281879aef338ef01a48113140bd4e76cbcbf8c45f
                • Instruction Fuzzy Hash: 49C08C32080248BBCB126E41CE02F017B29E790BA0F000020F6080B5618536E861F588
                Function 00FAA9B0 Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a534c2095ed612a6f3d1dfbcbb6de3349d929a19cdfa840f139aabfb2e695a32
                • Instruction ID: e32c05acb1991182ed443205f33c5f61bd3a0f5db36679d96063ad52fa8c7706
                • Opcode Fuzzy Hash: a534c2095ed612a6f3d1dfbcbb6de3349d929a19cdfa840f139aabfb2e695a32
                • Instruction Fuzzy Hash: 22C08C33080248BBC7126E41CD02F01BF2AE790B60F000020BA040A671C536E860F58C
                Function 0108C9F3 Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f5d03ebbffed588d1e3226cf07138928f2ca8033c084a610919c6162006146e
                • Instruction ID: 5d2da45c9df8f72946e0b8450a77e514f23bf9a4c48867121e629e0483a55bb7
                • Opcode Fuzzy Hash: 1f5d03ebbffed588d1e3226cf07138928f2ca8033c084a610919c6162006146e
                • Instruction Fuzzy Hash: ACB012322225C4CFC7027B20CF01B1832AEBF017C0F0E00B8B500C5531D72C8810F602
                Function 01044053 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d344fbd4355c969dc52ef105f76103c3b11254ecb5a5101d0983c93198673084
                • Instruction ID: e78c6d33e17c1f01be27f7395bb92e56113b0181b47a7475b5e9bf78419c5ae0
                • Opcode Fuzzy Hash: d344fbd4355c969dc52ef105f76103c3b11254ecb5a5101d0983c93198673084
                • Instruction Fuzzy Hash: E0A011320208808BCB02AF00CA02F00B222BB08A00F8808A8A20282822822C8800AA00
                Function 00FF8540 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0f5da0e64581be9939870f1b98df132d5f2ca3d9adefa3107651fb9f13463a32
                • Instruction ID: f861ab061b9e3570adbe477e7dd0476cdd4e84728460a4209ff76598e1d25cc0
                • Opcode Fuzzy Hash: 0f5da0e64581be9939870f1b98df132d5f2ca3d9adefa3107651fb9f13463a32
                • Instruction Fuzzy Hash: D89002312010010391907158C86555A5105A7E2305BD1C411A0815654CC91888969321
                Function 00FF8880 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d251f787176b19ef659bd7c7aa663744633fcd555f9ea6615acde96ac50c468a
                • Instruction ID: 27e5156ee0e5ae5b0874175ca63912ce299f9ff49d295c3188f7cfce59d835fd
                • Opcode Fuzzy Hash: d251f787176b19ef659bd7c7aa663744633fcd555f9ea6615acde96ac50c468a
                • Instruction Fuzzy Hash: 259002216420014351507158C8554176005A7E13053D1E511E0854650CC51CCC96D239
                Function 00FF6BE0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4ed78fcc6024df25a9f4ca33dc1d90bd3ae7e473161846b241ce4ec6f1a7c2e
                • Instruction ID: b3ca1a1ce5b379825634d04d50c8b54cc676ffd207dbbb18d49e2c144353947d
                • Opcode Fuzzy Hash: a4ed78fcc6024df25a9f4ca33dc1d90bd3ae7e473161846b241ce4ec6f1a7c2e
                • Instruction Fuzzy Hash: 9C9002A1201140934510B258C455B1A550597E0305B91C016E1454660CC5298892D135
                Function 00FF6CD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db3dcfc23fd50913c7fe0112a646e1a956394c3a3acb8aca09b96a910238cd2e
                • Instruction ID: fdf1ded154fd44185516aa7da990e2f29fb150cf7192211bd11cc1d129e3528c
                • Opcode Fuzzy Hash: db3dcfc23fd50913c7fe0112a646e1a956394c3a3acb8aca09b96a910238cd2e
                • Instruction Fuzzy Hash: ED90023160500803D1607158C465756100597D0305F91C011A0424754DC7598A96B6A1
                Function 00FF6CB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e91c1d94dc9b24a77253cdc2f8ff65c00199666bb40402da1b077d598c62bc1
                • Instruction ID: bb01a41621024e1324de109d28cb55386948a2db24d837a1c2b0ee2666da1686
                • Opcode Fuzzy Hash: 0e91c1d94dc9b24a77253cdc2f8ff65c00199666bb40402da1b077d598c62bc1
                • Instruction Fuzzy Hash: 5490023120100803D1147158C855696100597D0305F91C011A6424755ED66988D2B131
                Function 00FF6C20 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f90e133d7104699e820659fd9efacf5a5e225330d427549801c2c3f78a874ddd
                • Instruction ID: 365efc726f9ea11258fe9631d38669fbceff292fa75b4da70265bb7455d11bae
                • Opcode Fuzzy Hash: f90e133d7104699e820659fd9efacf5a5e225330d427549801c2c3f78a874ddd
                • Instruction Fuzzy Hash: 17900225221000030155B558865551B1445A7D63553D1C015F1816690CC62588A69321
                Function 00FF6C00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb7ffc1df4df04704ea725a17d2be34184523fadcb42bb0d5a53d9ca51107e0e
                • Instruction ID: 651e8b74ab927f70afc1ebf64cc8a9ec1a5e42174aec013c66faa185e389b409
                • Opcode Fuzzy Hash: fb7ffc1df4df04704ea725a17d2be34184523fadcb42bb0d5a53d9ca51107e0e
                • Instruction Fuzzy Hash: 49900435311000030115F55CC7555171047D7D53553D1C031F1415750CD735CCF3D131
                Function 00FF6DF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e792f4651c7f1720166885c3db1aa6a2279621055267b7b3757c1e48a0d428a7
                • Instruction ID: af29efe000c8f007c2037923297f6a148b31c0e18f565b54226d8e939214ed9c
                • Opcode Fuzzy Hash: e792f4651c7f1720166885c3db1aa6a2279621055267b7b3757c1e48a0d428a7
                • Instruction Fuzzy Hash: 1790022160500403D1507158D469716101597D0305F91D011A0424654DC65D8A96A6A1
                Function 00FF6DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15c9bfd9c9ef60eda528910e187e6583b92ae639ea44e40ffdac0a72eb19aad8
                • Instruction ID: 738ca4363df13167d72a8190cf9e837b60e57942cb46c611b8b0e5585a6b9021
                • Opcode Fuzzy Hash: 15c9bfd9c9ef60eda528910e187e6583b92ae639ea44e40ffdac0a72eb19aad8
                • Instruction Fuzzy Hash: 2D90023120100403D1107598D459656100597E0305F91D011A5424655EC66988D2A131
                Function 00FF6D90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19bdf03ab01df8c52d30d2b6f376cf128564987e48bda0140a62a547de5aab88
                • Instruction ID: fecfc5f112202c2d4cad88250cb255bfbcdda1494f5e5f4c76c7b965a4b56510
                • Opcode Fuzzy Hash: 19bdf03ab01df8c52d30d2b6f376cf128564987e48bda0140a62a547de5aab88
                • Instruction Fuzzy Hash: C890023120100843D1107158C455B56100597E0305F91C016A0524754DC619C892B521
                Function 00FF6D20 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7554a5e4ad8ed9aabf6eb81afb3133fee409e4292b309ca18944b186993d48
                • Instruction ID: f1685ec03a7cb177d42cfc6981aa9bc3e2fd98361714784d162e5afe56a4b106
                • Opcode Fuzzy Hash: 6c7554a5e4ad8ed9aabf6eb81afb3133fee409e4292b309ca18944b186993d48
                • Instruction Fuzzy Hash: AE90023120100803D1907158C45565A100597D1305FD1C015A0425754DCA198A9AB7A1
                Function 00FF6D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0a1b64ad99e7150a7d17ce5bed02e066e10926173891f1ca9f3551cc183f259f
                • Instruction ID: 15e6c6ad6bd0d634cc9ac9c1927b34f273a0ef5a7245247a0a5a484ac3f237ec
                • Opcode Fuzzy Hash: 0a1b64ad99e7150a7d17ce5bed02e066e10926173891f1ca9f3551cc183f259f
                • Instruction Fuzzy Hash: 8E90023120504843D1507158C455A56101597D0309F91C011A0464794DD6298D96F661
                Function 00FF6EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 66ddbd694792c991d82412b2ed05f991a926a355cc6ee8cca051664dbd60bfc2
                • Instruction ID: 076220141a086f32efc8eda5e0df3241e33244c72f6059d4ea9748c7375dc3f5
                • Opcode Fuzzy Hash: 66ddbd694792c991d82412b2ed05f991a926a355cc6ee8cca051664dbd60bfc2
                • Instruction Fuzzy Hash: F490023124100403D1517158C4556161009A7D0345FD1C012A0824654EC6598A97EA61
                Function 00FF6E60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fe8bbcd9cc32c87f9098141020e6c8dfcdddccd59acd07232d35c35907ba2173
                • Instruction ID: 7eb5392df5bd4f36b6d0344c1ba99048ad34db2a68cae58651f187c4314ed443
                • Opcode Fuzzy Hash: fe8bbcd9cc32c87f9098141020e6c8dfcdddccd59acd07232d35c35907ba2173
                • Instruction Fuzzy Hash: 5E90022130100003D1507158D4696165005E7E1305F91D011E0814654CD91988979222
                Function 00FF6E40 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2517c3d355ecb7ecfae399a054a4c274b98b6e931d0f6c8c23bf69a00e2f80e4
                • Instruction ID: 96be762b0a358d7673c491dd8bb5d219819e434f9df926d850fb7bbdcc781528
                • Opcode Fuzzy Hash: 2517c3d355ecb7ecfae399a054a4c274b98b6e931d0f6c8c23bf69a00e2f80e4
                • Instruction Fuzzy Hash: 1490022921300003D1907158D45961A100597D1306FD1D415A0415658CC91988AA9321
                Function 00FF6E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 159a3832e0c6b17509929b8aba80477983194bf46b5f2a618d00020e20e8a689
                • Instruction ID: 695d7642b784c45052a7e1d7cd6c6ffd3d4ba7787bfe1c5b9aefaa517d5c329a
                • Opcode Fuzzy Hash: 159a3832e0c6b17509929b8aba80477983194bf46b5f2a618d00020e20e8a689
                • Instruction Fuzzy Hash: B890022120504443D1107558D459A16100597D0309F91D011A1464695DC6398892E131
                Function 00FF6E20 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a5b731a6a424d8455c17972ee5ba4e0b0c904a295e98f346f21d609247394be1
                • Instruction ID: 38d8682890603df7ba36bf39ff2e77d245b4f9c5bbd5d685ae99aca1c6e3eaba
                • Opcode Fuzzy Hash: a5b731a6a424d8455c17972ee5ba4e0b0c904a295e98f346f21d609247394be1
                • Instruction Fuzzy Hash: 2190023120100403D1107158D559717100597D0305F91D411A0824658DD65A8892A121
                Function 00FF6FD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1320031be706fff275b7eb7068948aa055484db1edb549639624a2b2e4db19f
                • Instruction ID: 5b03bd0b8ecd83718f5cf41f420206c99892af78bdc36b851036ee120a1df9ea
                • Opcode Fuzzy Hash: e1320031be706fff275b7eb7068948aa055484db1edb549639624a2b2e4db19f
                • Instruction Fuzzy Hash: 2890027120100403D1507158C455756100597D0305F91C011A5464654EC65D8DD6A665
                Function 00FF6FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f359ee5406c76076faf247bc3c1fe2c04f955e2fa084a364f57a66595178bbf
                • Instruction ID: 35d95f0374ce2609db42532767931da8a026390646c2f06cca360bea53901dea
                • Opcode Fuzzy Hash: 9f359ee5406c76076faf247bc3c1fe2c04f955e2fa084a364f57a66595178bbf
                • Instruction Fuzzy Hash: D690022160100503D1117158C455626100A97D0345FD1C022A1424655ECA2989D3E131
                Function 00FF6F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 522de6fb4f1b350df430d7aa5208a6b9b047862341ede4b4735168fbf9b9c737
                • Instruction ID: a557c7cd6ffe33e999ed7b2ff6baccdd9d053ae1b7019cfe663a33341b045106
                • Opcode Fuzzy Hash: 522de6fb4f1b350df430d7aa5208a6b9b047862341ede4b4735168fbf9b9c737
                • Instruction Fuzzy Hash: 7790022130100403D1127158C4656161009D7D1349FD1C012E1824655DC6298993E132
                Function 00FF6F00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e6f7dfaa4531a52b4f434206e025d34328d4858f3527b0866177e1499ec0a7c9
                • Instruction ID: b788bcefc6aa650fd966feb20f60e3e75021237147aa6d2335650032ec3b8875
                • Opcode Fuzzy Hash: e6f7dfaa4531a52b4f434206e025d34328d4858f3527b0866177e1499ec0a7c9
                • Instruction Fuzzy Hash: 91900221242041535555B158C4555175006A7E03457D1C012A1814A50CC52A9897D621
                Function 00FF70E0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 535f0d84c4ce61036fce3ff1c0c994fdc2df6a55653a5d9d1b8ff5cc8cc8432b
                • Instruction ID: 23725bf1ad813d7321e9f0ce6b4a00a2f6b0e487a3dae8b51b79e116dfde66a8
                • Opcode Fuzzy Hash: 535f0d84c4ce61036fce3ff1c0c994fdc2df6a55653a5d9d1b8ff5cc8cc8432b
                • Instruction Fuzzy Hash: 6F9002216010004341507168C8959165005BBE1315791C121A0D98650DC55D88A69665
                Function 00FF70D0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed803b7a18758760c3daeb5206487ebecce93951fcb2a374bd80379ea91ea1ba
                • Instruction ID: e29d6e01ec687489a859c16ae292cd5c3931d34aeec9f6d8d60077117968d43d
                • Opcode Fuzzy Hash: ed803b7a18758760c3daeb5206487ebecce93951fcb2a374bd80379ea91ea1ba
                • Instruction Fuzzy Hash: F690023120140403D1107158C859757100597D0306F91C011A5564655EC669C8D2A531
                Function 00FF70C0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 132cdd86655de55599ed72fbd64925a7eb9acef81058717d029aa6d2c46ad618
                • Instruction ID: 9c5b1dc0c90c92ce693c72cd39175e1d059bfafaf99ed6d9c8a031a1506f2905
                • Opcode Fuzzy Hash: 132cdd86655de55599ed72fbd64925a7eb9acef81058717d029aa6d2c46ad618
                • Instruction Fuzzy Hash: BF90023120140403D1107158C86571B100597D0306F91C011A1564655DC6298892A571
                Function 00FF7090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abbda055e7a845823d534a040adb422d8b0458608ddcbb6c0193739289b2a6aa
                • Instruction ID: 5b586028c597759c9deaddcdf7782924bef94d1fc53cbc3289b10b7abe22c3fe
                • Opcode Fuzzy Hash: abbda055e7a845823d534a040adb422d8b0458608ddcbb6c0193739289b2a6aa
                • Instruction Fuzzy Hash: 1290026121100043D1147158C455716104597E1305F91C012A2554654CC52D8CA29125
                Function 00FF7060 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb7f2a52a533700311fde8ae0b8ec47a0a86ad1f3cfcb73ab245b5fca15cea77
                • Instruction ID: b1b61f0e82cc6fe29e546608d0fcb5e9e8f7fcade916100fedd918aa7d75236f
                • Opcode Fuzzy Hash: eb7f2a52a533700311fde8ae0b8ec47a0a86ad1f3cfcb73ab245b5fca15cea77
                • Instruction Fuzzy Hash: 6990026134100443D1107158C465B161005D7E1305F91C015E1464654DC61DCC93A126
                Function 00FF7010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9ebd32fa9e8f9f207a0583b476839214c460d94e09e94fad55508a12f1245d87
                • Instruction ID: ba46448a96d5e2ab046aa84e17bf3a04f349c606694f1c7f62eb06ebdd0fb7b0
                • Opcode Fuzzy Hash: 9ebd32fa9e8f9f207a0583b476839214c460d94e09e94fad55508a12f1245d87
                • Instruction Fuzzy Hash: 3E90026120140403D1507558C855617100597D0306F91C011A2464655ECA2D8C92A135
                Function 00FF71C0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 23f300846a9db9d7e83473db56e5c54fdc650706f38597da3acaf17cdfab8275
                • Instruction ID: e6fccdb63a743892967d48298e1588483181053b6ab6709259e321f6693c636e
                • Opcode Fuzzy Hash: 23f300846a9db9d7e83473db56e5c54fdc650706f38597da3acaf17cdfab8275
                • Instruction Fuzzy Hash: C090022124100803D1507158C4657171006D7D0705F91C011A0424654DC61A89A6A6B1
                Function 00FF7140 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e583f2f48d2ce1b115e5b092503be28aa08248da421a8bc632cfbb2b9a42bee5
                • Instruction ID: 67da64fdbf5e11369894c53fa75c404476afa2231d0dd23c686315f32ad88f72
                • Opcode Fuzzy Hash: e583f2f48d2ce1b115e5b092503be28aa08248da421a8bc632cfbb2b9a42bee5
                • Instruction Fuzzy Hash: 8890022120144443D1507258C855B1F510597E1306FD1C019A4556654CC91988969721
                Function 00FF7110 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ccabb6f2ab4ddd89ce6e8bfa3d89beecf68cc2367d7e4a69026ec4bb813d4048
                • Instruction ID: b8ed58f6a16499aa43f18a4d2e549801c5f091bc6527e5eee2a8ba631ba743dc
                • Opcode Fuzzy Hash: ccabb6f2ab4ddd89ce6e8bfa3d89beecf68cc2367d7e4a69026ec4bb813d4048
                • Instruction Fuzzy Hash: A790022121180043D2107568CC65B17100597D0307F91C115A0554654CC91988A29521
                Function 00FF6D30 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 81d7d4606a3281e0f3c98fa407bf53915ae4d453030727faa6e3afcfc070b5e5
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 01068D80 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 188COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: b25006fd99a7307efd9e39e44e4df7126d5e509d7a2b3feb2ac58533e5c69559
                • Instruction ID: cf8f720d5f347f77263013c6982790d0e444e6fbca29ec23923185ddf0ab3b63
                • Opcode Fuzzy Hash: b25006fd99a7307efd9e39e44e4df7126d5e509d7a2b3feb2ac58533e5c69559
                • Instruction Fuzzy Hash: 1A51C3B5B007559ECB61DF9DCC8097EB7FDAF54300B04C89AE5D6D3681E670DA448760
                Function 00FF6A50 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 1aaae4bb0e4a23cdc572a5f04055e8143193dae7da62a1151715d16f3ab29f63
                • Instruction ID: dd948e91c768bfb80573d8901aa26545e033108e13976b8eb683ca635fecf20c
                • Opcode Fuzzy Hash: 1aaae4bb0e4a23cdc572a5f04055e8143193dae7da62a1151715d16f3ab29f63
                • Instruction Fuzzy Hash: 69511AB5E0015ABBCB10DF98C88097DFBB8BF48710B14C55AE695E7681D734DE50E7A0
                Function 00FFFB64 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 234COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: __aulldiv__aullrem
                • String ID: +$-$0$0
                • API String ID: 3839614884-699404926
                • Opcode ID: 64d0c29c9e6d6ca4d85de2ab7744a773d3c5d3d97aed02f8dcf833733cfa2e25
                • Instruction ID: 5beae5ecf83fd1b40e9b171b47eb684583ae5aad70247c30ee8ab891b74d61ca
                • Opcode Fuzzy Hash: 64d0c29c9e6d6ca4d85de2ab7744a773d3c5d3d97aed02f8dcf833733cfa2e25
                • Instruction Fuzzy Hash: D171EE31E0021E9EDF248E64C8917BD7BA2AF49370F280679DB61E72F1D7748E49A714
                Function 01068A50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: 928d3e97f8416906ddd634df5fca76b1d34d0b18327edb6d7ea5ddda6846c3c0
                • Instruction ID: 7464ec66218592ec5e9068657ba2bd09bdb5e0543fe8e6e3b78c3782c6c8d4ba
                • Opcode Fuzzy Hash: 928d3e97f8416906ddd634df5fca76b1d34d0b18327edb6d7ea5ddda6846c3c0
                • Instruction Fuzzy Hash: 632151B6A00219AB9B51DE69DC409FF7BFCEF54744B084166E985D3241EB34DA01DBA0
                Function 00FE5950 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 404COMMON
                Download Yara Rule
                Strings
                • RTL: Re-Waiting, xrefs: 0102AADF
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0102AA64
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0102AA95
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 2c7b15d55759ce645442c96a3f71e29a3c2a952bd72895b622d0f12b9d74858b
                • Instruction ID: c8d6202aeb0f8b09a704b096654b95738629e1327109fd7e3a8fccd57cbfe9e9
                • Opcode Fuzzy Hash: 2c7b15d55759ce645442c96a3f71e29a3c2a952bd72895b622d0f12b9d74858b
                • Instruction Fuzzy Hash: DEF1CF71608B81CFD725CF29C840B2AB7E1BF84728F240A6DF1A58B6D1DB74D945DB42
                Function 00FEF330 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                Download Yara Rule
                Strings
                • RTL: Re-Waiting, xrefs: 0102ED53
                • RTL: Resource at %p, xrefs: 0102ED35
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 0102ED26
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: 25b1171af5d4871ee05748cd069ee3d33ab5f146d2f8878cc2b6a1380e81d6ed
                • Instruction ID: 5a4a93919836dfa52dd2c3dc9233cb50d094d90284480bc26eaf6f43499acce3
                • Opcode Fuzzy Hash: 25b1171af5d4871ee05748cd069ee3d33ab5f146d2f8878cc2b6a1380e81d6ed
                • Instruction Fuzzy Hash: B9410831604742AFD7209E1ACC40B6777E5EF98320F20862DF59A97280DB71F445EB91
                Function 00FEE990 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0102E455
                Strings
                • RTL: Re-Waiting, xrefs: 0102E48A
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 0102E45D
                • RTL: Resource at %p, xrefs: 0102E46C
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: ea901fb4532cb6b6393e401d0308c4d47f1fd4d283fbe77a0a28700d9ff7e71c
                • Instruction ID: 5470aaf4d338037f22b0794bf6a00c7816adb68ad4e51caa5045819b84f65506
                • Opcode Fuzzy Hash: ea901fb4532cb6b6393e401d0308c4d47f1fd4d283fbe77a0a28700d9ff7e71c
                • Instruction Fuzzy Hash: 58411531740756ABDB10DE25CC41B6AB7E5FF94324F104A29EAC89B281DB31F841ABD2
                Function 01068C70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: 9a2a680ec622211848bcc7cceec02b773640d8c63233a1864889071a56f9871e
                • Instruction ID: e84e6c48f57ce32be90449e03e8a3d00b390c06d73d7edb2f8f6c001ecc2bbe8
                • Opcode Fuzzy Hash: 9a2a680ec622211848bcc7cceec02b773640d8c63233a1864889071a56f9871e
                • Instruction Fuzzy Hash: A33186766002199FDB60EF29DC40BEE77FCBF24740F444596E989D3240EB31AA448BA0
                Function 00FE04C3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.12108684082.0000000000F80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F80000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f80000_PO_62401394_MITech_20250601.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: 8c87780fc814605ee0434a599ac5c58f257c50dd4a715da4ff1a3300267c15ff
                • Instruction ID: 8d34150817ee82fe3477cc377f6d50608f802e58191fb026ab93025e73f424d2
                • Opcode Fuzzy Hash: 8c87780fc814605ee0434a599ac5c58f257c50dd4a715da4ff1a3300267c15ff
                • Instruction Fuzzy Hash: 7B813772D012799BDB21CB54CC45BDEBBB8AB44714F0481DAEA09B7280DB749E85DFA0