Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WF2DL1l7E8.exe

Overview

General Information

Sample name:WF2DL1l7E8.exe
renamed because original name is a hash value
Original sample name:f6a7681d3c21527e2412d75e5a16907bedea96a7d32eb3b3f163fad5ec348b4c.exe
Analysis ID:1587666
MD5:b72c51b48fe564524bb03fd2fe0e2747
SHA1:353f023689392d3ba12d89571296ed0642570848
SHA256:f6a7681d3c21527e2412d75e5a16907bedea96a7d32eb3b3f163fad5ec348b4c
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • WF2DL1l7E8.exe (PID: 7420 cmdline: "C:\Users\user\Desktop\WF2DL1l7E8.exe" MD5: B72C51B48FE564524BB03FD2FE0E2747)
    • WF2DL1l7E8.exe (PID: 7624 cmdline: "C:\Users\user\Desktop\WF2DL1l7E8.exe" MD5: B72C51B48FE564524BB03FD2FE0E2747)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1872786203.00000000013C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Process Memory Space: WF2DL1l7E8.exe PID: 7420JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.WF2DL1l7E8.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.WF2DL1l7E8.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: WF2DL1l7E8.exeReversingLabs: Detection: 71%
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.WF2DL1l7E8.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.WF2DL1l7E8.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1872786203.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: WF2DL1l7E8.exeJoe Sandbox ML: detected
            Source: WF2DL1l7E8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: WF2DL1l7E8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: WF2DL1l7E8.exe, 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: WF2DL1l7E8.exe, WF2DL1l7E8.exe, 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp
            Source: WF2DL1l7E8.exeString found in binary or memory: http://www.elderscrolls.com/skyrim/character
            Source: WF2DL1l7E8.exeString found in binary or memory: http://www.elderscrolls.com/skyrim/characterT
            Source: WF2DL1l7E8.exe, 00000000.00000002.1335791442.00000000025FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.elderscrolls.com/skyrim/player

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.WF2DL1l7E8.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.WF2DL1l7E8.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1872786203.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0042C953 NtClose,3_2_0042C953
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01492DF0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01492C70
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014935C0 NtCreateMutant,LdrInitializeThunk,3_2_014935C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01494340 NtSetContextThread,3_2_01494340
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01494650 NtSuspendThread,3_2_01494650
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492B60 NtClose,3_2_01492B60
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492BE0 NtQueryValueKey,3_2_01492BE0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492BF0 NtAllocateVirtualMemory,3_2_01492BF0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492B80 NtQueryInformationFile,3_2_01492B80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492BA0 NtEnumerateValueKey,3_2_01492BA0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492AD0 NtReadFile,3_2_01492AD0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492AF0 NtWriteFile,3_2_01492AF0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492AB0 NtWaitForSingleObject,3_2_01492AB0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492D00 NtSetInformationFile,3_2_01492D00
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492D10 NtMapViewOfSection,3_2_01492D10
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492D30 NtUnmapViewOfSection,3_2_01492D30
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492DD0 NtDelayExecution,3_2_01492DD0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492DB0 NtEnumerateKey,3_2_01492DB0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492C60 NtCreateKey,3_2_01492C60
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492C00 NtQueryInformationProcess,3_2_01492C00
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492CC0 NtQueryVirtualMemory,3_2_01492CC0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492CF0 NtOpenProcess,3_2_01492CF0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492CA0 NtQueryInformationToken,3_2_01492CA0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492F60 NtCreateProcessEx,3_2_01492F60
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492F30 NtCreateSection,3_2_01492F30
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492FE0 NtCreateFile,3_2_01492FE0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492F90 NtProtectVirtualMemory,3_2_01492F90
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492FA0 NtQuerySection,3_2_01492FA0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492FB0 NtResumeThread,3_2_01492FB0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492E30 NtWriteVirtualMemory,3_2_01492E30
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492EE0 NtQueueApcThread,3_2_01492EE0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492E80 NtReadVirtualMemory,3_2_01492E80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492EA0 NtAdjustPrivilegesToken,3_2_01492EA0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01493010 NtOpenDirectoryObject,3_2_01493010
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01493090 NtSetValueKey,3_2_01493090
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014939B0 NtGetContextThread,3_2_014939B0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01493D70 NtOpenThread,3_2_01493D70
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01493D10 NtOpenProcessToken,3_2_01493D10
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A727310_2_04A72731
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A708710_2_04A70871
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A714200_2_04A71420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A79C6C0_2_04A79C6C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A71C590_2_04A71C59
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A744880_2_04A74488
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A744980_2_04A74498
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A7A3C00_2_04A7A3C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A756A20_2_04A756A2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A756B00_2_04A756B0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A752F80_2_04A752F8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A7138F0_2_04A7138F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A758C10_2_04A758C1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A758D00_2_04A758D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A75B210_2_04A75B21
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A75B300_2_04A75B30
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A75B5B0_2_04A75B5B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_091469180_2_09146918
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_0914F6C00_2_0914F6C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_0914690A0_2_0914690A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_091498A80_2_091498A8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_0914BCB80_2_0914BCB8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_0914BCA70_2_0914BCA7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09149CD10_2_09149CD1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09149CE00_2_09149CE0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_0914C0F00_2_0914C0F0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_0914B3880_2_0914B388
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A56B2C0_2_09A56B2C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A58F270_2_09A58F27
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A583920_2_09A58392
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A512200_2_09A51220
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A512110_2_09A51211
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0041021B3_2_0041021B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_004012203_2_00401220
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_004102233_2_00410223
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_004022DE3_2_004022DE
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_004022E03_2_004022E0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00416BCE3_2_00416BCE
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00416BD33_2_00416BD3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_004104433_2_00410443
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0040E4633_2_0040E463
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0040E5B33_2_0040E5B3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0040262C3_2_0040262C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_004026303_2_00402630
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00402F503_2_00402F50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0042EF233_2_0042EF23
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E81583_2_014E8158
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014501003_2_01450100
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FA1183_2_014FA118
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015181CC3_2_015181CC
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015141A23_2_015141A2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015201AA3_2_015201AA
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F20003_2_014F2000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151A3523_2_0151A352
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015203E63_2_015203E6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146E3F03_2_0146E3F0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015002743_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E02C03_2_014E02C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014605353_2_01460535
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015205913_2_01520591
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015124463_2_01512446
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015044203_2_01504420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150E4F63_2_0150E4F6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014847503_2_01484750
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014607703_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145C7C03_2_0145C7C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147C6E03_2_0147C6E0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014769623_2_01476962
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A03_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0152A9A63_2_0152A9A6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014628403_2_01462840
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146A8403_2_0146A840
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E8F03_2_0148E8F0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014468B83_2_014468B8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151AB403_2_0151AB40
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01516BD73_2_01516BD7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA803_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146AD003_2_0146AD00
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FCD1F3_2_014FCD1F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145ADE03_2_0145ADE0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01478DBF3_2_01478DBF
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460C003_2_01460C00
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01450CF23_2_01450CF2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500CB53_2_01500CB5
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D4F403_2_014D4F40
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01502F303_2_01502F30
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014A2F283_2_014A2F28
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01480F303_2_01480F30
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01452FC83_2_01452FC8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146CFE03_2_0146CFE0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DEFA03_2_014DEFA0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460E593_2_01460E59
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151EE263_2_0151EE26
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151EEDB3_2_0151EEDB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151CE933_2_0151CE93
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01472E903_2_01472E90
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0149516C3_2_0149516C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144F1723_2_0144F172
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0152B16B3_2_0152B16B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146B1B03_2_0146B1B0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014670C03_2_014670C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150F0CC3_2_0150F0CC
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151F0E03_2_0151F0E0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015170E93_2_015170E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144D34C3_2_0144D34C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151132D3_2_0151132D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014A739A3_2_014A739A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147B2C03_2_0147B2C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015012ED3_2_015012ED
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014652A03_2_014652A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015175713_2_01517571
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015295C33_2_015295C3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FD5B03_2_014FD5B0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014514603_2_01451460
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151F43F3_2_0151F43F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151F7B03_2_0151F7B0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014A56303_2_014A5630
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015116CC3_2_015116CC
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014699503_2_01469950
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147B9503_2_0147B950
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F59103_2_014F5910
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CD8003_2_014CD800
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014638E03_2_014638E0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151FB763_2_0151FB76
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0149DBF93_2_0149DBF9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D5BF03_2_014D5BF0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147FB803_2_0147FB80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01517A463_2_01517A46
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151FA493_2_0151FA49
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D3A6C3_2_014D3A6C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150DAC63_2_0150DAC6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FDAAC3_2_014FDAAC
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014A5AA03_2_014A5AA0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01501AA33_2_01501AA3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01463D403_2_01463D40
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01511D5A3_2_01511D5A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01517D733_2_01517D73
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147FDC03_2_0147FDC0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D9C323_2_014D9C32
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151FCF23_2_0151FCF2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151FF093_2_0151FF09
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01423FD23_2_01423FD2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01423FD53_2_01423FD5
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01461F923_2_01461F92
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151FFB13_2_0151FFB1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01469EB03_2_01469EB0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: String function: 0144B970 appears 280 times
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: String function: 014DF290 appears 105 times
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: String function: 01495130 appears 58 times
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: String function: 014CEA12 appears 86 times
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: String function: 014A7E54 appears 111 times
            Source: WF2DL1l7E8.exe, 00000000.00000002.1344957546.00000000074D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs WF2DL1l7E8.exe
            Source: WF2DL1l7E8.exe, 00000000.00000002.1335035397.000000000077E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs WF2DL1l7E8.exe
            Source: WF2DL1l7E8.exe, 00000000.00000002.1347414721.0000000009450000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs WF2DL1l7E8.exe
            Source: WF2DL1l7E8.exe, 00000000.00000000.1303980777.000000000030C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOtgUS.exeL vs WF2DL1l7E8.exe
            Source: WF2DL1l7E8.exe, 00000000.00000002.1336966771.0000000003DF9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs WF2DL1l7E8.exe
            Source: WF2DL1l7E8.exe, 00000000.00000002.1335791442.000000000264C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs WF2DL1l7E8.exe
            Source: WF2DL1l7E8.exe, 00000003.00000002.1872945700.000000000154D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs WF2DL1l7E8.exe
            Source: WF2DL1l7E8.exeBinary or memory string: OriginalFilenameOtgUS.exeL vs WF2DL1l7E8.exe
            Source: WF2DL1l7E8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: WF2DL1l7E8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal76.troj.evad.winEXE@3/1@0/0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WF2DL1l7E8.exe.logJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMutant created: NULL
            Source: WF2DL1l7E8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: WF2DL1l7E8.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: WF2DL1l7E8.exeReversingLabs: Detection: 71%
            Source: unknownProcess created: C:\Users\user\Desktop\WF2DL1l7E8.exe "C:\Users\user\Desktop\WF2DL1l7E8.exe"
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess created: C:\Users\user\Desktop\WF2DL1l7E8.exe "C:\Users\user\Desktop\WF2DL1l7E8.exe"
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess created: C:\Users\user\Desktop\WF2DL1l7E8.exe "C:\Users\user\Desktop\WF2DL1l7E8.exe"Jump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeSection loaded: iconcodecservice.dllJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: WF2DL1l7E8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: WF2DL1l7E8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: WF2DL1l7E8.exe, 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: WF2DL1l7E8.exe, WF2DL1l7E8.exe, 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_04A728F6 pushfd ; ret 0_2_04A728F8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09145A68 push esp; ret 0_2_09145A69
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09146592 push eax; retf 0_2_09146599
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A54080 push es; retn 0004h0_2_09A54090
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A52720 push es; ret 0_2_09A52736
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A526E0 push es; ret 0_2_09A526F6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A526C0 push es; ret 0_2_09A526D6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 0_2_09A52649 push es; ret 0_2_09A526D6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_004031D0 push eax; ret 3_2_004031D2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_004169E7 push 0F6CFD2Bh; ret 3_2_00416A18
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00423A0A push esp; ret 3_2_00423A0D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00419359 push ds; ret 3_2_0041935B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00408325 push dword ptr [ebx+5Dh]; ret 3_2_0040830B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00417388 push edi; ret 3_2_0041738D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00419477 push edx; ret 3_2_00419485
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00408403 push 00000074h; iretd 3_2_0040840B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00417411 push eax; ret 3_2_00417414
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00411D6F push ds; iretd 3_2_00411DBD
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00411D7B push ds; iretd 3_2_00411DBD
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0041758A push ebp; ret 3_2_004175A6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0040D66A push ecx; iretd 3_2_0040D6D9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00414E05 push cs; retf 3_2_00414E14
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0040860D push cs; retf 3_2_0040860E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00413E93 pushfd ; ret 3_2_00413F00
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00413EBC pushfd ; ret 3_2_00413F00
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0142225F pushad ; ret 3_2_014227F9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014227FA pushad ; ret 3_2_014227F9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014509AD push ecx; mov dword ptr [esp], ecx3_2_014509B6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0142283D push eax; iretd 3_2_01422858
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0142135E push eax; iretd 3_2_01421369
            Source: WF2DL1l7E8.exeStatic PE information: section name: .text entropy: 7.738271138377228
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: WF2DL1l7E8.exe PID: 7420, type: MEMORYSTR
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: 2540000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: 25F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: 2540000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: 4BE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: 5BE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: 5D10000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: 6D10000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: 9A60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: AA60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: AEF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: BEF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0149096E rdtsc 3_2_0149096E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeAPI coverage: 0.6 %
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exe TID: 7440Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exe TID: 7628Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0149096E rdtsc 3_2_0149096E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_00417B63 LdrLoadDll,3_2_00417B63
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E4144 mov eax, dword ptr fs:[00000030h]3_2_014E4144
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E4144 mov eax, dword ptr fs:[00000030h]3_2_014E4144
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E4144 mov ecx, dword ptr fs:[00000030h]3_2_014E4144
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E4144 mov eax, dword ptr fs:[00000030h]3_2_014E4144
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E4144 mov eax, dword ptr fs:[00000030h]3_2_014E4144
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456154 mov eax, dword ptr fs:[00000030h]3_2_01456154
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456154 mov eax, dword ptr fs:[00000030h]3_2_01456154
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144C156 mov eax, dword ptr fs:[00000030h]3_2_0144C156
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E8158 mov eax, dword ptr fs:[00000030h]3_2_014E8158
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524164 mov eax, dword ptr fs:[00000030h]3_2_01524164
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524164 mov eax, dword ptr fs:[00000030h]3_2_01524164
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov eax, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov ecx, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov eax, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov eax, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov ecx, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov eax, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov eax, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov ecx, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov eax, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE10E mov ecx, dword ptr fs:[00000030h]3_2_014FE10E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01510115 mov eax, dword ptr fs:[00000030h]3_2_01510115
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FA118 mov ecx, dword ptr fs:[00000030h]3_2_014FA118
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FA118 mov eax, dword ptr fs:[00000030h]3_2_014FA118
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FA118 mov eax, dword ptr fs:[00000030h]3_2_014FA118
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FA118 mov eax, dword ptr fs:[00000030h]3_2_014FA118
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01480124 mov eax, dword ptr fs:[00000030h]3_2_01480124
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015161C3 mov eax, dword ptr fs:[00000030h]3_2_015161C3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015161C3 mov eax, dword ptr fs:[00000030h]3_2_015161C3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE1D0 mov eax, dword ptr fs:[00000030h]3_2_014CE1D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE1D0 mov eax, dword ptr fs:[00000030h]3_2_014CE1D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE1D0 mov ecx, dword ptr fs:[00000030h]3_2_014CE1D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE1D0 mov eax, dword ptr fs:[00000030h]3_2_014CE1D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE1D0 mov eax, dword ptr fs:[00000030h]3_2_014CE1D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014801F8 mov eax, dword ptr fs:[00000030h]3_2_014801F8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015261E5 mov eax, dword ptr fs:[00000030h]3_2_015261E5
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01490185 mov eax, dword ptr fs:[00000030h]3_2_01490185
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F4180 mov eax, dword ptr fs:[00000030h]3_2_014F4180
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F4180 mov eax, dword ptr fs:[00000030h]3_2_014F4180
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D019F mov eax, dword ptr fs:[00000030h]3_2_014D019F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D019F mov eax, dword ptr fs:[00000030h]3_2_014D019F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D019F mov eax, dword ptr fs:[00000030h]3_2_014D019F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D019F mov eax, dword ptr fs:[00000030h]3_2_014D019F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144A197 mov eax, dword ptr fs:[00000030h]3_2_0144A197
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144A197 mov eax, dword ptr fs:[00000030h]3_2_0144A197
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144A197 mov eax, dword ptr fs:[00000030h]3_2_0144A197
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150C188 mov eax, dword ptr fs:[00000030h]3_2_0150C188
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150C188 mov eax, dword ptr fs:[00000030h]3_2_0150C188
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01452050 mov eax, dword ptr fs:[00000030h]3_2_01452050
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D6050 mov eax, dword ptr fs:[00000030h]3_2_014D6050
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147C073 mov eax, dword ptr fs:[00000030h]3_2_0147C073
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D4000 mov ecx, dword ptr fs:[00000030h]3_2_014D4000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F2000 mov eax, dword ptr fs:[00000030h]3_2_014F2000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F2000 mov eax, dword ptr fs:[00000030h]3_2_014F2000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F2000 mov eax, dword ptr fs:[00000030h]3_2_014F2000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F2000 mov eax, dword ptr fs:[00000030h]3_2_014F2000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F2000 mov eax, dword ptr fs:[00000030h]3_2_014F2000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F2000 mov eax, dword ptr fs:[00000030h]3_2_014F2000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F2000 mov eax, dword ptr fs:[00000030h]3_2_014F2000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F2000 mov eax, dword ptr fs:[00000030h]3_2_014F2000
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146E016 mov eax, dword ptr fs:[00000030h]3_2_0146E016
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146E016 mov eax, dword ptr fs:[00000030h]3_2_0146E016
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146E016 mov eax, dword ptr fs:[00000030h]3_2_0146E016
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146E016 mov eax, dword ptr fs:[00000030h]3_2_0146E016
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144A020 mov eax, dword ptr fs:[00000030h]3_2_0144A020
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144C020 mov eax, dword ptr fs:[00000030h]3_2_0144C020
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E6030 mov eax, dword ptr fs:[00000030h]3_2_014E6030
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D20DE mov eax, dword ptr fs:[00000030h]3_2_014D20DE
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0144A0E3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014580E9 mov eax, dword ptr fs:[00000030h]3_2_014580E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D60E0 mov eax, dword ptr fs:[00000030h]3_2_014D60E0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144C0F0 mov eax, dword ptr fs:[00000030h]3_2_0144C0F0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014920F0 mov ecx, dword ptr fs:[00000030h]3_2_014920F0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145208A mov eax, dword ptr fs:[00000030h]3_2_0145208A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014480A0 mov eax, dword ptr fs:[00000030h]3_2_014480A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E80A8 mov eax, dword ptr fs:[00000030h]3_2_014E80A8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015160B8 mov eax, dword ptr fs:[00000030h]3_2_015160B8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015160B8 mov ecx, dword ptr fs:[00000030h]3_2_015160B8
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151A352 mov eax, dword ptr fs:[00000030h]3_2_0151A352
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D2349 mov eax, dword ptr fs:[00000030h]3_2_014D2349
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D035C mov eax, dword ptr fs:[00000030h]3_2_014D035C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D035C mov eax, dword ptr fs:[00000030h]3_2_014D035C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D035C mov eax, dword ptr fs:[00000030h]3_2_014D035C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D035C mov ecx, dword ptr fs:[00000030h]3_2_014D035C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D035C mov eax, dword ptr fs:[00000030h]3_2_014D035C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D035C mov eax, dword ptr fs:[00000030h]3_2_014D035C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0152634F mov eax, dword ptr fs:[00000030h]3_2_0152634F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F8350 mov ecx, dword ptr fs:[00000030h]3_2_014F8350
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F437C mov eax, dword ptr fs:[00000030h]3_2_014F437C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A30B mov eax, dword ptr fs:[00000030h]3_2_0148A30B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A30B mov eax, dword ptr fs:[00000030h]3_2_0148A30B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A30B mov eax, dword ptr fs:[00000030h]3_2_0148A30B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144C310 mov ecx, dword ptr fs:[00000030h]3_2_0144C310
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01470310 mov ecx, dword ptr fs:[00000030h]3_2_01470310
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01528324 mov eax, dword ptr fs:[00000030h]3_2_01528324
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01528324 mov ecx, dword ptr fs:[00000030h]3_2_01528324
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01528324 mov eax, dword ptr fs:[00000030h]3_2_01528324
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01528324 mov eax, dword ptr fs:[00000030h]3_2_01528324
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A3C0 mov eax, dword ptr fs:[00000030h]3_2_0145A3C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A3C0 mov eax, dword ptr fs:[00000030h]3_2_0145A3C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A3C0 mov eax, dword ptr fs:[00000030h]3_2_0145A3C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A3C0 mov eax, dword ptr fs:[00000030h]3_2_0145A3C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A3C0 mov eax, dword ptr fs:[00000030h]3_2_0145A3C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A3C0 mov eax, dword ptr fs:[00000030h]3_2_0145A3C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014583C0 mov eax, dword ptr fs:[00000030h]3_2_014583C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014583C0 mov eax, dword ptr fs:[00000030h]3_2_014583C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014583C0 mov eax, dword ptr fs:[00000030h]3_2_014583C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014583C0 mov eax, dword ptr fs:[00000030h]3_2_014583C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D63C0 mov eax, dword ptr fs:[00000030h]3_2_014D63C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE3DB mov eax, dword ptr fs:[00000030h]3_2_014FE3DB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE3DB mov eax, dword ptr fs:[00000030h]3_2_014FE3DB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE3DB mov ecx, dword ptr fs:[00000030h]3_2_014FE3DB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FE3DB mov eax, dword ptr fs:[00000030h]3_2_014FE3DB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F43D4 mov eax, dword ptr fs:[00000030h]3_2_014F43D4
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F43D4 mov eax, dword ptr fs:[00000030h]3_2_014F43D4
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150C3CD mov eax, dword ptr fs:[00000030h]3_2_0150C3CD
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014603E9 mov eax, dword ptr fs:[00000030h]3_2_014603E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014603E9 mov eax, dword ptr fs:[00000030h]3_2_014603E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014603E9 mov eax, dword ptr fs:[00000030h]3_2_014603E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014603E9 mov eax, dword ptr fs:[00000030h]3_2_014603E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014603E9 mov eax, dword ptr fs:[00000030h]3_2_014603E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014603E9 mov eax, dword ptr fs:[00000030h]3_2_014603E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014603E9 mov eax, dword ptr fs:[00000030h]3_2_014603E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014603E9 mov eax, dword ptr fs:[00000030h]3_2_014603E9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146E3F0 mov eax, dword ptr fs:[00000030h]3_2_0146E3F0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146E3F0 mov eax, dword ptr fs:[00000030h]3_2_0146E3F0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146E3F0 mov eax, dword ptr fs:[00000030h]3_2_0146E3F0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014863FF mov eax, dword ptr fs:[00000030h]3_2_014863FF
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147438F mov eax, dword ptr fs:[00000030h]3_2_0147438F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147438F mov eax, dword ptr fs:[00000030h]3_2_0147438F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144E388 mov eax, dword ptr fs:[00000030h]3_2_0144E388
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144E388 mov eax, dword ptr fs:[00000030h]3_2_0144E388
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144E388 mov eax, dword ptr fs:[00000030h]3_2_0144E388
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01448397 mov eax, dword ptr fs:[00000030h]3_2_01448397
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01448397 mov eax, dword ptr fs:[00000030h]3_2_01448397
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01448397 mov eax, dword ptr fs:[00000030h]3_2_01448397
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150A250 mov eax, dword ptr fs:[00000030h]3_2_0150A250
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150A250 mov eax, dword ptr fs:[00000030h]3_2_0150A250
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D8243 mov eax, dword ptr fs:[00000030h]3_2_014D8243
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D8243 mov ecx, dword ptr fs:[00000030h]3_2_014D8243
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0152625D mov eax, dword ptr fs:[00000030h]3_2_0152625D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144A250 mov eax, dword ptr fs:[00000030h]3_2_0144A250
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456259 mov eax, dword ptr fs:[00000030h]3_2_01456259
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01500274 mov eax, dword ptr fs:[00000030h]3_2_01500274
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01454260 mov eax, dword ptr fs:[00000030h]3_2_01454260
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01454260 mov eax, dword ptr fs:[00000030h]3_2_01454260
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01454260 mov eax, dword ptr fs:[00000030h]3_2_01454260
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144826B mov eax, dword ptr fs:[00000030h]3_2_0144826B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144823B mov eax, dword ptr fs:[00000030h]3_2_0144823B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015262D6 mov eax, dword ptr fs:[00000030h]3_2_015262D6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A2C3 mov eax, dword ptr fs:[00000030h]3_2_0145A2C3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A2C3 mov eax, dword ptr fs:[00000030h]3_2_0145A2C3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A2C3 mov eax, dword ptr fs:[00000030h]3_2_0145A2C3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A2C3 mov eax, dword ptr fs:[00000030h]3_2_0145A2C3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A2C3 mov eax, dword ptr fs:[00000030h]3_2_0145A2C3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014602E1 mov eax, dword ptr fs:[00000030h]3_2_014602E1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014602E1 mov eax, dword ptr fs:[00000030h]3_2_014602E1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014602E1 mov eax, dword ptr fs:[00000030h]3_2_014602E1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E284 mov eax, dword ptr fs:[00000030h]3_2_0148E284
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E284 mov eax, dword ptr fs:[00000030h]3_2_0148E284
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D0283 mov eax, dword ptr fs:[00000030h]3_2_014D0283
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D0283 mov eax, dword ptr fs:[00000030h]3_2_014D0283
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D0283 mov eax, dword ptr fs:[00000030h]3_2_014D0283
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014602A0 mov eax, dword ptr fs:[00000030h]3_2_014602A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014602A0 mov eax, dword ptr fs:[00000030h]3_2_014602A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E62A0 mov eax, dword ptr fs:[00000030h]3_2_014E62A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E62A0 mov ecx, dword ptr fs:[00000030h]3_2_014E62A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E62A0 mov eax, dword ptr fs:[00000030h]3_2_014E62A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E62A0 mov eax, dword ptr fs:[00000030h]3_2_014E62A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E62A0 mov eax, dword ptr fs:[00000030h]3_2_014E62A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E62A0 mov eax, dword ptr fs:[00000030h]3_2_014E62A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01458550 mov eax, dword ptr fs:[00000030h]3_2_01458550
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01458550 mov eax, dword ptr fs:[00000030h]3_2_01458550
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148656A mov eax, dword ptr fs:[00000030h]3_2_0148656A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148656A mov eax, dword ptr fs:[00000030h]3_2_0148656A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148656A mov eax, dword ptr fs:[00000030h]3_2_0148656A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E6500 mov eax, dword ptr fs:[00000030h]3_2_014E6500
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524500 mov eax, dword ptr fs:[00000030h]3_2_01524500
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524500 mov eax, dword ptr fs:[00000030h]3_2_01524500
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524500 mov eax, dword ptr fs:[00000030h]3_2_01524500
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524500 mov eax, dword ptr fs:[00000030h]3_2_01524500
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524500 mov eax, dword ptr fs:[00000030h]3_2_01524500
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524500 mov eax, dword ptr fs:[00000030h]3_2_01524500
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524500 mov eax, dword ptr fs:[00000030h]3_2_01524500
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460535 mov eax, dword ptr fs:[00000030h]3_2_01460535
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460535 mov eax, dword ptr fs:[00000030h]3_2_01460535
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460535 mov eax, dword ptr fs:[00000030h]3_2_01460535
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460535 mov eax, dword ptr fs:[00000030h]3_2_01460535
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460535 mov eax, dword ptr fs:[00000030h]3_2_01460535
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460535 mov eax, dword ptr fs:[00000030h]3_2_01460535
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E53E mov eax, dword ptr fs:[00000030h]3_2_0147E53E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E53E mov eax, dword ptr fs:[00000030h]3_2_0147E53E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E53E mov eax, dword ptr fs:[00000030h]3_2_0147E53E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E53E mov eax, dword ptr fs:[00000030h]3_2_0147E53E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E53E mov eax, dword ptr fs:[00000030h]3_2_0147E53E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E5CF mov eax, dword ptr fs:[00000030h]3_2_0148E5CF
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E5CF mov eax, dword ptr fs:[00000030h]3_2_0148E5CF
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014565D0 mov eax, dword ptr fs:[00000030h]3_2_014565D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A5D0 mov eax, dword ptr fs:[00000030h]3_2_0148A5D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A5D0 mov eax, dword ptr fs:[00000030h]3_2_0148A5D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E5E7 mov eax, dword ptr fs:[00000030h]3_2_0147E5E7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E5E7 mov eax, dword ptr fs:[00000030h]3_2_0147E5E7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E5E7 mov eax, dword ptr fs:[00000030h]3_2_0147E5E7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E5E7 mov eax, dword ptr fs:[00000030h]3_2_0147E5E7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E5E7 mov eax, dword ptr fs:[00000030h]3_2_0147E5E7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E5E7 mov eax, dword ptr fs:[00000030h]3_2_0147E5E7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E5E7 mov eax, dword ptr fs:[00000030h]3_2_0147E5E7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E5E7 mov eax, dword ptr fs:[00000030h]3_2_0147E5E7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014525E0 mov eax, dword ptr fs:[00000030h]3_2_014525E0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148C5ED mov eax, dword ptr fs:[00000030h]3_2_0148C5ED
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148C5ED mov eax, dword ptr fs:[00000030h]3_2_0148C5ED
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01484588 mov eax, dword ptr fs:[00000030h]3_2_01484588
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01452582 mov eax, dword ptr fs:[00000030h]3_2_01452582
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01452582 mov ecx, dword ptr fs:[00000030h]3_2_01452582
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E59C mov eax, dword ptr fs:[00000030h]3_2_0148E59C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D05A7 mov eax, dword ptr fs:[00000030h]3_2_014D05A7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D05A7 mov eax, dword ptr fs:[00000030h]3_2_014D05A7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D05A7 mov eax, dword ptr fs:[00000030h]3_2_014D05A7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014745B1 mov eax, dword ptr fs:[00000030h]3_2_014745B1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014745B1 mov eax, dword ptr fs:[00000030h]3_2_014745B1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150A456 mov eax, dword ptr fs:[00000030h]3_2_0150A456
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E443 mov eax, dword ptr fs:[00000030h]3_2_0148E443
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E443 mov eax, dword ptr fs:[00000030h]3_2_0148E443
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E443 mov eax, dword ptr fs:[00000030h]3_2_0148E443
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E443 mov eax, dword ptr fs:[00000030h]3_2_0148E443
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E443 mov eax, dword ptr fs:[00000030h]3_2_0148E443
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E443 mov eax, dword ptr fs:[00000030h]3_2_0148E443
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E443 mov eax, dword ptr fs:[00000030h]3_2_0148E443
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148E443 mov eax, dword ptr fs:[00000030h]3_2_0148E443
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144645D mov eax, dword ptr fs:[00000030h]3_2_0144645D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147245A mov eax, dword ptr fs:[00000030h]3_2_0147245A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DC460 mov ecx, dword ptr fs:[00000030h]3_2_014DC460
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147A470 mov eax, dword ptr fs:[00000030h]3_2_0147A470
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147A470 mov eax, dword ptr fs:[00000030h]3_2_0147A470
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147A470 mov eax, dword ptr fs:[00000030h]3_2_0147A470
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01488402 mov eax, dword ptr fs:[00000030h]3_2_01488402
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01488402 mov eax, dword ptr fs:[00000030h]3_2_01488402
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01488402 mov eax, dword ptr fs:[00000030h]3_2_01488402
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144C427 mov eax, dword ptr fs:[00000030h]3_2_0144C427
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144E420 mov eax, dword ptr fs:[00000030h]3_2_0144E420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144E420 mov eax, dword ptr fs:[00000030h]3_2_0144E420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144E420 mov eax, dword ptr fs:[00000030h]3_2_0144E420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D6420 mov eax, dword ptr fs:[00000030h]3_2_014D6420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D6420 mov eax, dword ptr fs:[00000030h]3_2_014D6420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D6420 mov eax, dword ptr fs:[00000030h]3_2_014D6420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D6420 mov eax, dword ptr fs:[00000030h]3_2_014D6420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D6420 mov eax, dword ptr fs:[00000030h]3_2_014D6420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D6420 mov eax, dword ptr fs:[00000030h]3_2_014D6420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D6420 mov eax, dword ptr fs:[00000030h]3_2_014D6420
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A430 mov eax, dword ptr fs:[00000030h]3_2_0148A430
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014504E5 mov ecx, dword ptr fs:[00000030h]3_2_014504E5
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0150A49A mov eax, dword ptr fs:[00000030h]3_2_0150A49A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014564AB mov eax, dword ptr fs:[00000030h]3_2_014564AB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014844B0 mov ecx, dword ptr fs:[00000030h]3_2_014844B0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DA4B0 mov eax, dword ptr fs:[00000030h]3_2_014DA4B0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148674D mov esi, dword ptr fs:[00000030h]3_2_0148674D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148674D mov eax, dword ptr fs:[00000030h]3_2_0148674D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148674D mov eax, dword ptr fs:[00000030h]3_2_0148674D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DE75D mov eax, dword ptr fs:[00000030h]3_2_014DE75D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01450750 mov eax, dword ptr fs:[00000030h]3_2_01450750
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D4755 mov eax, dword ptr fs:[00000030h]3_2_014D4755
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492750 mov eax, dword ptr fs:[00000030h]3_2_01492750
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492750 mov eax, dword ptr fs:[00000030h]3_2_01492750
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01458770 mov eax, dword ptr fs:[00000030h]3_2_01458770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460770 mov eax, dword ptr fs:[00000030h]3_2_01460770
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148C700 mov eax, dword ptr fs:[00000030h]3_2_0148C700
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01450710 mov eax, dword ptr fs:[00000030h]3_2_01450710
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01480710 mov eax, dword ptr fs:[00000030h]3_2_01480710
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148C720 mov eax, dword ptr fs:[00000030h]3_2_0148C720
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148C720 mov eax, dword ptr fs:[00000030h]3_2_0148C720
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148273C mov eax, dword ptr fs:[00000030h]3_2_0148273C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148273C mov ecx, dword ptr fs:[00000030h]3_2_0148273C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148273C mov eax, dword ptr fs:[00000030h]3_2_0148273C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CC730 mov eax, dword ptr fs:[00000030h]3_2_014CC730
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145C7C0 mov eax, dword ptr fs:[00000030h]3_2_0145C7C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D07C3 mov eax, dword ptr fs:[00000030h]3_2_014D07C3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014727ED mov eax, dword ptr fs:[00000030h]3_2_014727ED
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014727ED mov eax, dword ptr fs:[00000030h]3_2_014727ED
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014727ED mov eax, dword ptr fs:[00000030h]3_2_014727ED
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DE7E1 mov eax, dword ptr fs:[00000030h]3_2_014DE7E1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014547FB mov eax, dword ptr fs:[00000030h]3_2_014547FB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014547FB mov eax, dword ptr fs:[00000030h]3_2_014547FB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F678E mov eax, dword ptr fs:[00000030h]3_2_014F678E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014507AF mov eax, dword ptr fs:[00000030h]3_2_014507AF
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015047A0 mov eax, dword ptr fs:[00000030h]3_2_015047A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146C640 mov eax, dword ptr fs:[00000030h]3_2_0146C640
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A660 mov eax, dword ptr fs:[00000030h]3_2_0148A660
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A660 mov eax, dword ptr fs:[00000030h]3_2_0148A660
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01482674 mov eax, dword ptr fs:[00000030h]3_2_01482674
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151866E mov eax, dword ptr fs:[00000030h]3_2_0151866E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151866E mov eax, dword ptr fs:[00000030h]3_2_0151866E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE609 mov eax, dword ptr fs:[00000030h]3_2_014CE609
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01492619 mov eax, dword ptr fs:[00000030h]3_2_01492619
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0146E627 mov eax, dword ptr fs:[00000030h]3_2_0146E627
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01486620 mov eax, dword ptr fs:[00000030h]3_2_01486620
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01488620 mov eax, dword ptr fs:[00000030h]3_2_01488620
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145262C mov eax, dword ptr fs:[00000030h]3_2_0145262C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0148A6C7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A6C7 mov eax, dword ptr fs:[00000030h]3_2_0148A6C7
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D06F1 mov eax, dword ptr fs:[00000030h]3_2_014D06F1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D06F1 mov eax, dword ptr fs:[00000030h]3_2_014D06F1
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE6F2 mov eax, dword ptr fs:[00000030h]3_2_014CE6F2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE6F2 mov eax, dword ptr fs:[00000030h]3_2_014CE6F2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE6F2 mov eax, dword ptr fs:[00000030h]3_2_014CE6F2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE6F2 mov eax, dword ptr fs:[00000030h]3_2_014CE6F2
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01454690 mov eax, dword ptr fs:[00000030h]3_2_01454690
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01454690 mov eax, dword ptr fs:[00000030h]3_2_01454690
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148C6A6 mov eax, dword ptr fs:[00000030h]3_2_0148C6A6
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014866B0 mov eax, dword ptr fs:[00000030h]3_2_014866B0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D0946 mov eax, dword ptr fs:[00000030h]3_2_014D0946
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524940 mov eax, dword ptr fs:[00000030h]3_2_01524940
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01476962 mov eax, dword ptr fs:[00000030h]3_2_01476962
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01476962 mov eax, dword ptr fs:[00000030h]3_2_01476962
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01476962 mov eax, dword ptr fs:[00000030h]3_2_01476962
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0149096E mov eax, dword ptr fs:[00000030h]3_2_0149096E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0149096E mov edx, dword ptr fs:[00000030h]3_2_0149096E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0149096E mov eax, dword ptr fs:[00000030h]3_2_0149096E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DC97C mov eax, dword ptr fs:[00000030h]3_2_014DC97C
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F4978 mov eax, dword ptr fs:[00000030h]3_2_014F4978
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F4978 mov eax, dword ptr fs:[00000030h]3_2_014F4978
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE908 mov eax, dword ptr fs:[00000030h]3_2_014CE908
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CE908 mov eax, dword ptr fs:[00000030h]3_2_014CE908
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01448918 mov eax, dword ptr fs:[00000030h]3_2_01448918
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01448918 mov eax, dword ptr fs:[00000030h]3_2_01448918
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DC912 mov eax, dword ptr fs:[00000030h]3_2_014DC912
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E892B mov eax, dword ptr fs:[00000030h]3_2_014E892B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D892A mov eax, dword ptr fs:[00000030h]3_2_014D892A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151A9D3 mov eax, dword ptr fs:[00000030h]3_2_0151A9D3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E69C0 mov eax, dword ptr fs:[00000030h]3_2_014E69C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A9D0 mov eax, dword ptr fs:[00000030h]3_2_0145A9D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A9D0 mov eax, dword ptr fs:[00000030h]3_2_0145A9D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A9D0 mov eax, dword ptr fs:[00000030h]3_2_0145A9D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A9D0 mov eax, dword ptr fs:[00000030h]3_2_0145A9D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A9D0 mov eax, dword ptr fs:[00000030h]3_2_0145A9D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145A9D0 mov eax, dword ptr fs:[00000030h]3_2_0145A9D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014849D0 mov eax, dword ptr fs:[00000030h]3_2_014849D0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DE9E0 mov eax, dword ptr fs:[00000030h]3_2_014DE9E0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014829F9 mov eax, dword ptr fs:[00000030h]3_2_014829F9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014829F9 mov eax, dword ptr fs:[00000030h]3_2_014829F9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014629A0 mov eax, dword ptr fs:[00000030h]3_2_014629A0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014509AD mov eax, dword ptr fs:[00000030h]3_2_014509AD
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014509AD mov eax, dword ptr fs:[00000030h]3_2_014509AD
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D89B3 mov esi, dword ptr fs:[00000030h]3_2_014D89B3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D89B3 mov eax, dword ptr fs:[00000030h]3_2_014D89B3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014D89B3 mov eax, dword ptr fs:[00000030h]3_2_014D89B3
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01462840 mov ecx, dword ptr fs:[00000030h]3_2_01462840
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01454859 mov eax, dword ptr fs:[00000030h]3_2_01454859
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01454859 mov eax, dword ptr fs:[00000030h]3_2_01454859
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01480854 mov eax, dword ptr fs:[00000030h]3_2_01480854
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E6870 mov eax, dword ptr fs:[00000030h]3_2_014E6870
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E6870 mov eax, dword ptr fs:[00000030h]3_2_014E6870
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DE872 mov eax, dword ptr fs:[00000030h]3_2_014DE872
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DE872 mov eax, dword ptr fs:[00000030h]3_2_014DE872
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DC810 mov eax, dword ptr fs:[00000030h]3_2_014DC810
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01472835 mov eax, dword ptr fs:[00000030h]3_2_01472835
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01472835 mov eax, dword ptr fs:[00000030h]3_2_01472835
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01472835 mov eax, dword ptr fs:[00000030h]3_2_01472835
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01472835 mov ecx, dword ptr fs:[00000030h]3_2_01472835
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01472835 mov eax, dword ptr fs:[00000030h]3_2_01472835
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01472835 mov eax, dword ptr fs:[00000030h]3_2_01472835
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F483A mov eax, dword ptr fs:[00000030h]3_2_014F483A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F483A mov eax, dword ptr fs:[00000030h]3_2_014F483A
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148A830 mov eax, dword ptr fs:[00000030h]3_2_0148A830
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147E8C0 mov eax, dword ptr fs:[00000030h]3_2_0147E8C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_015208C0 mov eax, dword ptr fs:[00000030h]3_2_015208C0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148C8F9 mov eax, dword ptr fs:[00000030h]3_2_0148C8F9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148C8F9 mov eax, dword ptr fs:[00000030h]3_2_0148C8F9
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151A8E4 mov eax, dword ptr fs:[00000030h]3_2_0151A8E4
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01450887 mov eax, dword ptr fs:[00000030h]3_2_01450887
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DC89D mov eax, dword ptr fs:[00000030h]3_2_014DC89D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01522B57 mov eax, dword ptr fs:[00000030h]3_2_01522B57
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01522B57 mov eax, dword ptr fs:[00000030h]3_2_01522B57
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01522B57 mov eax, dword ptr fs:[00000030h]3_2_01522B57
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01522B57 mov eax, dword ptr fs:[00000030h]3_2_01522B57
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014F8B42 mov eax, dword ptr fs:[00000030h]3_2_014F8B42
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E6B40 mov eax, dword ptr fs:[00000030h]3_2_014E6B40
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014E6B40 mov eax, dword ptr fs:[00000030h]3_2_014E6B40
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0151AB40 mov eax, dword ptr fs:[00000030h]3_2_0151AB40
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01448B50 mov eax, dword ptr fs:[00000030h]3_2_01448B50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01504B4B mov eax, dword ptr fs:[00000030h]3_2_01504B4B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01504B4B mov eax, dword ptr fs:[00000030h]3_2_01504B4B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FEB50 mov eax, dword ptr fs:[00000030h]3_2_014FEB50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0144CB7E mov eax, dword ptr fs:[00000030h]3_2_0144CB7E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CEB1D mov eax, dword ptr fs:[00000030h]3_2_014CEB1D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CEB1D mov eax, dword ptr fs:[00000030h]3_2_014CEB1D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CEB1D mov eax, dword ptr fs:[00000030h]3_2_014CEB1D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CEB1D mov eax, dword ptr fs:[00000030h]3_2_014CEB1D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CEB1D mov eax, dword ptr fs:[00000030h]3_2_014CEB1D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CEB1D mov eax, dword ptr fs:[00000030h]3_2_014CEB1D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CEB1D mov eax, dword ptr fs:[00000030h]3_2_014CEB1D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CEB1D mov eax, dword ptr fs:[00000030h]3_2_014CEB1D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CEB1D mov eax, dword ptr fs:[00000030h]3_2_014CEB1D
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524B00 mov eax, dword ptr fs:[00000030h]3_2_01524B00
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147EB20 mov eax, dword ptr fs:[00000030h]3_2_0147EB20
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147EB20 mov eax, dword ptr fs:[00000030h]3_2_0147EB20
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01518B28 mov eax, dword ptr fs:[00000030h]3_2_01518B28
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01518B28 mov eax, dword ptr fs:[00000030h]3_2_01518B28
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01450BCD mov eax, dword ptr fs:[00000030h]3_2_01450BCD
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01450BCD mov eax, dword ptr fs:[00000030h]3_2_01450BCD
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01450BCD mov eax, dword ptr fs:[00000030h]3_2_01450BCD
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01470BCB mov eax, dword ptr fs:[00000030h]3_2_01470BCB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01470BCB mov eax, dword ptr fs:[00000030h]3_2_01470BCB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01470BCB mov eax, dword ptr fs:[00000030h]3_2_01470BCB
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FEBD0 mov eax, dword ptr fs:[00000030h]3_2_014FEBD0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01458BF0 mov eax, dword ptr fs:[00000030h]3_2_01458BF0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01458BF0 mov eax, dword ptr fs:[00000030h]3_2_01458BF0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01458BF0 mov eax, dword ptr fs:[00000030h]3_2_01458BF0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147EBFC mov eax, dword ptr fs:[00000030h]3_2_0147EBFC
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DCBF0 mov eax, dword ptr fs:[00000030h]3_2_014DCBF0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01504BB0 mov eax, dword ptr fs:[00000030h]3_2_01504BB0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01504BB0 mov eax, dword ptr fs:[00000030h]3_2_01504BB0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460BBE mov eax, dword ptr fs:[00000030h]3_2_01460BBE
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460BBE mov eax, dword ptr fs:[00000030h]3_2_01460BBE
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456A50 mov eax, dword ptr fs:[00000030h]3_2_01456A50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456A50 mov eax, dword ptr fs:[00000030h]3_2_01456A50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456A50 mov eax, dword ptr fs:[00000030h]3_2_01456A50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456A50 mov eax, dword ptr fs:[00000030h]3_2_01456A50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456A50 mov eax, dword ptr fs:[00000030h]3_2_01456A50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456A50 mov eax, dword ptr fs:[00000030h]3_2_01456A50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01456A50 mov eax, dword ptr fs:[00000030h]3_2_01456A50
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460A5B mov eax, dword ptr fs:[00000030h]3_2_01460A5B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01460A5B mov eax, dword ptr fs:[00000030h]3_2_01460A5B
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148CA6F mov eax, dword ptr fs:[00000030h]3_2_0148CA6F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148CA6F mov eax, dword ptr fs:[00000030h]3_2_0148CA6F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148CA6F mov eax, dword ptr fs:[00000030h]3_2_0148CA6F
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014FEA60 mov eax, dword ptr fs:[00000030h]3_2_014FEA60
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CCA72 mov eax, dword ptr fs:[00000030h]3_2_014CCA72
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014CCA72 mov eax, dword ptr fs:[00000030h]3_2_014CCA72
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014DCA11 mov eax, dword ptr fs:[00000030h]3_2_014DCA11
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0147EA2E mov eax, dword ptr fs:[00000030h]3_2_0147EA2E
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148CA24 mov eax, dword ptr fs:[00000030h]3_2_0148CA24
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148CA38 mov eax, dword ptr fs:[00000030h]3_2_0148CA38
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01474A35 mov eax, dword ptr fs:[00000030h]3_2_01474A35
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01474A35 mov eax, dword ptr fs:[00000030h]3_2_01474A35
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014A6ACC mov eax, dword ptr fs:[00000030h]3_2_014A6ACC
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014A6ACC mov eax, dword ptr fs:[00000030h]3_2_014A6ACC
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_014A6ACC mov eax, dword ptr fs:[00000030h]3_2_014A6ACC
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01450AD0 mov eax, dword ptr fs:[00000030h]3_2_01450AD0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01484AD0 mov eax, dword ptr fs:[00000030h]3_2_01484AD0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01484AD0 mov eax, dword ptr fs:[00000030h]3_2_01484AD0
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148AAEE mov eax, dword ptr fs:[00000030h]3_2_0148AAEE
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0148AAEE mov eax, dword ptr fs:[00000030h]3_2_0148AAEE
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA80 mov eax, dword ptr fs:[00000030h]3_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA80 mov eax, dword ptr fs:[00000030h]3_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA80 mov eax, dword ptr fs:[00000030h]3_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA80 mov eax, dword ptr fs:[00000030h]3_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA80 mov eax, dword ptr fs:[00000030h]3_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA80 mov eax, dword ptr fs:[00000030h]3_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA80 mov eax, dword ptr fs:[00000030h]3_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA80 mov eax, dword ptr fs:[00000030h]3_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_0145EA80 mov eax, dword ptr fs:[00000030h]3_2_0145EA80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeCode function: 3_2_01524A80 mov eax, dword ptr fs:[00000030h]3_2_01524A80
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeMemory written: C:\Users\user\Desktop\WF2DL1l7E8.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeProcess created: C:\Users\user\Desktop\WF2DL1l7E8.exe "C:\Users\user\Desktop\WF2DL1l7E8.exe"Jump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeQueries volume information: C:\Users\user\Desktop\WF2DL1l7E8.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WF2DL1l7E8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.WF2DL1l7E8.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.WF2DL1l7E8.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1872786203.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.WF2DL1l7E8.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.WF2DL1l7E8.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1872786203.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            WF2DL1l7E8.exe71%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
            WF2DL1l7E8.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            s-part-0017.t-0009.t-msedge.net
            		13.107.246.45
            		truefalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.elderscrolls.com/skyrim/characterWF2DL1l7E8.exefalse
                		high
                http://www.elderscrolls.com/skyrim/characterTWF2DL1l7E8.exefalse
                  		high
                  http://www.elderscrolls.com/skyrim/playerWF2DL1l7E8.exe, 00000000.00000002.1335791442.00000000025FA000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high

                    World Map of Contacted IPs

                    No contacted IP infos

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1587666
                    Start date and time:2025-01-10 16:33:02 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 56s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:WF2DL1l7E8.exe
                    renamed because original name is a hash value
                    Original Sample Name:f6a7681d3c21527e2412d75e5a16907bedea96a7d32eb3b3f163fad5ec348b4c.exe
                    Detection:MAL
                    Classification:mal76.troj.evad.winEXE@3/1@0/0
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 93%
                    • Number of executed functions: 46
                    • Number of non-executed functions: 283
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 13.107.246.45, 2.23.242.162, 52.149.20.212
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • VT rate limit hit for: WF2DL1l7E8.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    10:33:58API Interceptor4x Sleep call for process: WF2DL1l7E8.exe modified

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    s-part-0017.t-0009.t-msedge.netPlay_VM-NowTingrammAudiowav011.htmlGet hashmaliciousUnknownBrowse
                    • 13.107.246.45
                    launcher.exe.bin.exeGet hashmaliciousPureLog Stealer, Xmrig, zgRATBrowse
                    • 13.107.246.45
                    FGTFTj8GLM.exeGet hashmaliciousFormBookBrowse
                    • 13.107.246.45
                    30562134305434372.jsGet hashmaliciousStrela DownloaderBrowse
                    • 13.107.246.45
                    Mmm7GmDcR4.exeGet hashmaliciousLummaCBrowse
                    • 13.107.246.45
                    https://na4.docusign.net/Signing/EmailStart.aspx?a=ffa78034-d960-4bb3-b2a2-bb62a1fc4a65&etti=24&acct=86dab687-685e-40aa-af52-e5c3fc07b508&er=04714c6d-cc25-4a21-be91-01e1c43a5f3fGet hashmaliciousHTMLPhisherBrowse
                    • 13.107.246.45
                    hCkkM0lH0P.exeGet hashmaliciousAgentTeslaBrowse
                    • 13.107.246.45
                    RSLMZxqebl.exeGet hashmaliciousFormBookBrowse
                    • 13.107.246.45
                    nRNzqQOQwk.exeGet hashmaliciousGuLoaderBrowse
                    • 13.107.246.45
                    PO-0005082025 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                    • 13.107.246.45

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WF2DL1l7E8.exe.log

                    Download File
                    Process:C:\Users\user\Desktop\WF2DL1l7E8.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):1216
                    Entropy (8bit):5.34331486778365
                    Encrypted:false
                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.7332908562763425
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    • Win32 Executable (generic) a (10002005/4) 49.75%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Windows Screen Saver (13104/52) 0.07%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    File name:WF2DL1l7E8.exe
                    File size:831'488 bytes
                    MD5:b72c51b48fe564524bb03fd2fe0e2747
                    SHA1:353f023689392d3ba12d89571296ed0642570848
                    SHA256:f6a7681d3c21527e2412d75e5a16907bedea96a7d32eb3b3f163fad5ec348b4c
                    SHA512:bd766fcafba708a3b346c350a5533f63d5a2f892e0d94ccda954bf0aba9e8f5b817e333c3da94f038faf37bc1ec1d6bb35bb21a48dc3c43da78cbb8f1b1674e8
                    SSDEEP:12288:lXtjSkwzjeeOCdsrtWP1fM5Vmi+Rh/h8WEvHtq2DJn209TZWoIvC5IBBhiplmx:arzyD5WaCi+RVhhWNVlTZo
                    TLSH:D005E19C7610F54FC943CE358EA4FC74A6646CAA930BD30399D72DEFB91D94A8E041E2
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k.Qg..............0.................. ........@.. ....................................@................................

                    File Icon

                    Icon Hash:0697f0b9b0b1d827

                    Static PE Info

                    General

                    Entrypoint:0x4caece
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x6751196B [Thu Dec 5 03:09:31 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0xcae740x57.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xcc0000x1bb0.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xce0000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000xc8ed40xc9000d453ed4905996117186d431c978476e9False0.8876406541511194data7.738271138377228IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0xcc0000x1bb00x1c000e3870d02f8300337e2a1d468ba69ffdFalse0.8685825892857143data7.378511488083375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0xce0000xc0x200ef8b83c50b3e3580ad70859cdee22a13False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_ICON0xcc0e80x174ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9639624539054643
                    RT_GROUP_ICON0xcd8380x14data1.05
                    RT_VERSION0xcd84c0x360data0.4236111111111111

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Jan 10, 2025 16:33:56.668545961 CET1.1.1.1192.168.2.110x84aeNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                    Jan 10, 2025 16:33:56.668545961 CET1.1.1.1192.168.2.110x84aeNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:10:33:58
                    Start date:10/01/2025
                    Path:C:\Users\user\Desktop\WF2DL1l7E8.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\WF2DL1l7E8.exe"
                    Imagebase:0x240000
                    File size:831'488 bytes
                    MD5 hash:B72C51B48FE564524BB03FD2FE0E2747
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:3
                    Start time:10:34:01
                    Start date:10/01/2025
                    Path:C:\Users\user\Desktop\WF2DL1l7E8.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\WF2DL1l7E8.exe"
                    Imagebase:0x950000
                    File size:831'488 bytes
                    MD5 hash:B72C51B48FE564524BB03FD2FE0E2747
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1872786203.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:10.9%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:19.8%
                      Total number of Nodes:81
                      Total number of Limit Nodes:3
                      execution_graph 31410 9a5ad31 CloseHandle 31411 9a5ad9f 31410->31411 31412 914c600 31413 914c640 VirtualAllocEx 31412->31413 31415 914c67d 31413->31415 31416 914c6c0 31417 914c708 WriteProcessMemory 31416->31417 31419 914c75f 31417->31419 31431 914c7b0 31432 914c7fb ReadProcessMemory 31431->31432 31434 914c83f 31432->31434 31435 4a7a3c0 31436 4a7a3d0 31435->31436 31439 4a79c9c 31436->31439 31438 4a7a47a 31440 4a79ca7 31439->31440 31443 4a79cbc 31440->31443 31442 4a7a73d 31442->31438 31444 4a79cc7 31443->31444 31447 4a79cec 31444->31447 31446 4a7a81a 31446->31442 31448 4a79cf7 31447->31448 31451 4a79d1c 31448->31451 31450 4a7a91c 31450->31446 31452 4a79d27 31451->31452 31455 4a7d600 31452->31455 31454 4a7d758 31454->31450 31456 4a7d60b 31455->31456 31457 4a7f1da 31456->31457 31459 4a7f238 31456->31459 31457->31454 31460 4a7f27b 31459->31460 31461 4a7f286 KiUserCallbackDispatcher 31460->31461 31462 4a7f2b0 31460->31462 31461->31462 31462->31457 31463 9a58392 31464 9a58340 31463->31464 31472 9a5839a 31463->31472 31465 9a58373 31464->31465 31466 9a5835e 31464->31466 31468 9a56b2c 3 API calls 31465->31468 31475 9a56b2c 31466->31475 31469 9a58382 31468->31469 31471 9a58825 31472->31471 31480 9a59172 31472->31480 31486 9a59170 31472->31486 31477 9a56b37 31475->31477 31476 9a58369 31477->31476 31478 9a59170 2 API calls 31477->31478 31479 9a59172 2 API calls 31477->31479 31478->31476 31479->31476 31481 9a5918a 31480->31481 31492 9a58d5c 31480->31492 31483 9a59197 31481->31483 31484 9a591af CreateIconFromResourceEx 31481->31484 31483->31471 31485 9a5923e 31484->31485 31485->31471 31487 9a58d5c CreateIconFromResourceEx 31486->31487 31488 9a5918a 31487->31488 31489 9a59197 31488->31489 31490 9a591af CreateIconFromResourceEx 31488->31490 31489->31471 31491 9a5923e 31490->31491 31491->31471 31493 9a591c0 CreateIconFromResourceEx 31492->31493 31494 9a5923e 31493->31494 31494->31481 31397 914e898 31398 914e8ad 31397->31398 31402 914bc00 31398->31402 31406 914bc08 31398->31406 31399 914e8c0 31403 914bc08 ResumeThread 31402->31403 31405 914bc79 31403->31405 31405->31399 31407 914bc48 ResumeThread 31406->31407 31409 914bc79 31407->31409 31409->31399 31420 914e908 31421 914ea93 31420->31421 31423 914e92e 31420->31423 31423->31421 31424 914a9a8 31423->31424 31425 914eb88 PostMessageW 31424->31425 31426 914ebf4 31425->31426 31426->31423 31427 914c948 31428 914c9d1 CreateProcessA 31427->31428 31430 914cb93 31428->31430 31495 914c528 31496 914c56d Wow64SetThreadContext 31495->31496 31498 914c5b5 31496->31498

                      Executed Functions

                      Function 09A56B2C Relevance: 6.9, Strings: 5, Instructions: 654COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 263 9a56b2c-9a583c8 266 9a583ce-9a583d3 263->266 267 9a588ab-9a58914 263->267 266->267 268 9a583d9-9a583f6 266->268 274 9a5891b-9a589a3 267->274 273 9a583fc-9a58400 268->273 268->274 276 9a58402-9a5840c call 9a56b3c 273->276 277 9a5840f-9a58413 273->277 318 9a589ae-9a58a2e 274->318 276->277 279 9a58415-9a5841f call 9a56b3c 277->279 280 9a58422-9a58429 277->280 279->280 285 9a58544-9a58549 280->285 286 9a5842f-9a5845f 280->286 289 9a58551-9a58556 285->289 290 9a5854b-9a5854f 285->290 295 9a58465-9a58538 call 9a56b48 * 2 286->295 296 9a58c2e-9a58cae 286->296 293 9a58568-9a58598 call 9a56b54 * 3 289->293 290->289 292 9a58558-9a5855c 290->292 292->296 298 9a58562-9a58565 292->298 293->318 319 9a5859e-9a585a1 293->319 295->285 329 9a5853a 295->329 314 9a58cb7-9a58cd4 296->314 315 9a58cb0-9a58cb6 296->315 298->293 315->314 336 9a58a35-9a58ab7 318->336 319->318 323 9a585a7-9a585a9 319->323 323->318 325 9a585af-9a585e4 323->325 325->336 337 9a585ea-9a585f3 325->337 329->285 344 9a58abf-9a58b41 336->344 339 9a58756-9a5875a 337->339 340 9a585f9-9a58653 call 9a56b54 * 2 call 9a56b64 * 2 337->340 343 9a58760-9a58764 339->343 339->344 382 9a58665 340->382 383 9a58655-9a5865e 340->383 345 9a58b49-9a58b76 343->345 346 9a5876a-9a58770 343->346 344->345 359 9a58b7d-9a58bfd 345->359 349 9a58774-9a587a9 346->349 350 9a58772 346->350 355 9a587b0-9a587b6 349->355 350->355 355->359 360 9a587bc-9a587c4 355->360 415 9a58c04-9a58c26 359->415 365 9a587c6-9a587ca 360->365 366 9a587cb-9a587cd 360->366 365->366 372 9a5882f-9a58835 366->372 373 9a587cf-9a587f3 366->373 377 9a58854-9a58882 372->377 378 9a58837-9a58852 372->378 403 9a587f5-9a587fa 373->403 404 9a587fc-9a58800 373->404 397 9a5888a-9a58896 377->397 378->397 389 9a58669-9a5866b 382->389 388 9a58660-9a58663 383->388 383->389 388->389 395 9a58672-9a58676 389->395 396 9a5866d 389->396 401 9a58684-9a5868a 395->401 402 9a58678-9a5867f 395->402 396->395 397->415 416 9a5889c-9a588a8 397->416 412 9a58694-9a58699 401->412 413 9a5868c-9a58692 401->413 410 9a58721-9a58725 402->410 411 9a5880c-9a5881d 403->411 404->296 408 9a58806-9a58809 404->408 408->411 417 9a58744-9a58750 410->417 418 9a58727-9a58741 410->418 454 9a5881f call 9a59170 411->454 455 9a5881f call 9a59172 411->455 419 9a5869f-9a586a5 412->419 413->419 415->296 417->339 417->340 418->417 423 9a586a7-9a586a9 419->423 424 9a586ab-9a586b0 419->424 429 9a586b2-9a586c4 423->429 424->429 427 9a58825-9a5882d 427->397 434 9a586c6-9a586cc 429->434 435 9a586ce-9a586d3 429->435 437 9a586d9-9a586e0 434->437 435->437 441 9a586e6 437->441 442 9a586e2-9a586e4 437->442 445 9a586eb-9a586f6 441->445 442->445 446 9a586f8-9a586fb 445->446 447 9a5871a 445->447 446->410 449 9a586fd-9a58703 446->449 447->410 450 9a58705-9a58708 449->450 451 9a5870a-9a58713 449->451 450->447 450->451 451->410 453 9a58715-9a58718 451->453 453->410 453->447 454->427 455->427
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: Hnq$Hnq$Hnq$Hnq$Hnq
                      • API String ID: 0-1196166627
                      • Opcode ID: e52528bb2edd45eff992beb1369184055dcfa762936ae5bc8916d1388b16ce54
                      • Instruction ID: e6b99093c1fa8cffd88db27043b07ecfe1d83e0d1d53dc1746603bcd28cf4261
                      • Opcode Fuzzy Hash: e52528bb2edd45eff992beb1369184055dcfa762936ae5bc8916d1388b16ce54
                      • Instruction Fuzzy Hash: 82426D70F002188FDB54DFA9C9547AEBBF6AF88700F1485A9D40AAB398DB349D45CF91
                      Function 04A7138F Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 670 4a7138f-4a7141c 671 4a71464-4a714a4 call 4a700e4 670->671 672 4a7141e-4a71443 670->672 679 4a714a7 671->679 674 4a71445 672->674 675 4a7144a-4a71462 672->675 674->675 675->671 680 4a714ae-4a714ca 679->680 681 4a714d3-4a714d4 680->681 682 4a714cc 680->682 685 4a7163e-4a716ae call 4a700f4 681->685 682->679 682->681 683 4a715b3-4a715dd 682->683 684 4a715e2-4a715f4 682->684 682->685 686 4a7153c-4a71564 682->686 687 4a71509-4a71511 call 4a71c59 682->687 688 4a71599-4a715ae 682->688 689 4a714d9-4a71507 682->689 690 4a715f9-4a71639 682->690 691 4a71569-4a7156d 682->691 683->680 684->680 709 4a716b0 call 4a72731 685->709 710 4a716b0 call 4a72860 685->710 711 4a716b0 call 4a7335e 685->711 712 4a716b0 call 4a7336b 685->712 686->680 698 4a71517-4a71537 687->698 688->680 689->680 690->680 692 4a71580-4a71587 691->692 693 4a7156f-4a7157e 691->693 694 4a7158e-4a71594 692->694 693->694 694->680 698->680 707 4a716b6-4a716c0 709->707 710->707 711->707 712->707
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq$Tejq
                      • API String ID: 0-942063033
                      • Opcode ID: 549d618fe2a29d7bebb2a4189e75949889d11c5b622f46014a9afd0df5c28d26
                      • Instruction ID: 66408d7413e35732c598c636f29665e4c926853fd9c7955cd50a6f5a7d87f1a0
                      • Opcode Fuzzy Hash: 549d618fe2a29d7bebb2a4189e75949889d11c5b622f46014a9afd0df5c28d26
                      • Instruction Fuzzy Hash: 2EA1F2B0E042498FDB14CFAAC8846DEFBB2FF89314F14806AD415BB359E73469468F55
                      Function 04A71420 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 713 4a71420-4a71443 714 4a71445 713->714 715 4a7144a-4a714a4 call 4a700e4 713->715 714->715 720 4a714a7 715->720 721 4a714ae-4a714ca 720->721 722 4a714d3-4a714d4 721->722 723 4a714cc 721->723 726 4a7163e-4a716ae call 4a700f4 722->726 723->720 723->722 724 4a715b3-4a715dd 723->724 725 4a715e2-4a715f4 723->725 723->726 727 4a7153c-4a71564 723->727 728 4a71509-4a71511 call 4a71c59 723->728 729 4a71599-4a715ae 723->729 730 4a714d9-4a71507 723->730 731 4a715f9-4a71639 723->731 732 4a71569-4a7156d 723->732 724->721 725->721 749 4a716b0 call 4a72731 726->749 750 4a716b0 call 4a72860 726->750 751 4a716b0 call 4a7335e 726->751 752 4a716b0 call 4a7336b 726->752 727->721 739 4a71517-4a71537 728->739 729->721 730->721 731->721 733 4a71580-4a71587 732->733 734 4a7156f-4a7157e 732->734 735 4a7158e-4a71594 733->735 734->735 735->721 739->721 748 4a716b6-4a716c0 749->748 750->748 751->748 752->748
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq$Tejq
                      • API String ID: 0-942063033
                      • Opcode ID: c3775b8ee33df5bf89a9287c8ca8a2da5f4d483da11e18ac0348e86fa3940078
                      • Instruction ID: 93f523d1aae3b37f69d697aa6a26c50d2d0f6507cb6d90534592da4ab4c326cb
                      • Opcode Fuzzy Hash: c3775b8ee33df5bf89a9287c8ca8a2da5f4d483da11e18ac0348e86fa3940078
                      • Instruction Fuzzy Hash: 0081CFB4E002098FDB18CFAAD984A9EBBF2BF88310F20842AD515BB354D734A941CF54
                      Function 04A7A3C0 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: JR|
                      • API String ID: 0-184704523
                      • Opcode ID: 163109e980c736839d893356711313007ffb681a249edc2c025fccc1823daa2e
                      • Instruction ID: 5ffdad0e22368e8e8599afeff0ad5e44206c2dd47456851a5bfbe6898228e151
                      • Opcode Fuzzy Hash: 163109e980c736839d893356711313007ffb681a249edc2c025fccc1823daa2e
                      • Instruction Fuzzy Hash: C891B0B4E012189FDB14DFA9D9546EEBBB3FF88310F14806AD519AB364DB306942CF51
                      Function 04A79C6C Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: JR|
                      • API String ID: 0-184704523
                      • Opcode ID: 608d36413fd89d9b8736bfd91e4d59ed7d4f1ece1a2627227bdbad54d28c2634
                      • Instruction ID: 21cc03f1eaf54c55d7873a0d7a1a125b02b3e1ecdda9020046fc57185983e85a
                      • Opcode Fuzzy Hash: 608d36413fd89d9b8736bfd91e4d59ed7d4f1ece1a2627227bdbad54d28c2634
                      • Instruction Fuzzy Hash: D981B0B4E012189FDB54DFA9D9546EEBBB2FF88310F14806AD51AAB364DB306842CF51
                      Function 0914F6C0 Relevance: .6, Instructions: 602COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 35eeadc31c3316bdced5e012cf68516bf711159ecf0943af7827eb64c312e387
                      • Instruction ID: 2d113eed7783eaba6eb0deb694a11c0c32fbab4269544d4b2b463689a73102c3
                      • Opcode Fuzzy Hash: 35eeadc31c3316bdced5e012cf68516bf711159ecf0943af7827eb64c312e387
                      • Instruction Fuzzy Hash: ED329D71B012049FDB29DF69C950BAEB7F6AF89708F248469E105DB3A5CB34ED02CB51
                      Function 09A58392 Relevance: .3, Instructions: 306COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1b5ee54024db497e20d82d50b5c3ae6b723dce59f9dc7df951c4017e71165dde
                      • Instruction ID: 0f4990653cbaa097842bae76c6e10eccdac57ba12c2ee3bf7a6ccb0ef46bfe3a
                      • Opcode Fuzzy Hash: 1b5ee54024db497e20d82d50b5c3ae6b723dce59f9dc7df951c4017e71165dde
                      • Instruction Fuzzy Hash: D6C15A71E00218CFCF14DFA9C98079ABBB2BF84710F14C5AAE84AAB255DB34D985CF51
                      Function 04A71C59 Relevance: .2, Instructions: 179COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f90eaf716093af5553d84162ef74cc9a7f93cb8f0324ee18d4cd27b55e42bf58
                      • Instruction ID: c9d9b070480bdb32f94f66cdf485f2f4ee5b59d96c6afb2e2b0293fbdaa4989a
                      • Opcode Fuzzy Hash: f90eaf716093af5553d84162ef74cc9a7f93cb8f0324ee18d4cd27b55e42bf58
                      • Instruction Fuzzy Hash: 05714C70E052498FCB18CFA9C8906AEFFF2FF89300F14D5AAD405AB255E7785A41CB65
                      Function 04A72731 Relevance: .1, Instructions: 97COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7780836eeab8ede534b25a8fa92c8cdd8506405126f17de49e07e173979e884b
                      • Instruction ID: bca285fda812c758f916a5cc716f149408c47867b6a5a57d7b0ead13da17d7ee
                      • Opcode Fuzzy Hash: 7780836eeab8ede534b25a8fa92c8cdd8506405126f17de49e07e173979e884b
                      • Instruction Fuzzy Hash: 6F41F9B1E012588FDB68CFA6C9806DEFBF6BF89310F14C1AAD409AB254D7305A45CF51
                      Function 04A70871 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 28c350fd786b934b9881a5c008ea03c234b0e6421e93a4bb1bf5a078c68fb38c
                      • Instruction ID: 1a49dfeb4d0a4c9aff76c52d3d40c22a9aa4d34fef30c83515752bb6e0085ffb
                      • Opcode Fuzzy Hash: 28c350fd786b934b9881a5c008ea03c234b0e6421e93a4bb1bf5a078c68fb38c
                      • Instruction Fuzzy Hash: 9721BBB1E046188BEB58CF6BDC4079EFBF7ABC9300F04C5B6D918A6264EB3419568F51
                      Function 0914690A Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b6c18e7b4af057c72413f288354d1adfa426158d5110725e09fa5887db99649d
                      • Instruction ID: 40970675b686844cf33e741f20ec1e43136c941b42d5df53f6bab6654a803f41
                      • Opcode Fuzzy Hash: b6c18e7b4af057c72413f288354d1adfa426158d5110725e09fa5887db99649d
                      • Instruction Fuzzy Hash: BD2116B1E042588BEB18CFA7C8143EEBFB6AFC9344F04C06AD409A6264DB740946CF90
                      Function 09146918 Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8e8c0629c6110a4bf0361bafbf9bc328d30a3ff318e37658689ee66ad174b804
                      • Instruction ID: 5d8f54c9dab617e086a2ff2a3f449c94041520ae712eb32b4c3368e0ba0df0b9
                      • Opcode Fuzzy Hash: 8e8c0629c6110a4bf0361bafbf9bc328d30a3ff318e37658689ee66ad174b804
                      • Instruction Fuzzy Hash: 7621E3B1E046588BEB18CFABC9147EEFAF6BFC9344F04C02AD40966264DB7409468F90
                      Function 0914C93C Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 813 914c93c-914c9dd 816 914ca16-914ca36 813->816 817 914c9df-914c9e9 813->817 824 914ca6f-914ca9e 816->824 825 914ca38-914ca42 816->825 817->816 818 914c9eb-914c9ed 817->818 819 914ca10-914ca13 818->819 820 914c9ef-914c9f9 818->820 819->816 822 914c9fd-914ca0c 820->822 823 914c9fb 820->823 822->822 826 914ca0e 822->826 823->822 831 914cad7-914cb91 CreateProcessA 824->831 832 914caa0-914caaa 824->832 825->824 827 914ca44-914ca46 825->827 826->819 829 914ca48-914ca52 827->829 830 914ca69-914ca6c 827->830 833 914ca54 829->833 834 914ca56-914ca65 829->834 830->824 845 914cb93-914cb99 831->845 846 914cb9a-914cc20 831->846 832->831 836 914caac-914caae 832->836 833->834 834->834 835 914ca67 834->835 835->830 837 914cab0-914caba 836->837 838 914cad1-914cad4 836->838 840 914cabc 837->840 841 914cabe-914cacd 837->841 838->831 840->841 841->841 843 914cacf 841->843 843->838 845->846 856 914cc30-914cc34 846->856 857 914cc22-914cc26 846->857 859 914cc44-914cc48 856->859 860 914cc36-914cc3a 856->860 857->856 858 914cc28 857->858 858->856 862 914cc58-914cc5c 859->862 863 914cc4a-914cc4e 859->863 860->859 861 914cc3c 860->861 861->859 864 914cc6e-914cc75 862->864 865 914cc5e-914cc64 862->865 863->862 866 914cc50 863->866 867 914cc77-914cc86 864->867 868 914cc8c 864->868 865->864 866->862 867->868 870 914cc8d 868->870 870->870
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0914CB7E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 58e41f1123e1fecd58f8f4ef811acaa56aadd9783191a1031c426f014e6c92e9
                      • Instruction ID: b1dfff4f5085d9fb1a2fb8353bd10471021812b37175867ef0b82805284dc266
                      • Opcode Fuzzy Hash: 58e41f1123e1fecd58f8f4ef811acaa56aadd9783191a1031c426f014e6c92e9
                      • Instruction Fuzzy Hash: A0A19E71E01219CFEB24CF68C8417DEBBB2BF48318F148169E858A7294DB749985CF91
                      Function 0914C948 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 871 914c948-914c9dd 873 914ca16-914ca36 871->873 874 914c9df-914c9e9 871->874 881 914ca6f-914ca9e 873->881 882 914ca38-914ca42 873->882 874->873 875 914c9eb-914c9ed 874->875 876 914ca10-914ca13 875->876 877 914c9ef-914c9f9 875->877 876->873 879 914c9fd-914ca0c 877->879 880 914c9fb 877->880 879->879 883 914ca0e 879->883 880->879 888 914cad7-914cb91 CreateProcessA 881->888 889 914caa0-914caaa 881->889 882->881 884 914ca44-914ca46 882->884 883->876 886 914ca48-914ca52 884->886 887 914ca69-914ca6c 884->887 890 914ca54 886->890 891 914ca56-914ca65 886->891 887->881 902 914cb93-914cb99 888->902 903 914cb9a-914cc20 888->903 889->888 893 914caac-914caae 889->893 890->891 891->891 892 914ca67 891->892 892->887 894 914cab0-914caba 893->894 895 914cad1-914cad4 893->895 897 914cabc 894->897 898 914cabe-914cacd 894->898 895->888 897->898 898->898 900 914cacf 898->900 900->895 902->903 913 914cc30-914cc34 903->913 914 914cc22-914cc26 903->914 916 914cc44-914cc48 913->916 917 914cc36-914cc3a 913->917 914->913 915 914cc28 914->915 915->913 919 914cc58-914cc5c 916->919 920 914cc4a-914cc4e 916->920 917->916 918 914cc3c 917->918 918->916 921 914cc6e-914cc75 919->921 922 914cc5e-914cc64 919->922 920->919 923 914cc50 920->923 924 914cc77-914cc86 921->924 925 914cc8c 921->925 922->921 923->919 924->925 927 914cc8d 925->927 927->927
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0914CB7E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 8d6e0844185054f233fbaab0050eb55861853fd388c1442c7b9aee06e429cfae
                      • Instruction ID: 79ee2afae6fdbe42d61bad339bc5553fee66c94944f174332da4a7921478f997
                      • Opcode Fuzzy Hash: 8d6e0844185054f233fbaab0050eb55861853fd388c1442c7b9aee06e429cfae
                      • Instruction Fuzzy Hash: D5918E71E01219CFDB20CFA8CC417DEBBB2BF48318F148169E858A7294EB749985CF91
                      Function 09A59170 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 928 9a59170-9a59195 call 9a58d5c 931 9a59197-9a591a7 928->931 932 9a591aa-9a5923c CreateIconFromResourceEx 928->932 935 9a59245-9a59262 932->935 936 9a5923e-9a59244 932->936 936->935
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: CreateFromIconResource
                      • String ID:
                      • API String ID: 3668623891-0
                      • Opcode ID: 4e04ecee920fd27b4767aa1a4cad7077c874259f0adf39324c7948690a933d15
                      • Instruction ID: e0ca55d5c253a2967cfe64b76ad3ebfe0ddfedfcd6040944bcee22a0fc36fe47
                      • Opcode Fuzzy Hash: 4e04ecee920fd27b4767aa1a4cad7077c874259f0adf39324c7948690a933d15
                      • Instruction Fuzzy Hash: E33187729043489FCB11CFA9D804AEEBFF8EF49310F14805AE919AB221C3369855CFA1
                      Function 0914C6B9 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 939 914c6b9-914c70e 942 914c710-914c71c 939->942 943 914c71e-914c75d WriteProcessMemory 939->943 942->943 945 914c766-914c796 943->945 946 914c75f-914c765 943->946 946->945
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0914C750
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: 7613cb0eada286659f451d9f1b3433af1d46754c598930963ab599d5846a6c5c
                      • Instruction ID: 5eaa48c0089d49ceb39a85bb9738ae5f1173713d97c4ef69419900a9b5a35462
                      • Opcode Fuzzy Hash: 7613cb0eada286659f451d9f1b3433af1d46754c598930963ab599d5846a6c5c
                      • Instruction Fuzzy Hash: F12166719003499FCB10CFAAC881BEEBBF5FF48310F10842AE959A7250C779A944CFA0
                      Function 0914C6C0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 950 914c6c0-914c70e 952 914c710-914c71c 950->952 953 914c71e-914c75d WriteProcessMemory 950->953 952->953 955 914c766-914c796 953->955 956 914c75f-914c765 953->956 956->955
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0914C750
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: 179c37dc34cb9ed88498976d2e9e16ab1b18046d44a904da63375d06064fdd26
                      • Instruction ID: 82d01bc27eeb747a6700816f3c0811d0cbf4fa3e508c6d27c3765a3dd8b03210
                      • Opcode Fuzzy Hash: 179c37dc34cb9ed88498976d2e9e16ab1b18046d44a904da63375d06064fdd26
                      • Instruction Fuzzy Hash: 12217A75D003499FCB10DFA9C985BDEBBF5FF48310F10842AE958A7240C7799954CBA0
                      Function 0914C7A8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 960 914c7a8-914c83d ReadProcessMemory 964 914c846-914c876 960->964 965 914c83f-914c845 960->965 965->964
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0914C830
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: aec1ea6548fd8e29357f97acb2a4f0c3af4ef17b6f51f6ee578a0ea5171765fe
                      • Instruction ID: 361059af11ca395f6f01426e3e7f3bb8393408a856731732df357a6ce8b2f21b
                      • Opcode Fuzzy Hash: aec1ea6548fd8e29357f97acb2a4f0c3af4ef17b6f51f6ee578a0ea5171765fe
                      • Instruction Fuzzy Hash: 842155B1D002499FCB10CFAAC881AEEBBF5FF48310F50842AE558A7250C7799901CBA0
                      Function 0914C521 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                      Download Yara Rule
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0914C5A6
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: b7b4e37d3d2de3f5d00ec681696075d3be787665119a3825ff1f080dd29d7ac2
                      • Instruction ID: 6a174654e2d8147bce20148b2c7a788e76ced68d9ce4253ca3a0b51a7e7a3c9f
                      • Opcode Fuzzy Hash: b7b4e37d3d2de3f5d00ec681696075d3be787665119a3825ff1f080dd29d7ac2
                      • Instruction Fuzzy Hash: 6C215771E002098FDB10DFAAC4857EEBBF4AF88314F10842ED459A7240D7789945CFA4
                      Function 0914C528 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                      Download Yara Rule
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0914C5A6
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 042178faf5aaf7a6dcbf884d6e3c196e9d8f6a05da3fe5e59d7bbcdd7a18375a
                      • Instruction ID: b5ed3103659d9960813da0808544f90c9e5a701870314ef6b50175170372a6ed
                      • Opcode Fuzzy Hash: 042178faf5aaf7a6dcbf884d6e3c196e9d8f6a05da3fe5e59d7bbcdd7a18375a
                      • Instruction Fuzzy Hash: E2213871E003098FDB10DFAAC5857EEBBF4AF48324F50842AD459A7240D779A945CFA4
                      Function 0914C7B0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                      Download Yara Rule
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0914C830
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: 4be7e2cb435ad923ced26b3866cb639eac0d40ad9bfebe3e2f10fcddaf7a62ee
                      • Instruction ID: 29f1c5ef31abf26b75c93d3febf3042628f70202bc7f03ed37d9b37133e98071
                      • Opcode Fuzzy Hash: 4be7e2cb435ad923ced26b3866cb639eac0d40ad9bfebe3e2f10fcddaf7a62ee
                      • Instruction Fuzzy Hash: A02148B1D002099FCB10DFAAC881AEEFBF5FF48310F50842AE518A7250D7759900CBA4
                      Function 0914C5F9 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0914C66E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: 73c4e2b479d6b0f4b9fa2e96461aab2b3ff5df3b35dd0465165138928cdd03ef
                      • Instruction ID: bde129f4f73a2969032ce657bc4b218470a84d7ac114ec0909559ace82561077
                      • Opcode Fuzzy Hash: 73c4e2b479d6b0f4b9fa2e96461aab2b3ff5df3b35dd0465165138928cdd03ef
                      • Instruction Fuzzy Hash: B9216A719002489FCB10DFAAC945BDFBFF5EF48324F10881AE959AB250C776A944CFA0
                      Function 09A58D5C Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                      Download Yara Rule
                      APIs
                      • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,09A5918A,?,?,?,?,?), ref: 09A5922F
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: CreateFromIconResource
                      • String ID:
                      • API String ID: 3668623891-0
                      • Opcode ID: a33f4bbc8926a055b9c63b2c167aac46cc95b78f047e1dba4f6069df38a46344
                      • Instruction ID: 90d4e863e06a82fd23979000299f4b786a36142d9b8677a6a079be14307bf2a2
                      • Opcode Fuzzy Hash: a33f4bbc8926a055b9c63b2c167aac46cc95b78f047e1dba4f6069df38a46344
                      • Instruction Fuzzy Hash: CA1156B190024DDFCB50CFAAC844BEEBFF8EB48310F14841AE919A7210C375A950CFA4
                      Function 0914BC00 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: 121fa6528ccfb8a25ad8dcb27f061d26268ff7b39e24aa1ea7a0628af0191551
                      • Instruction ID: 6b48658543d39994a84e909446d34b8d3858f4787d7a50b0f249b020db5cd9f1
                      • Opcode Fuzzy Hash: 121fa6528ccfb8a25ad8dcb27f061d26268ff7b39e24aa1ea7a0628af0191551
                      • Instruction Fuzzy Hash: 391149B19042088FCB24DFAAC9857DEBBF4AF88324F108429D419A7250CB75A945CBA4
                      Function 0914C600 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0914C66E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: dae9046558e1e5e1f3f6d4f0fe3123d5e6b4b7bddd05ca8e4f457895a3d72940
                      • Instruction ID: 3d392cf349580bf22b79e355e9f3e43dfd9b1fd8dce3f92a77d719a952d6d2c3
                      • Opcode Fuzzy Hash: dae9046558e1e5e1f3f6d4f0fe3123d5e6b4b7bddd05ca8e4f457895a3d72940
                      • Instruction Fuzzy Hash: C51149719002499FCB10DFAAC945BDFBFF5EF58324F10881AE519A7250C776A944CFA0
                      Function 0914BC08 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: f2106f5fd9b2caa2796d0965871c269af9d1cddc95450abd49506e4040c76556
                      • Instruction ID: f236c813093c0fa770813c8a49087de82efca52722d6ca969b6c8b795f611b62
                      • Opcode Fuzzy Hash: f2106f5fd9b2caa2796d0965871c269af9d1cddc95450abd49506e4040c76556
                      • Instruction Fuzzy Hash: 40113AB1D042488FCB20DFAAC5457DFFBF4AB88324F10841AD419B7250CB75A944CBA4
                      Function 04A7F238 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                      Download Yara Rule
                      APIs
                      • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 04A7F29D
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: CallbackDispatcherUser
                      • String ID:
                      • API String ID: 2492992576-0
                      • Opcode ID: 80be5ed297eade2b3d31d777a8db6cb148fa45803b71e210df5236c3c0644a0e
                      • Instruction ID: bff6e9b15e120e31754574bbfa86968cd67bd06dffdbb6d97a894fbad8d2c397
                      • Opcode Fuzzy Hash: 80be5ed297eade2b3d31d777a8db6cb148fa45803b71e210df5236c3c0644a0e
                      • Instruction Fuzzy Hash: E5116DB58053988EDB10DF99D5047DEBFF9AB05314F148099DA49B7241C3796604CBA6
                      Function 0914A9A8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                      Download Yara Rule
                      APIs
                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0914EBE5
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: MessagePost
                      • String ID:
                      • API String ID: 410705778-0
                      • Opcode ID: 85b6e44c21ebe6587305bde631942e95eaee72fa7f3c37293b34140143bded84
                      • Instruction ID: cfa927314b5f5b0487f7dd19043224cf8643234a49375c1336774e5a2bd76fa0
                      • Opcode Fuzzy Hash: 85b6e44c21ebe6587305bde631942e95eaee72fa7f3c37293b34140143bded84
                      • Instruction Fuzzy Hash: D61122B58043489FCB10DF9AC484BDEBBF8FB58324F10841AE919B7200C375A944CFA0
                      Function 09A5A206 Relevance: 1.3, APIs: 1, Instructions: 58COMMON
                      Download Yara Rule
                      APIs
                      • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,09A5ABE9,?,?), ref: 09A5AD90
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: 71bcabd74926180a3f09e451f8ef4cb8cfc43a43649d4afb59633b0a85c63f14
                      • Instruction ID: f9d7a9cb1a20a41a6d1d09b2d69d3945234aa9f5a44005437f8864044e30493d
                      • Opcode Fuzzy Hash: 71bcabd74926180a3f09e451f8ef4cb8cfc43a43649d4afb59633b0a85c63f14
                      • Instruction Fuzzy Hash: DE2167B19043489FCB10EFA9C445BDEBFF4EF48320F14845AD859AB251D379A944CFA5
                      Function 09A5A21C Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                      Download Yara Rule
                      APIs
                      • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,09A5ABE9,?,?), ref: 09A5AD90
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: 63c3dc2b134f81789c9a50d76849fd22a45498ed830b35b2d896ee2f0bbd5768
                      • Instruction ID: 2fc7495e881019889cfa4d4c586ade50e3e62705c824aee8fae67f860aaa5021
                      • Opcode Fuzzy Hash: 63c3dc2b134f81789c9a50d76849fd22a45498ed830b35b2d896ee2f0bbd5768
                      • Instruction Fuzzy Hash: 0D1136B6900349DFCB60EF99D445BDEBBF4EB48320F10841AD959A7340D379A944CFA5
                      Function 09A5AD31 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                      Download Yara Rule
                      APIs
                      • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,09A5ABE9,?,?), ref: 09A5AD90
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: 2a1f6f24e3e5b8f49121e311ab355e8acc7f1cbc940f877634b3b63b3e017c5c
                      • Instruction ID: 235cdf2cf329cf32e0a00526ba9b19d3988afc8184d7226978b963ff6c586dce
                      • Opcode Fuzzy Hash: 2a1f6f24e3e5b8f49121e311ab355e8acc7f1cbc940f877634b3b63b3e017c5c
                      • Instruction Fuzzy Hash: 831125B5900349DFCB20DF99C445BEEBBF4EB48320F20841AD959A7240D379A944CFA5
                      Function 0239D3B4 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1335508358.000000000239D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0239D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_239d000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 86ba2b640fe09fa6524cb7b10f1fa1eac2aeb24625e8a4403887b60e0ff78fa3
                      • Instruction ID: 4f422b20e301e18a7ed9e27efd5373fb3f07c70b7895440a8d006172ef590a5e
                      • Opcode Fuzzy Hash: 86ba2b640fe09fa6524cb7b10f1fa1eac2aeb24625e8a4403887b60e0ff78fa3
                      • Instruction Fuzzy Hash: 4C2137B1604208DFDF09EF14D9C1F26BF65FB8A314F20C569E8090B656C736E456C7A1
                      Function 023AD01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1335538642.00000000023AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 023AD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_23ad000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d4c6d29a5ac377f77578012041ae9e0846449b597b6dfbcf0855a33992f1e38c
                      • Instruction ID: 0db9d3e2bcca8deae0bee53181b6bc39a84843abfcfa987dc57ac7972b50a1d8
                      • Opcode Fuzzy Hash: d4c6d29a5ac377f77578012041ae9e0846449b597b6dfbcf0855a33992f1e38c
                      • Instruction Fuzzy Hash: C8213471604208DFDB14DF24D9D4B26BF65FB88314F20C57DE80A4BA56C33AD407CA61
                      Function 023AD1D4 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1335538642.00000000023AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 023AD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_23ad000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 25eddf31d20a03be18a89fe878183fe0e3d5f88a45a7f638eaa8225caabf587d
                      • Instruction ID: b9ac78e10179f110dd60e74105c60370a3ac6cdc5f24cde935a336f038dd9921
                      • Opcode Fuzzy Hash: 25eddf31d20a03be18a89fe878183fe0e3d5f88a45a7f638eaa8225caabf587d
                      • Instruction Fuzzy Hash: 6E212675514208EFDB05DF14D9D0F26BBA5FB88314F20C5BDE80A4BA56C33AD806CA61
                      Function 023AD006 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1335538642.00000000023AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 023AD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_23ad000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bde07feeb45ebbad4015ee92aa6733f81217d087d63198efb95b37997e2b1e4b
                      • Instruction ID: df9c143e04565f05aeef3d1a0df67419a3a503c8c65610a9cc7e82b93fdf55f8
                      • Opcode Fuzzy Hash: bde07feeb45ebbad4015ee92aa6733f81217d087d63198efb95b37997e2b1e4b
                      • Instruction Fuzzy Hash: 922162755083849FCB02CF24D994711BF71EF46214F29C5EAD8898F6A7C33A985ACB62
                      Function 0239D3AF Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1335508358.000000000239D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0239D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_239d000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                      • Instruction ID: 58b768eaa9ee55ca43fb0d65039730c353c1df1b59e87bd752a131615f2bd80b
                      • Opcode Fuzzy Hash: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                      • Instruction Fuzzy Hash: B111E676504284CFCF16DF14D5C4B16BF71FB85314F24C5A9D8490B656C336E45ACBA1
                      Function 023AD1CF Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1335538642.00000000023AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 023AD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_23ad000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                      • Instruction ID: c9dad08354bbfb86b00eee95025630c86cba7c5be6200e6498b1466de6c4b671
                      • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                      • Instruction Fuzzy Hash: A111DD75504284DFCB02CF10C5D4B15FBB1FB84314F24C6ADD8494B6A6C33AD40ACB61

                      Non-executed Functions

                      Function 04A74498 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: ">H
                      • API String ID: 0-2361782893
                      • Opcode ID: f922c4a37658fc3f94c9ee56f932b76096c0b715e88bad6b2e9f82104d821242
                      • Instruction ID: 4c9e8587bb01c00142bf7275f575fc62e6249aa6ec1d496c8826df7ac318d12c
                      • Opcode Fuzzy Hash: f922c4a37658fc3f94c9ee56f932b76096c0b715e88bad6b2e9f82104d821242
                      • Instruction Fuzzy Hash: 0E91D274E1521ACFCB14CFA9C9848AEFBF1FF88310F149569E415AB224E334AA42CF55
                      Function 04A74488 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: ">H
                      • API String ID: 0-2361782893
                      • Opcode ID: cc08d35189c0556af48ebe344353f9fb46962d0a9bad42f50f0285c0b8679ce6
                      • Instruction ID: 6ac32baa749124bcf8166645fd2a512eea1a53faf34d4d54fa454488e7ddade4
                      • Opcode Fuzzy Hash: cc08d35189c0556af48ebe344353f9fb46962d0a9bad42f50f0285c0b8679ce6
                      • Instruction Fuzzy Hash: 6781F474E15219CFCB54CFA9C9849AEFBF1FF88314F149569E415AB224E330AA42CF54
                      Function 091498A8 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bbab2c0288f9654dee123b848c5149e1ab936463b5ea20f20c3876f2f97afe68
                      • Instruction ID: 69f1c79877b63d53a8aa8940150ccbbf01426980e87aad2939f4a671b18806dd
                      • Opcode Fuzzy Hash: bbab2c0288f9654dee123b848c5149e1ab936463b5ea20f20c3876f2f97afe68
                      • Instruction Fuzzy Hash: 06E1E774E102198FCB14DFA9C5909AEFBB2FF89304F24C169E414AB355D730A982CFA1
                      Function 0914BCB8 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f7c63e2bf7abfe7b4959ee1b7e131ee3a49cbb5223adb6143c36528130d9d20f
                      • Instruction ID: 1f422c19107821637f696dafead1a4152bdca2444cc061251f90a2c5b97660d8
                      • Opcode Fuzzy Hash: f7c63e2bf7abfe7b4959ee1b7e131ee3a49cbb5223adb6143c36528130d9d20f
                      • Instruction Fuzzy Hash: 72E11874E152198FDB14DFA9C5909AEFBB2FF88308F24C169E414AB355D731A981CFA0
                      Function 09149CE0 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 498a645adb93d61b414ec3ad98e21cb783bb90d9f19f1d10138dbc83f769e335
                      • Instruction ID: 0a341e185af724dbd845ce0ebc3a31496e54e6051740b31cb734c799e7f01575
                      • Opcode Fuzzy Hash: 498a645adb93d61b414ec3ad98e21cb783bb90d9f19f1d10138dbc83f769e335
                      • Instruction Fuzzy Hash: 4FE1F874E102198FDB14DFA9C5909AEFBB2FF89304F24C169E415AB359D731A981CFA0
                      Function 0914C0F0 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 684d64ebfafd813915a3005a7bbae4ff009dd09e30f48d49ddafd5d4544ddb48
                      • Instruction ID: 19bf99c387c97d52acf681506ea1ea94f2d4797532e73150d2ca9a60798c1821
                      • Opcode Fuzzy Hash: 684d64ebfafd813915a3005a7bbae4ff009dd09e30f48d49ddafd5d4544ddb48
                      • Instruction Fuzzy Hash: B8E1E574E112198FCB14DFA9C5909EEBBB2FF89304F248169E455AB359D730A981CFA0
                      Function 0914B388 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aedb7da0994d044743b964744cbc78b0791c180239a172e5134edfe3c9837659
                      • Instruction ID: d0499b006f70d1362bc3fa526d4987debe177511264aeaa229f790aadc760ff6
                      • Opcode Fuzzy Hash: aedb7da0994d044743b964744cbc78b0791c180239a172e5134edfe3c9837659
                      • Instruction Fuzzy Hash: EEE1F874E142198FCB14DFA9C5909AEFBB2FF89305F24C169E415AB359D730A981CFA0
                      Function 04A758D0 Relevance: .2, Instructions: 161COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: eaca10731221b8dd1531c9180f3af19686cc5d0f204f88d264909ab73700041c
                      • Instruction ID: e2a67666c6882c921f0656d1fa36912e7ddf58e94214960f726630bbed96f5d2
                      • Opcode Fuzzy Hash: eaca10731221b8dd1531c9180f3af19686cc5d0f204f88d264909ab73700041c
                      • Instruction Fuzzy Hash: B261F370E15219DFDB14CFAAC9809DEFBF6AB88310F24952AD415B7314E330AA41CF54
                      Function 04A758C1 Relevance: .2, Instructions: 160COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 007098974f5253486f4ed4351d96680d439aa6795a5fe8c774acca1731e0c574
                      • Instruction ID: 3fc48d7622b53f1a18839a547eacc0674fb49bde43ee71874510094650e81fa6
                      • Opcode Fuzzy Hash: 007098974f5253486f4ed4351d96680d439aa6795a5fe8c774acca1731e0c574
                      • Instruction Fuzzy Hash: 4761F770E15209DFCB04CFA9C9815DEFBF6EF88210F14956AD415B7315E374AA42CB64
                      Function 04A752F8 Relevance: .2, Instructions: 158COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 690c423153dc8e3cbbc4a27e813c6a9c3b7f7d8ec8d4fefee0c5f623b4b75098
                      • Instruction ID: 20d94254b1b5da2c40321eee6028a4e30af4cfe4018e083421302079e31ea08f
                      • Opcode Fuzzy Hash: 690c423153dc8e3cbbc4a27e813c6a9c3b7f7d8ec8d4fefee0c5f623b4b75098
                      • Instruction Fuzzy Hash: 16613EB0E04209EFCB14CFAAC9805EEFBB2AF48300F149569D425B7350E774AA42CF54
                      Function 09A58F27 Relevance: .2, Instructions: 151COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4e176af1abe8328229bacfec841a3b38bd8d3422501f7f7d09e58bff1d0a416c
                      • Instruction ID: f87d2abff83ad482de8f170fcc844cf454944c9d4f36a0ced838921abfbf006a
                      • Opcode Fuzzy Hash: 4e176af1abe8328229bacfec841a3b38bd8d3422501f7f7d09e58bff1d0a416c
                      • Instruction Fuzzy Hash: E9718223D40A08DFCB14A73B951BADA67DDA78A724F46D396962A1F1F2D3F72040CE41
                      Function 0914BCA7 Relevance: .1, Instructions: 137COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e28eb6bea9c33aae3b03827b557566fabe885abde5e1c40e6835069b2cf809b2
                      • Instruction ID: 776067bb9342ae361309281eca04271661e847cb8c82be658e426c2a7bbdecc3
                      • Opcode Fuzzy Hash: e28eb6bea9c33aae3b03827b557566fabe885abde5e1c40e6835069b2cf809b2
                      • Instruction Fuzzy Hash: 3451F574E142198FDB14DFA9C9805EEBBF2BF89304F24C16AD418AB316D7359942CFA1
                      Function 09149CD1 Relevance: .1, Instructions: 133COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1347298297.0000000009140000.00000040.00000800.00020000.00000000.sdmp, Offset: 09140000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9140000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3990b74477f6e3ed192c37c287be324c5ec1e7881f60fad5673c8d00e1180a0c
                      • Instruction ID: 920feecccca47df10ea1e90c15f284a538f41ecac4fdf4d8b0143066bab63132
                      • Opcode Fuzzy Hash: 3990b74477f6e3ed192c37c287be324c5ec1e7881f60fad5673c8d00e1180a0c
                      • Instruction Fuzzy Hash: DA512870E102198FCB14DFA9C9805AEFBB2FF89304F24C169D418AB316D731A942CFA1
                      Function 04A75B30 Relevance: .1, Instructions: 120COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b5e30a35e105f99e175a3d81c67427464e87f7bcb4e2a36d51be0c51b78b0e65
                      • Instruction ID: fa59f90b7b6769af03bcb7fef10a21a1d3d755bee0f525eba868a01efc575046
                      • Opcode Fuzzy Hash: b5e30a35e105f99e175a3d81c67427464e87f7bcb4e2a36d51be0c51b78b0e65
                      • Instruction Fuzzy Hash: 0751EEB0E0560ADFCB04CF9AC9815AEFBF2EF98300F24D46AC515B7614E734AA419B94
                      Function 04A75B21 Relevance: .1, Instructions: 119COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4f0870e36c9938981b58158b575a4119721056be1649ce6c8a669686d8eee63c
                      • Instruction ID: c334ad07c1fae4dc6cda02026feec075c7336793d536c7352009a27b8ee6186e
                      • Opcode Fuzzy Hash: 4f0870e36c9938981b58158b575a4119721056be1649ce6c8a669686d8eee63c
                      • Instruction Fuzzy Hash: 7B51FE70E0520ADFCB04CFA9C9815AEFBF2FF99300F24D46AC515E7614E734AA429B94
                      Function 04A756B0 Relevance: .1, Instructions: 107COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b6f4cb36f5f764cabbc9db73ed8b63911ca868583239ff1a25477c6130d2d2e2
                      • Instruction ID: 14fe6b10134a24786736b4fbd2b11e80294416734e25ae98a2db48e44cb6fac5
                      • Opcode Fuzzy Hash: b6f4cb36f5f764cabbc9db73ed8b63911ca868583239ff1a25477c6130d2d2e2
                      • Instruction Fuzzy Hash: 1F41FAB0E05209DFDB04CFAAC9805AEFBF2FB88340F24C469C415B7644E334AA529F94
                      Function 04A756A2 Relevance: .1, Instructions: 106COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f97c288a4c0b1dd9551330bd5016e62709bd9ac740aeba55098a4ee243027a09
                      • Instruction ID: 9b9b73dca4b3b5d6e31a7f93cb7a3aa5b19bae9ef32500a1aea57616da33fb6e
                      • Opcode Fuzzy Hash: f97c288a4c0b1dd9551330bd5016e62709bd9ac740aeba55098a4ee243027a09
                      • Instruction Fuzzy Hash: AB41EAB0E1520A9FDB04CFAAC9815AEFBF2FF88350F14C46AC415A7654E7349A52CF94
                      Function 09A51211 Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ec8329c3e08b729f3f15d73ef9535eb330cfab14998710abdc91ceeca25ace46
                      • Instruction ID: 02d2394c1702fbb6e8f16c96fe9bb23a7162df987c2acc880e2884b5b4994df3
                      • Opcode Fuzzy Hash: ec8329c3e08b729f3f15d73ef9535eb330cfab14998710abdc91ceeca25ace46
                      • Instruction Fuzzy Hash: 0D414970E156188FDB58CF6AD940BAEBBF2FF89310F10C1AAD509A7264DB309A45CF51
                      Function 09A51220 Relevance: .1, Instructions: 103COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1348011820.0000000009A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_9a50000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c74ba0b327420fcf74742638e7d568bedc2bb2ed9de7ef3194d8f107847965b4
                      • Instruction ID: 20b88feaa3c806a7e6617f1f8279e0db65184a1ab378da803bc1aadbbeb4db63
                      • Opcode Fuzzy Hash: c74ba0b327420fcf74742638e7d568bedc2bb2ed9de7ef3194d8f107847965b4
                      • Instruction Fuzzy Hash: 8C410571E156198FDB58CF6AD940AAEFBF2BF88310F10C1AAD509A7264DB309A41CF51
                      Function 04A75B5B Relevance: .1, Instructions: 103COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1341473680.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4a70000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 538674f123ebd3cf850c9bebff31fae0e2fe27a9d0148fc7d90559e753b8da30
                      • Instruction ID: 6e71154c3baa4238fca29871ba664e59f9cab03cd7f5e3b43c37e26b2091a46c
                      • Opcode Fuzzy Hash: 538674f123ebd3cf850c9bebff31fae0e2fe27a9d0148fc7d90559e753b8da30
                      • Instruction Fuzzy Hash: D5410D70E0560ADFCB04CF95C9815AEFBF2EFD9300F24D866C515E7614E734AA429B94

                      Execution Graph

                      Execution Coverage:0.8%
                      Dynamic/Decrypted Code Coverage:4.3%
                      Signature Coverage:7.8%
                      Total number of Nodes:116
                      Total number of Limit Nodes:14
                      execution_graph 96161 42fa63 96162 42fa73 96161->96162 96163 42fa79 96161->96163 96166 42eaa3 96163->96166 96165 42fa9f 96169 42cc63 96166->96169 96168 42eabb 96168->96165 96170 42cc7d 96169->96170 96171 42cc8b RtlAllocateHeap 96170->96171 96171->96168 96172 4250a3 96173 4250bc 96172->96173 96174 425104 96173->96174 96177 425144 96173->96177 96179 425149 96173->96179 96180 42e9c3 96174->96180 96178 42e9c3 RtlFreeHeap 96177->96178 96178->96179 96183 42cca3 96180->96183 96182 425114 96184 42ccbd 96183->96184 96185 42cccb RtlFreeHeap 96184->96185 96185->96182 96271 424d13 96272 424d2f 96271->96272 96273 424d57 96272->96273 96274 424d6b 96272->96274 96276 42c953 NtClose 96273->96276 96275 42c953 NtClose 96274->96275 96277 424d74 96275->96277 96278 424d60 96276->96278 96281 42eae3 RtlAllocateHeap 96277->96281 96280 424d7f 96281->96280 96282 42bfb3 96283 42bfcd 96282->96283 96286 1492df0 LdrInitializeThunk 96283->96286 96284 42bff2 96286->96284 96186 417b63 96187 417b87 96186->96187 96188 417bc3 LdrLoadDll 96187->96188 96189 417b8e 96187->96189 96188->96189 96287 41a8f3 96288 41a962 96287->96288 96289 41a90b 96287->96289 96289->96288 96291 41e833 96289->96291 96292 41e859 96291->96292 96296 41e94d 96292->96296 96297 42fb93 96292->96297 96294 41e8eb 96295 42c003 LdrInitializeThunk 96294->96295 96294->96296 96295->96296 96296->96288 96298 42fb03 96297->96298 96299 42fb60 96298->96299 96300 42eaa3 RtlAllocateHeap 96298->96300 96299->96294 96301 42fb3d 96300->96301 96302 42e9c3 RtlFreeHeap 96301->96302 96302->96299 96303 414033 96307 414050 96303->96307 96305 4140ac 96306 4140b6 96307->96306 96308 41b773 RtlFreeHeap LdrInitializeThunk 96307->96308 96308->96305 96190 4248a4 96191 4248c5 96190->96191 96194 42c953 96191->96194 96193 4248ec 96195 42c96d 96194->96195 96196 42c97b NtClose 96195->96196 96196->96193 96197 40192a 96199 40192e 96197->96199 96198 40198b 96199->96198 96202 42ff33 96199->96202 96200 401a50 96200->96200 96205 42e573 96202->96205 96206 42e599 96205->96206 96215 407403 96206->96215 96208 42e5af 96214 42e60b 96208->96214 96218 41b463 96208->96218 96210 42e5ce 96211 42cce3 ExitProcess 96210->96211 96212 42e5e3 96210->96212 96211->96212 96229 42cce3 96212->96229 96214->96200 96232 416823 96215->96232 96217 407410 96217->96208 96219 41b48f 96218->96219 96250 41b353 96219->96250 96222 41b4d4 96226 42c953 NtClose 96222->96226 96227 41b4f0 96222->96227 96223 41b4bc 96224 41b4c7 96223->96224 96225 42c953 NtClose 96223->96225 96224->96210 96225->96224 96228 41b4e6 96226->96228 96227->96210 96228->96210 96230 42cd00 96229->96230 96231 42cd11 ExitProcess 96230->96231 96231->96214 96233 416840 96232->96233 96235 416853 96233->96235 96236 42d393 96233->96236 96235->96217 96238 42d3ad 96236->96238 96237 42d3dc 96237->96235 96238->96237 96243 42c003 96238->96243 96241 42e9c3 RtlFreeHeap 96242 42d452 96241->96242 96242->96235 96244 42c01d 96243->96244 96247 1492c0a 96244->96247 96245 42c046 96245->96241 96248 1492c1f LdrInitializeThunk 96247->96248 96249 1492c11 96247->96249 96248->96245 96249->96245 96251 41b449 96250->96251 96252 41b36d 96250->96252 96251->96222 96251->96223 96256 42c093 96252->96256 96255 42c953 NtClose 96255->96251 96257 42c0b0 96256->96257 96260 14935c0 LdrInitializeThunk 96257->96260 96258 41b43d 96258->96255 96260->96258 96261 42502c 96262 425032 96261->96262 96263 42c953 NtClose 96262->96263 96265 425037 96262->96265 96264 42505c 96263->96264

                      Executed Functions

                      Function 00417B63 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 18 417b63-417b7f 19 417b87-417b8c 18->19 20 417b82 call 42f5a3 18->20 21 417b92-417ba0 call 42fba3 19->21 22 417b8e-417b91 19->22 20->19 25 417bb0-417bc1 call 42e043 21->25 26 417ba2-417bad call 42fe43 21->26 31 417bc3-417bd7 LdrLoadDll 25->31 32 417bda-417bdd 25->32 26->25 31->32
                      APIs
                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417BD5
                      Memory Dump Source
                      • Source File: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_400000_WF2DL1l7E8.jbxd
                      Yara matches
                      Similarity
                      • API ID: Load
                      • String ID:
                      • API String ID: 2234796835-0
                      • Opcode ID: b799f33cdfcceec68cf2461573a55d2e37cccfb65537d172954ac166eadf2d1b
                      • Instruction ID: 122384901a9c5e31b0cbf47cd83ed5cb9323d92cb62f98cf8b450b2778bc3db3
                      • Opcode Fuzzy Hash: b799f33cdfcceec68cf2461573a55d2e37cccfb65537d172954ac166eadf2d1b
                      • Instruction Fuzzy Hash: D60171B1E0420DBBDF10DBE1DC42FDEB3789B14308F4081AAE90897241F639EB588B95
                      Function 0042C953 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 43 42c953-42c989 call 404643 call 42db53 NtClose
                      APIs
                      • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C984
                      Memory Dump Source
                      • Source File: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_400000_WF2DL1l7E8.jbxd
                      Yara matches
                      Similarity
                      • API ID: Close
                      • String ID:
                      • API String ID: 3535843008-0
                      • Opcode ID: 2f59229fe5a35477addfa38c4a351323b046b53500d51ab444dffaebc889c80f
                      • Instruction ID: a1a1041c0e6c1b94269db6ff4cf73d3451205fe7691f058a31b8fa4964ffe1e3
                      • Opcode Fuzzy Hash: 2f59229fe5a35477addfa38c4a351323b046b53500d51ab444dffaebc889c80f
                      • Instruction Fuzzy Hash: 2EE08676300614BBD510FA5ADC01F97775CEFC6714F404419FA4867341D675B91487F4
                      Function 01492DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 58 1492df0-1492dfc LdrInitializeThunk
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 9865e6eef4e9f94307a6c6e28d958ba9c3173d95972f30d45e95fc295dc37dd7
                      • Instruction ID: 00207aa9e13fdeaa15bbfb3d26a14ff4c68ea07005dc20eb2f22b61d6f4e6006
                      • Opcode Fuzzy Hash: 9865e6eef4e9f94307a6c6e28d958ba9c3173d95972f30d45e95fc295dc37dd7
                      • Instruction Fuzzy Hash: 9390027170140513D111719845147070009D7F0242FD6C413A0424559DD7668A52A221
                      Function 01492C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 57 1492c70-1492c7c LdrInitializeThunk
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 8710c8b88489d3606404dc84a486cda07f5832b4d67ef713a66140bb76a8f6f3
                      • Instruction ID: 255278a3d2ba257eb56349b3883904249901962b339b5a6b40c054b013383845
                      • Opcode Fuzzy Hash: 8710c8b88489d3606404dc84a486cda07f5832b4d67ef713a66140bb76a8f6f3
                      • Instruction Fuzzy Hash: 7E90027170148902D1107198841474A0005D7F0302F9AC412A4424659DC7A589917221
                      Function 014935C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 59 14935c0-14935cc LdrInitializeThunk
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 4e38496b207ff1e7c76d18db5faf4f76aae1bf419b7a68b1f9bce40724ab99c3
                      • Instruction ID: c609b3abe9bf635eb00c558413466e58ef4747383051e55e6436c6f1c25ba497
                      • Opcode Fuzzy Hash: 4e38496b207ff1e7c76d18db5faf4f76aae1bf419b7a68b1f9bce40724ab99c3
                      • Instruction Fuzzy Hash: 0D900271B0550502D100719845247061005D7F0202FA6C412A0424569DC7A58A5166A2
                      Function 0042CC63 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 33 42cc63-42cca1 call 404643 call 42db53 RtlAllocateHeap
                      APIs
                      • RtlAllocateHeap.NTDLL(?,0041E8EB,?,?,00000000,?,0041E8EB,?,?,?), ref: 0042CC9C
                      Memory Dump Source
                      • Source File: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_400000_WF2DL1l7E8.jbxd
                      Yara matches
                      Similarity
                      • API ID: AllocateHeap
                      • String ID:
                      • API String ID: 1279760036-0
                      • Opcode ID: ac00b1638777126d2cea74cea7df9c0d5320b23dccd002bc6f264aef07eeb62c
                      • Instruction ID: 7c74d4e41703ecf2ac74f9d9b4895f51b419b40aa0f09aed774a1cc672b14946
                      • Opcode Fuzzy Hash: ac00b1638777126d2cea74cea7df9c0d5320b23dccd002bc6f264aef07eeb62c
                      • Instruction Fuzzy Hash: 3DE09AB22042187BCA14EF5AEC41F9B37ACEFC9710F004419FA08A7341D675BA108BB8
                      Function 0042CCA3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 38 42cca3-42cce1 call 404643 call 42db53 RtlFreeHeap
                      APIs
                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,3777EA40,00000007,00000000,00000004,00000000,004173E4,000000F4), ref: 0042CCDC
                      Memory Dump Source
                      • Source File: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_400000_WF2DL1l7E8.jbxd
                      Yara matches
                      Similarity
                      • API ID: FreeHeap
                      • String ID:
                      • API String ID: 3298025750-0
                      • Opcode ID: b80920223b0d3d6ec0276f1483e88535983c36a14dc249cb946427c0f6602cca
                      • Instruction ID: 17ffdd14cf893de34d185b730fd02e884b2db9c7d9af60b921a6e04f82d44752
                      • Opcode Fuzzy Hash: b80920223b0d3d6ec0276f1483e88535983c36a14dc249cb946427c0f6602cca
                      • Instruction Fuzzy Hash: C8E06D712002047BC610EE49DC42F9B37ACEFC5714F004419F908A7341D674B9108AB8
                      Function 0042CCE3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 48 42cce3-42cd1f call 404643 call 42db53 ExitProcess
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.1871022568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_400000_WF2DL1l7E8.jbxd
                      Yara matches
                      Similarity
                      • API ID: ExitProcess
                      • String ID:
                      • API String ID: 621844428-0
                      • Opcode ID: e5ead24424c220527bba2a4c9ff2b6f981b37aac09ced8e85fba16840dc346b3
                      • Instruction ID: db584931667c167d052b57122e12c945e868705e8a3680be29b3f7ccc7343bef
                      • Opcode Fuzzy Hash: e5ead24424c220527bba2a4c9ff2b6f981b37aac09ced8e85fba16840dc346b3
                      • Instruction Fuzzy Hash: 49E04F356442147BC610AA5ADC01F9B775CEBC5754F414419FA0CA7241D675791187E4
                      Function 01492C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 53 1492c0a-1492c0f 54 1492c1f-1492c26 LdrInitializeThunk 53->54 55 1492c11-1492c18 53->55
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 7c2cc5d79fe172016719eb3f603ef27b0028d3c3b61a93271b46e725df445eb1
                      • Instruction ID: 4c4bf3a091f1f90dbbc2bde2a9cfd7f1971e8ff86684e2340f7d806db93eafbb
                      • Opcode Fuzzy Hash: 7c2cc5d79fe172016719eb3f603ef27b0028d3c3b61a93271b46e725df445eb1
                      • Instruction Fuzzy Hash: 1BB04C719015C595DA11A7A44608A177900A7E0701F56C062D2020652B47789191E275

                      Non-executed Functions

                      Function 014D2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-2160512332
                      • Opcode ID: 76425860bd4c54470beba0b27dcf70fbb303872a6de443f1b7b649109efd0eda
                      • Instruction ID: 131baf1ef3aa71e20c305563abb3bcd3539a02eb3c136df9cca11a6da71c4a84
                      • Opcode Fuzzy Hash: 76425860bd4c54470beba0b27dcf70fbb303872a6de443f1b7b649109efd0eda
                      • Instruction Fuzzy Hash: 93926D71604342ABEB21DF29C850F6BBBE8BB94754F04491EFA94D7360D7B0E845CB92
                      Function 01488620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                      Download Yara Rule
                      Strings
                      • Thread identifier, xrefs: 014C553A
                      • 8, xrefs: 014C52E3
                      • Critical section debug info address, xrefs: 014C541F, 014C552E
                      • double initialized or corrupted critical section, xrefs: 014C5508
                      • corrupted critical section, xrefs: 014C54C2
                      • Invalid debug info address of this critical section, xrefs: 014C54B6
                      • Thread is in a state in which it cannot own a critical section, xrefs: 014C5543
                      • Address of the debug info found in the active list., xrefs: 014C54AE, 014C54FA
                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014C540A, 014C5496, 014C5519
                      • Critical section address, xrefs: 014C5425, 014C54BC, 014C5534
                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014C54CE
                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014C54E2
                      • Critical section address., xrefs: 014C5502
                      • undeleted critical section in freed memory, xrefs: 014C542B
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                      • API String ID: 0-2368682639
                      • Opcode ID: d697c7a2c6e27c8c92a0bcc8d66a3a93cac658994e09a11e522e9d7231f30f9f
                      • Instruction ID: 160e8a7994cb7a6be770964f51119e03b6f19d653af9f00447b85433e5b846f9
                      • Opcode Fuzzy Hash: d697c7a2c6e27c8c92a0bcc8d66a3a93cac658994e09a11e522e9d7231f30f9f
                      • Instruction Fuzzy Hash: 4581ADB4A00359AFDB60CF9AC844BAEBBB5BB58B14F20411FF504BB760D371A945CB50
                      Function 014829F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                      Download Yara Rule
                      Strings
                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 014C2602
                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 014C2412
                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014C25EB
                      • @, xrefs: 014C259B
                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 014C261F
                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 014C2409
                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014C24C0
                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 014C2506
                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014C22E4
                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 014C2498
                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 014C2624
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                      • API String ID: 0-4009184096
                      • Opcode ID: 320add6e08897f32915cc854377bd6792be53fcbb37a06f47210946bbdb350f6
                      • Instruction ID: b8d0e37a553a60b9b6cc1cbea20113e5c1027f89f391bd0387c8e2a0271368f0
                      • Opcode Fuzzy Hash: 320add6e08897f32915cc854377bd6792be53fcbb37a06f47210946bbdb350f6
                      • Instruction Fuzzy Hash: 34027EF5D002299BDB71DB54CC80FAEB7B8AB54704F0041EFA609A7261DBB09E85CF59
                      Function 014F8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                      • API String ID: 0-2515994595
                      • Opcode ID: 9a8c0b80192ceeb55c163d1351390c2fc24dc6c93f087739e7c5765a8c500d8f
                      • Instruction ID: 96c38b749972a99aa9524787e7f141beb29742d3f30641a0c29dfaa772125d8f
                      • Opcode Fuzzy Hash: 9a8c0b80192ceeb55c163d1351390c2fc24dc6c93f087739e7c5765a8c500d8f
                      • Instruction Fuzzy Hash: 5751FF712053529BD325CF198844BABBBE8EFA4340F14091FFA588B3A0E770D649CB92
                      Function 01500274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                      • API String ID: 0-1700792311
                      • Opcode ID: 0e8061f132624537ec73c6ac7dee5e9d3d1216c5517723c47b1d1721c57006f4
                      • Instruction ID: c86623b4f7cc617f165fa7be81dbe84353b6ac176dbbc0c8f1d14507f9a43d18
                      • Opcode Fuzzy Hash: 0e8061f132624537ec73c6ac7dee5e9d3d1216c5517723c47b1d1721c57006f4
                      • Instruction Fuzzy Hash: 4FD1DA35500682EFEB22DFA9C401BADBBF1FF5A644F19800AE8459F2E2C735D981CB14
                      Function 014D89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                      Download Yara Rule
                      Strings
                      • AVRF: -*- final list of providers -*- , xrefs: 014D8B8F
                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 014D8A67
                      • VerifierDlls, xrefs: 014D8CBD
                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 014D8A3D
                      • HandleTraces, xrefs: 014D8C8F
                      • VerifierDebug, xrefs: 014D8CA5
                      • VerifierFlags, xrefs: 014D8C50
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                      • API String ID: 0-3223716464
                      • Opcode ID: ecc9dcab241851011db24c24d26697fd0bd6c78cbf8cb4fd072b592798c32a3c
                      • Instruction ID: 4d240e44e2e4dd04896d40b34ff2ba14830540f42ea3d650140e8df41ebd9440
                      • Opcode Fuzzy Hash: ecc9dcab241851011db24c24d26697fd0bd6c78cbf8cb4fd072b592798c32a3c
                      • Instruction Fuzzy Hash: 12912471604713EFDB21EF6998A0B6B77A4ABA4A18F06041FFA406F3B1D7709C05CB91
                      Function 0145EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                      • API String ID: 0-1109411897
                      • Opcode ID: 821270520f5f37ae11c908abf4ad30d8433e0d7a05f6b0581551bd83f25a19b7
                      • Instruction ID: 06830887b9f4f4bd8051f73cb0df9b4a66fe0b0774d99d30f11f509aafc761f7
                      • Opcode Fuzzy Hash: 821270520f5f37ae11c908abf4ad30d8433e0d7a05f6b0581551bd83f25a19b7
                      • Instruction Fuzzy Hash: 4CA25174A056298FDB64CF19CC887AEBBB5AF45304F1441EAD90EA7362DB349E85CF10
                      Function 014863FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-792281065
                      • Opcode ID: 88e3927de1495dc5dc9d0ed36e90d356b05a78333bda94732059267870430b83
                      • Instruction ID: a9a04252e7624b47c9d5efc2f611653ebe13f723912945fe338875ffe4235b07
                      • Opcode Fuzzy Hash: 88e3927de1495dc5dc9d0ed36e90d356b05a78333bda94732059267870430b83
                      • Instruction Fuzzy Hash: E8916874B003119BEBA5EF59D955BAE3BA2BF50F28F16002FE9506B3B1DBB04801C794
                      Function 0144645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                      Download Yara Rule
                      Strings
                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 014A9A01
                      • minkernel\ntdll\ldrinit.c, xrefs: 014A9A11, 014A9A3A
                      • apphelp.dll, xrefs: 01446496
                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014A99ED
                      • LdrpInitShimEngine, xrefs: 014A99F4, 014A9A07, 014A9A30
                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 014A9A2A
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-204845295
                      • Opcode ID: 847f07a5a47c5f15f65011dceb264fa4ac63a9b50b96e28fa46d4cb932edb871
                      • Instruction ID: 9bde8b1263c7a44dd6904e5a80e17250cde5ba09272c7c2d1e9de42e96daedc1
                      • Opcode Fuzzy Hash: 847f07a5a47c5f15f65011dceb264fa4ac63a9b50b96e28fa46d4cb932edb871
                      • Instruction Fuzzy Hash: 005100712083409FE720DF25D851EAB7BE8FBA4648F52091FF5959B270D730E909CB92
                      Function 01482674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                      Download Yara Rule
                      Strings
                      • SXS: %s() passed the empty activation context, xrefs: 014C2165
                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 014C219F
                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 014C21BF
                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 014C2178
                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 014C2180
                      • RtlGetAssemblyStorageRoot, xrefs: 014C2160, 014C219A, 014C21BA
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                      • API String ID: 0-861424205
                      • Opcode ID: 092e50663cbf3f979999d6b0275f3c4af9982a05ed7e72cfc40356daa3ef5cac
                      • Instruction ID: 0e88252fb3fbad307aa2e49b06581460bdee900f8449a27b7a7e002db737a9a9
                      • Opcode Fuzzy Hash: 092e50663cbf3f979999d6b0275f3c4af9982a05ed7e72cfc40356daa3ef5cac
                      • Instruction Fuzzy Hash: C231377AB4021577EB21AA9A8C41F6F7A68DBE5E40F09005FFA05A7230D6F09A01C2A0
                      Function 0148C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                      Download Yara Rule
                      Strings
                      • minkernel\ntdll\ldrredirect.c, xrefs: 014C8181, 014C81F5
                      • minkernel\ntdll\ldrinit.c, xrefs: 0148C6C3
                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 014C81E5
                      • Loading import redirection DLL: '%wZ', xrefs: 014C8170
                      • LdrpInitializeImportRedirection, xrefs: 014C8177, 014C81EB
                      • LdrpInitializeProcess, xrefs: 0148C6C4
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                      • API String ID: 0-475462383
                      • Opcode ID: a07deb4ae2a4e8e611a502e3b0a6e80d19497a522fcf40380173e0ac83538c52
                      • Instruction ID: 159a9d4a760e101e08a5c72311a0485d11d155e5dba708b3e6eb1a241b9ba90f
                      • Opcode Fuzzy Hash: a07deb4ae2a4e8e611a502e3b0a6e80d19497a522fcf40380173e0ac83538c52
                      • Instruction Fuzzy Hash: 313124756443029FC220EF2AD845E1B7BE1EFA4B14F05055EF9846B2B1E630EC04C7A2
                      Function 0149096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 01492DF0: LdrInitializeThunk.NTDLL ref: 01492DFA
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01490BA3
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01490BB6
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01490D60
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01490D74
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                      • String ID:
                      • API String ID: 1404860816-0
                      • Opcode ID: 3c5b508b9915e1596bbd6745e5fc0f0210937155bd0525b3d36c8cb25e634bef
                      • Instruction ID: b4b4019638954e9e06027e3243d9d9115187acc5365d7c7967195aa4c16223eb
                      • Opcode Fuzzy Hash: 3c5b508b9915e1596bbd6745e5fc0f0210937155bd0525b3d36c8cb25e634bef
                      • Instruction Fuzzy Hash: 12425A75900715EFDF61CF28C880BAABBF9BF04314F1445AEE9899B251D770AA85CF60
                      Function 0145A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                      • API String ID: 0-379654539
                      • Opcode ID: 50761d5eb5461fd457cc6a33bad04b9f3494ee9b5f1f1b4a1f0056dd7f3a5495
                      • Instruction ID: bc8b2028571ab7224134bf6f997e377dbca328be964e670847cd5ed494bd7240
                      • Opcode Fuzzy Hash: 50761d5eb5461fd457cc6a33bad04b9f3494ee9b5f1f1b4a1f0056dd7f3a5495
                      • Instruction Fuzzy Hash: FBC19C701083868FD751CF58C144B6BBBE4BF85308F104A6BF9958B362E774D94ACB62
                      Function 01488402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                      Download Yara Rule
                      Strings
                      • minkernel\ntdll\ldrinit.c, xrefs: 01488421
                      • @, xrefs: 01488591
                      • LdrpInitializeProcess, xrefs: 01488422
                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0148855E
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-1918872054
                      • Opcode ID: ea1d9bb1642e2d8d418ee5072c2ba161a05d463d6e1525548bc99a6dfd96e6c8
                      • Instruction ID: c37cc036d8472f646501a804df10aa451ea6f3d6c11669e355de7d9c75a6a83b
                      • Opcode Fuzzy Hash: ea1d9bb1642e2d8d418ee5072c2ba161a05d463d6e1525548bc99a6dfd96e6c8
                      • Instruction Fuzzy Hash: 2091BF71509346AFD721EF26CC40EAFBAE8BF94A54F80092FF68496161E770D944CB62
                      Function 0148273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                      Download Yara Rule
                      Strings
                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014C22B6
                      • .Local, xrefs: 014828D8
                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 014C21D9, 014C22B1
                      • SXS: %s() passed the empty activation context, xrefs: 014C21DE
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                      • API String ID: 0-1239276146
                      • Opcode ID: a1cf8dc9feace9b9577361c326e89892fb06e0e2d2defc1ae819611fdcb70f9b
                      • Instruction ID: 75ad2a130a12c7050ba9ede9cecb994555c9d036456c9e224fbf06791f6a83fa
                      • Opcode Fuzzy Hash: a1cf8dc9feace9b9577361c326e89892fb06e0e2d2defc1ae819611fdcb70f9b
                      • Instruction Fuzzy Hash: C4A1C035A002299BDB24DF59C884FAAB7B1BF58714F1441EFD908A7361D7B09E81CF80
                      Function 01484AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                      Download Yara Rule
                      Strings
                      • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 014C3437
                      • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 014C3456
                      • RtlDeactivateActivationContext, xrefs: 014C3425, 014C3432, 014C3451
                      • SXS: %s() called with invalid flags 0x%08lx, xrefs: 014C342A
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                      • API String ID: 0-1245972979
                      • Opcode ID: b56b4767d826c7aea3b8a54cadc866b7ffcb6c02eedfcaf0fe3b6619496a74b2
                      • Instruction ID: e008da76d92f03f570fa5660129510fde2969da303bea2a9c78134b35d2b5aa0
                      • Opcode Fuzzy Hash: b56b4767d826c7aea3b8a54cadc866b7ffcb6c02eedfcaf0fe3b6619496a74b2
                      • Instruction Fuzzy Hash: 9E612F3A600B129BD722DF19C841B2BF7E4BF90B20F19852FE8559B360C730E802CB95
                      Function 014564AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                      Download Yara Rule
                      Strings
                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 014B106B
                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 014B1028
                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 014B10AE
                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 014B0FE5
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                      • API String ID: 0-1468400865
                      • Opcode ID: 0a975963c3835a40219653372b25974bd62a44fbcb1878243d9129313ce64fc2
                      • Instruction ID: 436d4fa4fab080e79f7a83233250ca23508403a3825ee5c95cfb371b7c233163
                      • Opcode Fuzzy Hash: 0a975963c3835a40219653372b25974bd62a44fbcb1878243d9129313ce64fc2
                      • Instruction Fuzzy Hash: 8C71EFB1904309AFCB61DF15D880B9B7FA8AF64768F81042EFD498B267D334D189CB91
                      Function 0147245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                      Download Yara Rule
                      Strings
                      • minkernel\ntdll\ldrinit.c, xrefs: 014BA9A2
                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 014BA992
                      • LdrpDynamicShimModule, xrefs: 014BA998
                      • apphelp.dll, xrefs: 01472462
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-176724104
                      • Opcode ID: 45b4d9f2b0e43d9f6b70aceee05df3bedce0be60fac2aae6d9adb62985995b6c
                      • Instruction ID: c08e7aa2fabaa50a2eee6e891b1b73a37687b4f32c45c891a792715f73d34025
                      • Opcode Fuzzy Hash: 45b4d9f2b0e43d9f6b70aceee05df3bedce0be60fac2aae6d9adb62985995b6c
                      • Instruction Fuzzy Hash: E3312A79600212ABEB31DF5D9885EEAB7B4FB84708F26001FE8106B375D7B05946E760
                      Function 014629A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                      Download Yara Rule
                      Strings
                      • HEAP[%wZ]: , xrefs: 01463255
                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0146327D
                      • HEAP: , xrefs: 01463264
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                      • API String ID: 0-617086771
                      • Opcode ID: 86546076c28072e2e634a778e12410239e0f4cf79bc45a759e34087cccbaeebb
                      • Instruction ID: 031a81e46b45efa1415e75ae38ab3972356da84e509b0de8a5aa1067c44e515b
                      • Opcode Fuzzy Hash: 86546076c28072e2e634a778e12410239e0f4cf79bc45a759e34087cccbaeebb
                      • Instruction Fuzzy Hash: F892CF70A04289DFDB25CF68C440BAEBBF5FF48318F18805AE859AB361D774A946CF51
                      Function 01460770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                      • API String ID: 0-4253913091
                      • Opcode ID: 2b96a1cb7edae59a483f60373c9ebfdfad3a94a7e7f4380934ae096361f267ca
                      • Instruction ID: 962ffbac1abbfa33d0b5b9da9cab74ff261841b51a1f5e66d60760fc0cea332a
                      • Opcode Fuzzy Hash: 2b96a1cb7edae59a483f60373c9ebfdfad3a94a7e7f4380934ae096361f267ca
                      • Instruction Fuzzy Hash: 86F1B134A00606DFEB15CF68C894BAAB7F5FF44308F14416AE5169B3A1D774E981CF61
                      Function 01476962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: $@
                      • API String ID: 0-1077428164
                      • Opcode ID: 3367039fb072e2707e61efc0d12521eca6b15812022a9a18c02385690f2b90ac
                      • Instruction ID: f8e04afe2306b6030e508eae6e6506575f72557d0e9ac64c4972210d106d7fce
                      • Opcode Fuzzy Hash: 3367039fb072e2707e61efc0d12521eca6b15812022a9a18c02385690f2b90ac
                      • Instruction Fuzzy Hash: 16C280716083419FE725CF29C884BEBBBE5AF88714F45892EF98987361D734D805CB62
                      Function 0144A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: FilterFullPath$UseFilter$\??\
                      • API String ID: 0-2779062949
                      • Opcode ID: 02bea373d313807b5e398d0a4db6df8ac18cd97d1e45b78bdbb85c78d117dcba
                      • Instruction ID: 3fdf99a124f61c7909b47ac2fd4b03c333e8bd96735a711704865eaefaf9e829
                      • Opcode Fuzzy Hash: 02bea373d313807b5e398d0a4db6df8ac18cd97d1e45b78bdbb85c78d117dcba
                      • Instruction Fuzzy Hash: 50A18B769012299BDB71DF28CC88BEAB7B8FF54714F1101EAE909A7220D7359E85CF50
                      Function 01470BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                      Download Yara Rule
                      Strings
                      • minkernel\ntdll\ldrinit.c, xrefs: 014BA121
                      • LdrpCheckModule, xrefs: 014BA117
                      • Failed to allocated memory for shimmed module list, xrefs: 014BA10F
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-161242083
                      • Opcode ID: ba7f4bba0bde55b01c8f965d12f30de5f4e3a105d44412860e5f224f43697011
                      • Instruction ID: e10a5521927f668679d64911f1abb0d99b6bad845dc4ae2bb811a9e1ced94883
                      • Opcode Fuzzy Hash: ba7f4bba0bde55b01c8f965d12f30de5f4e3a105d44412860e5f224f43697011
                      • Instruction Fuzzy Hash: 9F71E174A00206DFDB29DF69C981AEEB7F4FB55208F15402EE812EB325E730A946DB50
                      Function 01460A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                      • API String ID: 0-1334570610
                      • Opcode ID: 836550a591103a9d868fd5f0b041d748d97fcf43c62e683f53da9fba53eed1f8
                      • Instruction ID: 20a0a82033e2856a05abeef6affb64f5ceed447d9ddb378e5ec04acf7caf4247
                      • Opcode Fuzzy Hash: 836550a591103a9d868fd5f0b041d748d97fcf43c62e683f53da9fba53eed1f8
                      • Instruction Fuzzy Hash: 24618F716013029FDB29CF68C480BAABBE5FF55708F14855EE4558F3A6D7B0E881CB92
                      Function 0148C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                      Download Yara Rule
                      Strings
                      • minkernel\ntdll\ldrinit.c, xrefs: 014C82E8
                      • LdrpInitializePerUserWindowsDirectory, xrefs: 014C82DE
                      • Failed to reallocate the system dirs string !, xrefs: 014C82D7
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-1783798831
                      • Opcode ID: 5281c88bd6684de850f619f98cd7087b4c4ec56722e06301e4c5ce2cdf33b362
                      • Instruction ID: 1d59f76b8a56fd6517460f3cb5fc52f61a6ebbb0c63d2b81c925ae4a677f82ef
                      • Opcode Fuzzy Hash: 5281c88bd6684de850f619f98cd7087b4c4ec56722e06301e4c5ce2cdf33b362
                      • Instruction Fuzzy Hash: 3E411275144312ABC720FB69D880F9B77E8EB68A18F01442FF9589B270E770D8049BA1
                      Function 0150C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                      Download Yara Rule
                      Strings
                      • @, xrefs: 0150C1F1
                      • PreferredUILanguages, xrefs: 0150C212
                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0150C1C5
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                      • API String ID: 0-2968386058
                      • Opcode ID: 516a2690a8c010fc881be086b0fa77ac5fb07e2f5123622e103648104d3642fc
                      • Instruction ID: 924b81465e269680232aac9cd645114330105d29372a8cc15bb76635ce06dec4
                      • Opcode Fuzzy Hash: 516a2690a8c010fc881be086b0fa77ac5fb07e2f5123622e103648104d3642fc
                      • Instruction Fuzzy Hash: B0417471D0020AEBDF12DFD9C841FEEBBB8BB25704F1441ABE649AB690D7749A448B50
                      Function 014E4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                      • API String ID: 0-1373925480
                      • Opcode ID: 0bf775f98f733ea5a074370742422e9c88410735df635c63d7890c6181068813
                      • Instruction ID: b1c6d47a660779ee4126eacda4bea167454b95a319e86cdfb05b67ac15b298ca
                      • Opcode Fuzzy Hash: 0bf775f98f733ea5a074370742422e9c88410735df635c63d7890c6181068813
                      • Instruction Fuzzy Hash: 4A41E571A002588BEB25DBD9C858BADBBF8FF65385F18045BDA01EB7A1D7349902CB11
                      Function 014D4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                      Download Yara Rule
                      Strings
                      • minkernel\ntdll\ldrredirect.c, xrefs: 014D4899
                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 014D4888
                      • LdrpCheckRedirection, xrefs: 014D488F
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                      • API String ID: 0-3154609507
                      • Opcode ID: 031db1cf1019b8d42ce6e94afb5d17c787e2434900aa17c6840cfcdd2b369199
                      • Instruction ID: 9269a8250968e30f7cbbc0ceb8ffbed99f6c5a5a3585628b2076ae9b6766e8e3
                      • Opcode Fuzzy Hash: 031db1cf1019b8d42ce6e94afb5d17c787e2434900aa17c6840cfcdd2b369199
                      • Instruction Fuzzy Hash: 0241B03AA042519BCF21CE59D851A277BE5AF49A90F0A056FFD98EBB71D730D800CB91
                      Function 01460BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                      • API String ID: 0-2558761708
                      • Opcode ID: a9ce6f6cd4f7cab476d0259464d927fddad0e2b7327dc8eb634934a8404d5b4d
                      • Instruction ID: 1d7e45ec307a3b3864b1b5ec29b924640c9256f7a719a5bd15eacf534fe27227
                      • Opcode Fuzzy Hash: a9ce6f6cd4f7cab476d0259464d927fddad0e2b7327dc8eb634934a8404d5b4d
                      • Instruction Fuzzy Hash: 5911C0313151029FE719CB29C481BB6F3A8EF50A19F18812FF4068F2B1DB34D881C762
                      Function 014D20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                      Download Yara Rule
                      Strings
                      • minkernel\ntdll\ldrinit.c, xrefs: 014D2104
                      • LdrpInitializationFailure, xrefs: 014D20FA
                      • Process initialization failed with status 0x%08lx, xrefs: 014D20F3
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                      • API String ID: 0-2986994758
                      • Opcode ID: bdd12c205d8d5a4a1bd560331da22c5936eadc83e8438058f2e6ebbd70eca42e
                      • Instruction ID: 48ce3e2037be0007e8df9968b9e9f3f01eed4d7b8271f0f0ce449a74683bf1eb
                      • Opcode Fuzzy Hash: bdd12c205d8d5a4a1bd560331da22c5936eadc83e8438058f2e6ebbd70eca42e
                      • Instruction Fuzzy Hash: BAF02878640318ABEB24D60DDC16F9A3B78EB40B48F21005FF6407B2B1D2F0A500C640
                      Function 014603E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: #%u
                      • API String ID: 48624451-232158463
                      • Opcode ID: 87a33c9cd63efb88a837a5e52a4b2e21de56156f78ff9e1f167d96097cd9547a
                      • Instruction ID: 103c027c704a7cc62dc1812b74e327956d3963640b32c6250da4e28d4410d099
                      • Opcode Fuzzy Hash: 87a33c9cd63efb88a837a5e52a4b2e21de56156f78ff9e1f167d96097cd9547a
                      • Instruction Fuzzy Hash: 3A716E71A0014A9FDB11DFA9C990BAEB7F8FF28744F15406AE905E7361E634ED01CB61
                      Function 0145A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                      Download Yara Rule
                      Strings
                      • LdrResSearchResource Exit, xrefs: 0145AA25
                      • LdrResSearchResource Enter, xrefs: 0145AA13
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                      • API String ID: 0-4066393604
                      • Opcode ID: 4e6127def61f3bca803a6e3122f5f68539b0728cf8438a337270f84a4ae9f3d8
                      • Instruction ID: e5f76ae4c3d373da848b2e762f586c50d0a63bd2d392ea78712fcc6c37ea09d4
                      • Opcode Fuzzy Hash: 4e6127def61f3bca803a6e3122f5f68539b0728cf8438a337270f84a4ae9f3d8
                      • Instruction Fuzzy Hash: 2CE17671A002159BEF62CF99C994BEEBBB9BF14310F24452BEE01E7362D7749941CB60
                      Function 0151A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: `$`
                      • API String ID: 0-197956300
                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                      • Instruction ID: 95dffff956debc7f6f3a8e2002193d31cfe868477b7c213f28b0e2b9fbbf37b2
                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                      • Instruction Fuzzy Hash: 3CC1C1312053829BFB27CE28C840B6BBBE5BFD4318F044A2DF6968B299D7B4D505CB51
                      Function 014CE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: Legacy$UEFI
                      • API String ID: 2994545307-634100481
                      • Opcode ID: 6d553af628b234fe8965d90b32773e3470d97eb8003d13b1de3b67ce34e775f1
                      • Instruction ID: ced328bbf1565d39dd04d8c003df0742844431780f065f21572ddda61cf142ee
                      • Opcode Fuzzy Hash: 6d553af628b234fe8965d90b32773e3470d97eb8003d13b1de3b67ce34e775f1
                      • Instruction Fuzzy Hash: 44614C75E003199FDB54DFA9C940BAEBFB9FB58B04F14402EE649EB261D731A901CB60
                      Function 014F43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: @$MUI
                      • API String ID: 0-17815947
                      • Opcode ID: 14ea7024d1a03617e320b6035e28acc962f5d3b87dc6080212dbe7a1ea43aa95
                      • Instruction ID: aeb6918da19680e4ff9b648845354640d7dff609320d7a49cafab677061bcdc8
                      • Opcode Fuzzy Hash: 14ea7024d1a03617e320b6035e28acc962f5d3b87dc6080212dbe7a1ea43aa95
                      • Instruction Fuzzy Hash: 7A511871D0021DAEDF11DFA9CC84EEFBBBDEB54754F14052AE611B72A0DA709A05CB60
                      Function 014504E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                      Download Yara Rule
                      Strings
                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0145063D
                      • kLsE, xrefs: 01450540
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                      • API String ID: 0-2547482624
                      • Opcode ID: 6d4d8f8f89533a26450d133f5753512c64fa0197210fd377957de1caf9d62c02
                      • Instruction ID: 15d19b7759a21c0696f8b01d111ee721c7b4d171305c72591d9a786a1db68cfb
                      • Opcode Fuzzy Hash: 6d4d8f8f89533a26450d133f5753512c64fa0197210fd377957de1caf9d62c02
                      • Instruction Fuzzy Hash: DD51D0795007469FD764DF29C4406A7BBE4AF84304F10483FFAAA87362E730D545CBA2
                      Function 0145A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                      Download Yara Rule
                      Strings
                      • RtlpResUltimateFallbackInfo Enter, xrefs: 0145A2FB
                      • RtlpResUltimateFallbackInfo Exit, xrefs: 0145A309
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                      • API String ID: 0-2876891731
                      • Opcode ID: 465bdce5fc8bd04cc31cd279a8555e85a4fd8c66c7d7b995601dd419707f22b3
                      • Instruction ID: d9fbeee924030adffa7d26fa8b60caa960861646ed316934826e9dbe5d796496
                      • Opcode Fuzzy Hash: 465bdce5fc8bd04cc31cd279a8555e85a4fd8c66c7d7b995601dd419707f22b3
                      • Instruction Fuzzy Hash: B841BC31A04655DBEB21CF59C880BAA7BB4FF94308F2441ABED04DB3B2E6B5D941CB51
                      Function 0148A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID: Cleanup Group$Threadpool!
                      • API String ID: 2994545307-4008356553
                      • Opcode ID: dc303b61b6b231b3a756ae653ca8be225503376e42beece2d7f81af991aefd54
                      • Instruction ID: a9021ad4da6cbad0974cb665b8f35b598d9d6a5cb6f6d045e12b7353f90db2c5
                      • Opcode Fuzzy Hash: dc303b61b6b231b3a756ae653ca8be225503376e42beece2d7f81af991aefd54
                      • Instruction Fuzzy Hash: AF01FDB2241700AFD311EF14CD05B2A77E8E790729F01893BA69CCB1A4E3B4D804DB4A
                      Function 0145C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: MUI
                      • API String ID: 0-1339004836
                      • Opcode ID: c863ac6a22224cb0005a43622ed6766276885140db5765f6d7c8750503198522
                      • Instruction ID: 214dd7dba5914284f6e9499f41e255e789f60ff101e1f55d4f274f82ec8fe995
                      • Opcode Fuzzy Hash: c863ac6a22224cb0005a43622ed6766276885140db5765f6d7c8750503198522
                      • Instruction Fuzzy Hash: 20827D75E003199BEB65CFA9C8807EEBBB5BF48710F14816ADD19AB362D7309D42CB50
                      Function 014D6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: 468a1f8a36d0da159d094e053347123db06c8b1f17fdb1791fa16be108d017f4
                      • Instruction ID: 179218095241bba06b375efd088d8b563a45f735ebaf190c01e12f716d762794
                      • Opcode Fuzzy Hash: 468a1f8a36d0da159d094e053347123db06c8b1f17fdb1791fa16be108d017f4
                      • Instruction Fuzzy Hash: 6F916271900219AFDF21DF95CC95FAEBBB8EF14750F11405AF604AB2A0D775A900CBA0
                      Function 014FE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: 531a4e8722dcc40d4b6f2443be399dbd39d1497af3c7ca16f0ed6e83f1d13fc5
                      • Instruction ID: 70a1bc87e114a34df5df45137e473fe6db6403f3da98dfc16b7533db2563180c
                      • Opcode Fuzzy Hash: 531a4e8722dcc40d4b6f2443be399dbd39d1497af3c7ca16f0ed6e83f1d13fc5
                      • Instruction Fuzzy Hash: 21919E32900649AADB22AFA6DC44FAFBB79EF55744F12001EF605A7370E7749902CB51
                      Function 0148A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: GlobalTags
                      • API String ID: 0-1106856819
                      • Opcode ID: 2cc4ec4de670bbb309df6423b991f226df4f884bcc135867bed573e00da66f96
                      • Instruction ID: 40c63f074efd06a1d3c1568ed79beaa678525deaeefa9538a73336776f066e01
                      • Opcode Fuzzy Hash: 2cc4ec4de670bbb309df6423b991f226df4f884bcc135867bed573e00da66f96
                      • Instruction Fuzzy Hash: 5F717E79E0120A8FDB64DF9DC4906AEBBB1BF58B00F15C52FE505AB361E7348801CB60
                      Function 014F4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: .mui
                      • API String ID: 0-1199573805
                      • Opcode ID: 47dd21cd9b7507ea9f9c2fdc3de010173f210914ce43f41c52ec1420f5431c34
                      • Instruction ID: f2ad843e8804675d4b9e5b6745e5c6ec197dfb7f59fa0d8952ef9204f7e9b267
                      • Opcode Fuzzy Hash: 47dd21cd9b7507ea9f9c2fdc3de010173f210914ce43f41c52ec1420f5431c34
                      • Instruction Fuzzy Hash: 5B519572D0022A9BDF10DF99D840AAFBBB4AF54610F09412FEA15BB361DB349905CFA4
                      Function 0146E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: EXT-
                      • API String ID: 0-1948896318
                      • Opcode ID: b7e4ff315fa4f88bf591c980683e2cfcfead56afd3120d5bd1ea7c305429100f
                      • Instruction ID: 4bffd1450a98f384cf91d75ce23282bac419f5480f404bcaa43a2c513848a5d8
                      • Opcode Fuzzy Hash: b7e4ff315fa4f88bf591c980683e2cfcfead56afd3120d5bd1ea7c305429100f
                      • Instruction Fuzzy Hash: 3041C2765183529BD710DB76C840B6BBBECAF98719F44092FF684E7260E638D904C793
                      Function 014CC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: BinaryHash
                      • API String ID: 0-2202222882
                      • Opcode ID: 32985a56a0377ac94a54cce1aa5df83094f506d9f0b67d348018a773d74cfefd
                      • Instruction ID: 34c3c99238303c5a1b997264fbb6e28a978bb7535dff08d2179b1e05639bff70
                      • Opcode Fuzzy Hash: 32985a56a0377ac94a54cce1aa5df83094f506d9f0b67d348018a773d74cfefd
                      • Instruction Fuzzy Hash: 774173B5D0012DABDF61DA51CC84FDFB77CAB54714F0045AEEA08AB150DB709E898FA4
                      Function 014E6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: #
                      • API String ID: 0-1885708031
                      • Opcode ID: 9bde664826d94494ab2f6a666b607b71bdaa209fa1c0a18896bc81e9a5edf8f3
                      • Instruction ID: ad41f4b0b48961b96a06eef193e81461bb2b97f10e40de5787cc8e04118a4b60
                      • Opcode Fuzzy Hash: 9bde664826d94494ab2f6a666b607b71bdaa209fa1c0a18896bc81e9a5edf8f3
                      • Instruction Fuzzy Hash: 00312631E007599BEB32CB69C848BAE7BE8DF25305F16406EE940AB2A2D775D815CB50
                      Function 014CCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: BinaryName
                      • API String ID: 0-215506332
                      • Opcode ID: 4eee6a431330ba8ca4292c3726e469fd55aa3977000eee2a7a16896cb3b6c38d
                      • Instruction ID: a45eb6cf775f4ea44cffc19aadc403b3d66cbd25f6866a7c9fba47df9e66df7e
                      • Opcode Fuzzy Hash: 4eee6a431330ba8ca4292c3726e469fd55aa3977000eee2a7a16896cb3b6c38d
                      • Instruction Fuzzy Hash: E731273A900515AFEB15DB99D885E7FBB74EF80B20F01416EE909A7260E7309E01E7E0
                      Function 014D892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                      Download Yara Rule
                      Strings
                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 014D895E
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                      • API String ID: 0-702105204
                      • Opcode ID: abd33506942a22146ced297c8244212f0cf26ad8bdba36bcddbba2b22bd25915
                      • Instruction ID: f928caa1f69cdf5e6a1688d274ef696fd3053fed01fb9de689d47462d3e2426f
                      • Opcode Fuzzy Hash: abd33506942a22146ced297c8244212f0cf26ad8bdba36bcddbba2b22bd25915
                      • Instruction Fuzzy Hash: 06014C312142029BEF256F56C894A7B7B60EF95258B04005FF6811A532CB306845C792
                      Function 014F2000 Relevance: .8, Instructions: 757COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f6dc7d38ff35ff77ad3cf791bf02b1433b1c774a117c6393e3814871c80084a
                      • Instruction ID: d608008305707780f83e86b934280e52efaae728f4a3bda5054c77ceeb055ceb
                      • Opcode Fuzzy Hash: 6f6dc7d38ff35ff77ad3cf791bf02b1433b1c774a117c6393e3814871c80084a
                      • Instruction Fuzzy Hash: D14290756083419BE725CF69C890E6BBBE5AF98300F48092FFB8697360D7B1D845CB52
                      Function 014E8158 Relevance: .6, Instructions: 617COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 04b34b54726e5e2bbdd23b8ef2d3d8b5bce48f9167572a69866e6869fd605709
                      • Instruction ID: 514f0c4715ba9827c061cf2b0b59fa0cfe85e4d1bb9c7737771173c6528b2bbe
                      • Opcode Fuzzy Hash: 04b34b54726e5e2bbdd23b8ef2d3d8b5bce48f9167572a69866e6869fd605709
                      • Instruction Fuzzy Hash: 17426D75E0021A8FEF25CF69C845BAEBBF5BF48301F14819AE948EB252D7349985CF50
                      Function 01462840 Relevance: .6, Instructions: 605COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d4b527b10ad37317f520886d68d4aeaab02d89bffac575a7d4f9c0597241d1ee
                      • Instruction ID: 8ca665590a8af6ad5226d68f7392db72b5d23e8579e39f9867e5ce1c7853c3b6
                      • Opcode Fuzzy Hash: d4b527b10ad37317f520886d68d4aeaab02d89bffac575a7d4f9c0597241d1ee
                      • Instruction Fuzzy Hash: C132E170A007569BEB25CF69C884BFEBBF2BF84304F15411ED54A9B3A4D775A806CB60
                      Function 014FA118 Relevance: .6, Instructions: 591COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 76e27a7e57a6f7815001396a0297b9886e49d93e6af6f191ce15bdeaa603b982
                      • Instruction ID: d3f31a95dbefd4d2e394e378c813bd7026f7f1ad108e091fe5955a4a4778d513
                      • Opcode Fuzzy Hash: 76e27a7e57a6f7815001396a0297b9886e49d93e6af6f191ce15bdeaa603b982
                      • Instruction Fuzzy Hash: D622AC742046618AEB25CF29C094772BBF1AF44344F28845FDA9E8B3A6D735E452CB61
                      Function 01456A50 Relevance: .5, Instructions: 548COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2f8cea8d011364419a957acff836e5d2654e4482acc0b757f6cd6b5a29d1804e
                      • Instruction ID: be131a704433cd34f362c96b3500b5defda857e6a73251a54e839faaa01c126a
                      • Opcode Fuzzy Hash: 2f8cea8d011364419a957acff836e5d2654e4482acc0b757f6cd6b5a29d1804e
                      • Instruction Fuzzy Hash: 3C32F170A01215CFDB65CF68D490BAEBBF1FF48300F55456AE956AB3A2D734E842CB60
                      Function 01474A35 Relevance: .4, Instructions: 423COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                      • Instruction ID: 04cd4847b02efb97deb683711548987866024a5325888ae9dd680ae194fc2c72
                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                      • Instruction Fuzzy Hash: 3DF15F71E0021A9FDB15CF99C980BFEBBF5AF44710F09852AE945AB360E774D842CB60
                      Function 014E892B Relevance: .4, Instructions: 386COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f3b5ab90b1bd26890bcdb195110f45285efa9f7b43efc517ed6890306ace9568
                      • Instruction ID: 0925cb1bd36173e1bc15564a5cb7b90a190f34526aed50836a7e82f2a670c63d
                      • Opcode Fuzzy Hash: f3b5ab90b1bd26890bcdb195110f45285efa9f7b43efc517ed6890306ace9568
                      • Instruction Fuzzy Hash: EBD1F071E0060B8FDF15CF69C845AFFBBF1AF88305F18816AD955A7261E735E9028B60
                      Function 014565D0 Relevance: .4, Instructions: 383COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7c15f8ac9123d8962caede6ad9653c3cf757e6283baa04e6065bee02af3999ef
                      • Instruction ID: f1b56ccf50b02f727ef7cd49282a65271b38b7e911f5fd8ddcffd342b810c9cc
                      • Opcode Fuzzy Hash: 7c15f8ac9123d8962caede6ad9653c3cf757e6283baa04e6065bee02af3999ef
                      • Instruction Fuzzy Hash: 23E16C71508342DFC755CF28C090A6BBBF0BF89314F46896EE99987362DB31E905CB92
                      Function 01448397 Relevance: .4, Instructions: 380COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 823c95035a9e69e03810588e132bb6106753f6ef1b286207cadf169f0e07bf4a
                      • Instruction ID: 655b07c2502f42d689aa932a6521437737c0c4bc3fea1cc1e49b58a3801e3313
                      • Opcode Fuzzy Hash: 823c95035a9e69e03810588e132bb6106753f6ef1b286207cadf169f0e07bf4a
                      • Instruction Fuzzy Hash: ABD1F471A006079BEB14DFA9C890ABB77B5FF64304F45822FE916DB2A1E730D951CB50
                      Function 014D8243 Relevance: .3, Instructions: 322COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                      • Instruction ID: d15a9d525a5a46eaaa0c6e607a45dcfaf3d4099b34d1b6c282298a85d79e6db2
                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                      • Instruction Fuzzy Hash: 3DB19274A006069FDF24DF99C960ABFBBB9FF94314F14446EEA02977A4DA34E905CB10
                      Function 01460535 Relevance: .3, Instructions: 300COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                      • Instruction ID: 4af2ce14f86fd4a8590be20218fbd1d6b5ccde18bd360869eab65862e5a1eee5
                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                      • Instruction Fuzzy Hash: C3B12971600646AFDB15DBA8C890BBFBBFABF54204F18015BE6469B3A2D730DD41CB61
                      Function 014583C0 Relevance: .3, Instructions: 281COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 13e0a1d0a021c24cf99a834f40761eea9774b2f95cb76093367cceb8e0ebcf99
                      • Instruction ID: 087124c8ef23018efb8cb8073deb0e45d0f419ebc9b0814c120619b0be7e5d31
                      • Opcode Fuzzy Hash: 13e0a1d0a021c24cf99a834f40761eea9774b2f95cb76093367cceb8e0ebcf99
                      • Instruction Fuzzy Hash: 72C16A701083418FD764CF19C494BABBBE4BF98708F44496EE989873A1DB74E909CF62
                      Function 0144C427 Relevance: .3, Instructions: 280COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 143d722cf2a2cabda23fd11d4e74900652d054f38c2ded56c1a6ed9020c0dd8a
                      • Instruction ID: 5a44a045afcdd34d9a424424db74f2b969e6618acd44e6dda31c6344ae555443
                      • Opcode Fuzzy Hash: 143d722cf2a2cabda23fd11d4e74900652d054f38c2ded56c1a6ed9020c0dd8a
                      • Instruction Fuzzy Hash: 1FB17470A002668BEB34DF59C880BAEB7B5EF54704F5485EAD50AD7361DB309D86CB60
                      Function 0147E5E7 Relevance: .3, Instructions: 278COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ce6512a2a83bcba651eb13f6861f2bb9300526c4a2c149a66dcaecd03a4c921b
                      • Instruction ID: 1aeecfcecd500a64a6e76585a54e3163e74f3500e5995b8818a9e4b197d07e2f
                      • Opcode Fuzzy Hash: ce6512a2a83bcba651eb13f6861f2bb9300526c4a2c149a66dcaecd03a4c921b
                      • Instruction Fuzzy Hash: 40A11331E00655AFEB21DB98CC84BEEBBB4BB04714F050267EA14BB2B1D7749D45CBA1
                      Function 01490185 Relevance: .3, Instructions: 276COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a50c340f46a9e5446b9fa44757e373b4cc3951dc716118a11c2c60f7b26c75f1
                      • Instruction ID: d66b35174ff5d80c54e27373f203455c7f441127d0d98723c42d45270451547b
                      • Opcode Fuzzy Hash: a50c340f46a9e5446b9fa44757e373b4cc3951dc716118a11c2c60f7b26c75f1
                      • Instruction Fuzzy Hash: 4EA1C074B01616ABDF25CF69C590BAABBB9FF54718F04403EEA05973A1DB34E812CB50
                      Function 01524500 Relevance: .3, Instructions: 275COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 33afe935ce43bfe58f8f3c8cfe3c5e9a82da3089f17d695c4e77fddae4524a37
                      • Instruction ID: ad87cd4f9ca6e671ceaf5ea739a9e8812c75b3a797755740d0073d7240334b1b
                      • Opcode Fuzzy Hash: 33afe935ce43bfe58f8f3c8cfe3c5e9a82da3089f17d695c4e77fddae4524a37
                      • Instruction Fuzzy Hash: 18A1C072610661EFC721DF18C980B2ABBE9FF5A708F05052DE5559F6A1C374ED01CB91
                      Function 01522B57 Relevance: .3, Instructions: 266COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                      • Instruction ID: de5555f3d870fb4443b9bc02e69458b6a6f79a71bed68af81310f63a49aee537
                      • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                      • Instruction Fuzzy Hash: 56B12B76E0062ADFDF19CFA9C880AADB7F5FF49310F148169E915AB394D730A941CB90
                      Function 014D60E0 Relevance: .3, Instructions: 264COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 969f4528018f76972b4e16a071581356b902eb4a7f90c76b9a2bc5ab8baa619d
                      • Instruction ID: 36b6aac52614e973f8d724d0015c67c5b53133b76242d9becbb1fa3f9e54b6b9
                      • Opcode Fuzzy Hash: 969f4528018f76972b4e16a071581356b902eb4a7f90c76b9a2bc5ab8baa619d
                      • Instruction Fuzzy Hash: 7F91B271D00216AFDF15DFA9D8A4BBEBBB5AF48710F16416BE610AB361D734D9008BA0
                      Function 0146E3F0 Relevance: .3, Instructions: 261COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 248d663ee3dd3c0b933a6a337a3eab1a71dd7dbd9da4a0726850ca01251e06e6
                      • Instruction ID: 79fbd608ee968fb61156fdb0f5a0119d67b4630672920a58c24ff8b86aaf7629
                      • Opcode Fuzzy Hash: 248d663ee3dd3c0b933a6a337a3eab1a71dd7dbd9da4a0726850ca01251e06e6
                      • Instruction Fuzzy Hash: 5C912779A00612DBDB24DB69C480BBE7BE9EF5471CF05406BEE05AB360E734D902C762
                      Function 014A6ACC Relevance: .2, Instructions: 226COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b719ae5a173c3cccba0f4e6a745c82c52025b20407fcc4087ccbcf72281bce00
                      • Instruction ID: a315b73d800108b6bb2f1c829d6495028613fb6ef210eb4d49670ceffc8eed70
                      • Opcode Fuzzy Hash: b719ae5a173c3cccba0f4e6a745c82c52025b20407fcc4087ccbcf72281bce00
                      • Instruction Fuzzy Hash: FB81A1B1A006269BDB24CF69C940ABFBBF9FB58700F4A852FE445D7650E334D941CBA4
                      Function 0151AB40 Relevance: .2, Instructions: 222COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                      • Instruction ID: 22a82c2db7e5cf627597cdbeedf2717501e22a0307843014fb57a4b715cffc30
                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                      • Instruction Fuzzy Hash: A781A235A016869FEF1ACF99C480AAEBBF2FF94314F148569E9169F349D734D901CB40
                      Function 0148E284 Relevance: .2, Instructions: 212COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8e98eed126a0541df8fba7c249c17a6129e317176f6a19432f1f41bc4d92d478
                      • Instruction ID: 9206e5fc686b995e6916dc5f2c313507c6ba7c58cb3f21b25533783abcc11ef9
                      • Opcode Fuzzy Hash: 8e98eed126a0541df8fba7c249c17a6129e317176f6a19432f1f41bc4d92d478
                      • Instruction Fuzzy Hash: 9B816D71A00609AFDB25DFA9C880AEEBBF9FF88754F10442EE555A7260D730AC45CB60
                      Function 0146C640 Relevance: .2, Instructions: 206COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 78f837dc68c33e77431cafe463ee61547ec6d4a9c47085d8b235e7e91b637078
                      • Instruction ID: 8a4e8ac493de94251ba3c1dc239bea1a3ebc7155ed5ac827ecef481322960c3a
                      • Opcode Fuzzy Hash: 78f837dc68c33e77431cafe463ee61547ec6d4a9c47085d8b235e7e91b637078
                      • Instruction Fuzzy Hash: 6A71CE79C00626DBCB258F59C8907FEBBB8FF58714F14411BE992AB360D7749806CBA0
                      Function 015047A0 Relevance: .2, Instructions: 202COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bead2eb2f1a2387287ac681902c518e6c133097603812d5bfadb4c3f98b6e0ba
                      • Instruction ID: 1f3b681b3f69b77279e1482865a3fc92d03120c0fe96ee2e206745a31fa94883
                      • Opcode Fuzzy Hash: bead2eb2f1a2387287ac681902c518e6c133097603812d5bfadb4c3f98b6e0ba
                      • Instruction Fuzzy Hash: A871BFB4900205EFDB21CF99C944A9EBBF9FF91714B01456AE720AF298C7B18984DB54
                      Function 014D035C Relevance: .2, Instructions: 198COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                      • Instruction ID: 60c30a445e4606a5b911728ab52c535f511ebe27758d005a71a58e37a39436d0
                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                      • Instruction Fuzzy Hash: 4B716F71A00619AFDF11DFAAC954EDEBBB8FF58704F10456AE905A7260DB34EA01CB50
                      Function 014E62A0 Relevance: .2, Instructions: 198COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e3df3ad5e9639ab1bb898d0fb3c02a35ecdc71c85d5b795b002058240d88fd55
                      • Instruction ID: 212a82dc2ffd0c64e6cb59bb6e5178588e748292e3df9800f6efbc1109980ee1
                      • Opcode Fuzzy Hash: e3df3ad5e9639ab1bb898d0fb3c02a35ecdc71c85d5b795b002058240d88fd55
                      • Instruction Fuzzy Hash: 63710432200701AFEB32DF19C848F5ABBE6EF60765F16492EE2558B2B0D771E944CB50
                      Function 01528324 Relevance: .2, Instructions: 192COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 38f78ccb68da1a851789b43bc456e1c90346729547d20fbac3c6cc19eb8ee587
                      • Instruction ID: 6a36840ff97f19739efa9b7ea4a6ae1f9ee4cfe65eb454a32eb378cd14cfa7e6
                      • Opcode Fuzzy Hash: 38f78ccb68da1a851789b43bc456e1c90346729547d20fbac3c6cc19eb8ee587
                      • Instruction Fuzzy Hash: F571F872E0021ABFDF15DF95CC41FEEBBB8FB15354F10452AE614AA290D774AA05CBA0
                      Function 0150A250 Relevance: .2, Instructions: 184COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e9ee375634621b5cea5bf3bb69ad81d0efd69d090a4e1be2d3e87e044cbc973b
                      • Instruction ID: 8e714c04083f9a38fb908832fe2676d9e6cff388e5efe4f876ecbc8948588af8
                      • Opcode Fuzzy Hash: e9ee375634621b5cea5bf3bb69ad81d0efd69d090a4e1be2d3e87e044cbc973b
                      • Instruction Fuzzy Hash: 7451BE72504712AFD722DEA8C844E5BBBE8FBD4754F024929BA40DF190E674ED05C7A2
                      Function 014F8350 Relevance: .2, Instructions: 161COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ebef1c2b40e2a7d8a2ddfaa187fa208e9aa72f0876c54833d66724a81c64ab55
                      • Instruction ID: c5872f8d429ba8cb09ee9ed42f6cd4dce7f93b0080d62846a58d79b2fc64e5c7
                      • Opcode Fuzzy Hash: ebef1c2b40e2a7d8a2ddfaa187fa208e9aa72f0876c54833d66724a81c64ab55
                      • Instruction Fuzzy Hash: D6518D70900706ABDB21DF5AC884A6BFBF8BFA4710F10462FD2569B7B1D7B0A545CB50
                      Function 0148E443 Relevance: .2, Instructions: 158COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 97898ae06e50aa5f63b24656b99fd6ad0a7394d19f0fb72471a87ba4a722f342
                      • Instruction ID: 2c1f5c26a3ac900cc4d309872e0b243fb6b1bd46202c732d790643dd43d7153c
                      • Opcode Fuzzy Hash: 97898ae06e50aa5f63b24656b99fd6ad0a7394d19f0fb72471a87ba4a722f342
                      • Instruction Fuzzy Hash: 20516C72200A45EFDB22EFA9C980E6AB7BDFB54B44F40042EE55597270DB34E941CB51
                      Function 014F4180 Relevance: .2, Instructions: 156COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a191a5a20fdc11573dd28fc46a5b2d095301289eac202d2dcf6eb92024c94b2f
                      • Instruction ID: b9a87a77f800feec474a70f5a2d5873b51c81773e2a271b9bde8a5c8f8199867
                      • Opcode Fuzzy Hash: a191a5a20fdc11573dd28fc46a5b2d095301289eac202d2dcf6eb92024c94b2f
                      • Instruction Fuzzy Hash: E05148716083428FD754DF6AC880A6BBBE5FBD8218F48492EF689C7360DB30D905CB52
                      Function 014745B1 Relevance: .2, Instructions: 156COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                      • Instruction ID: cad5623a3eaf799260d8ccae2a7f792d1f203f52e7eccd3984cfb4bc4c0127b3
                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                      • Instruction Fuzzy Hash: 2E516C71E0021AABDF15DF98C480BFEBBB9AF45754F08406AEA05AB360D734DD45CBA4
                      Function 014DE9E0 Relevance: .2, Instructions: 154COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                      • Instruction ID: e8cbef818d135d0dadbbfcddfa664106d315c4158bb1f165fe9413830a3b44bb
                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                      • Instruction Fuzzy Hash: 1151A731D0020AEFDF11DA95C8A4FAFBB75AB10324F15465BDA117B2B1D770AE41CBA0
                      Function 01518B28 Relevance: .2, Instructions: 152COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c9753e8a51ff1c0fc9b96b26ba32eb16bbc0c98be3c8cca39c8c82d3628d7d59
                      • Instruction ID: 2d270b0ba7f21c4fd7432c0172d2264ae3a8d5f3c28e69e3b6087e5c534f0b7b
                      • Opcode Fuzzy Hash: c9753e8a51ff1c0fc9b96b26ba32eb16bbc0c98be3c8cca39c8c82d3628d7d59
                      • Instruction Fuzzy Hash: 2A41D1707016029BF73BDB2DC894B7FBB9AFF91264F088619E9558F288DB34D841C691
                      Function 014DCBF0 Relevance: .1, Instructions: 148COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5c933f37ce1aa9e6dc6e3608848ad6c0796096ab65dfa0b19c46596208c8cf38
                      • Instruction ID: 95306c62435d58a1105b27339f561a99698b486def4581c8da2c131c6792fae3
                      • Opcode Fuzzy Hash: 5c933f37ce1aa9e6dc6e3608848ad6c0796096ab65dfa0b19c46596208c8cf38
                      • Instruction Fuzzy Hash: C551AE75A00216DFCF20DFA9C9D0AAFBBB9FB59618B11451ED616A7311D730A902CB90
                      Function 0148A430 Relevance: .1, Instructions: 139COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 644277f88b729d3f179001d683d396f9b96869aa99cb279fee6182652cf0adf3
                      • Instruction ID: 0d5ede474349e956c52a839085dce179f465ff391944437a196c7e56b9fb8ae3
                      • Opcode Fuzzy Hash: 644277f88b729d3f179001d683d396f9b96869aa99cb279fee6182652cf0adf3
                      • Instruction Fuzzy Hash: E44115797042029BDF25FF6DA882B6F3764EB29B0CF02002FE9169F361D7B198159760
                      Function 0151A9D3 Relevance: .1, Instructions: 139COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                      • Instruction ID: 459ec57f73997a49f01e8dff4f71b87df3a846d9dfaa1ce1a24d97ae25c1af6c
                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                      • Instruction Fuzzy Hash: 7741F9326017569FE727CF68C980A6AB7E9FF90214F04462EE9128F644EB70EC14C7D0
                      Function 014801F8 Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6a023bd091b913c7b8b00937aebf868aba8f8ae9cb990a11558f586fb83a4dcf
                      • Instruction ID: 099624b2096d808bc69317fa2ec8c4c2c8b54de98112ebd25e8c3b0fb7cae631
                      • Opcode Fuzzy Hash: 6a023bd091b913c7b8b00937aebf868aba8f8ae9cb990a11558f586fb83a4dcf
                      • Instruction Fuzzy Hash: A641C936D20219DBDB10EF98C440AEEBBB4BF58600F14826FF805A7360D7709C4ACBA4
                      Function 0147EBFC Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be3397f51ba621254f550a840304034935f38dcfa5dfc89fb3c49efd3688974c
                      • Instruction ID: 6cbcc109c40a43952c8270dfcb1582a5a1551e5063d939717ce8decc1b9207d7
                      • Opcode Fuzzy Hash: be3397f51ba621254f550a840304034935f38dcfa5dfc89fb3c49efd3688974c
                      • Instruction Fuzzy Hash: 1041E5752003029FDB20DF29C884AA7B7E9FF98218F014A6FE557D7721DB71E84A8B51
                      Function 01492750 Relevance: .1, Instructions: 137COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                      • Instruction ID: b63203387848aa1969ce7748b7f463a3ce89adf4be65fc232c0ddc94f84fac44
                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                      • Instruction Fuzzy Hash: 0D515F79E00119CFDB55CF58C580AAEF7B1FF84B10F2481AAD915A7361E770AD42CB90
                      Function 01456154 Relevance: .1, Instructions: 133COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4c81f28f4cf2022d7f22054051be04d87bcde8a076f66647b3b41ed307654977
                      • Instruction ID: 8ac1e023db2ac04f5345a7e123941370078b0122a25b33c9eca47eb96ff28eb8
                      • Opcode Fuzzy Hash: 4c81f28f4cf2022d7f22054051be04d87bcde8a076f66647b3b41ed307654977
                      • Instruction Fuzzy Hash: AE51E870900216DBDB65DB28CC44BEA77B5FF21318F1542ABE915973E2D7745981CF40
                      Function 01450BCD Relevance: .1, Instructions: 130COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5ad28d33500017c06e37ff02821c7f9a5f97f859948c8c38b7dc88a4be976d62
                      • Instruction ID: e6c94fb1d41ef384980124015a71dfb53aefb7c247a625d10e1729d59b9cf14a
                      • Opcode Fuzzy Hash: 5ad28d33500017c06e37ff02821c7f9a5f97f859948c8c38b7dc88a4be976d62
                      • Instruction Fuzzy Hash: F741B535A002299FDF61DF69C940BEE77B8AF65740F4100ABE908AB361D774DE81CB91
                      Function 0151866E Relevance: .1, Instructions: 129COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                      • Instruction ID: fd1764fb6c37de47fd469eb1eae223e4363a40b1ec64b197334650de6ca20b97
                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                      • Instruction Fuzzy Hash: 5E41B775B00106ABFB26DF99CC84AAFBBBABF94710F244469E9049B355D770DD01C760
                      Function 01450887 Relevance: .1, Instructions: 128COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 470c762378bea0b194fd0d2a46541f328d7c120f5adc5146780523b556efdbb6
                      • Instruction ID: c18ea0e48222b8d2c8742add65212d3c1806c4af88281859d29fcdd78524f9d9
                      • Opcode Fuzzy Hash: 470c762378bea0b194fd0d2a46541f328d7c120f5adc5146780523b556efdbb6
                      • Instruction Fuzzy Hash: 6941F2B52007029FE325CF29C580A22B7F8FF59304B144A6FE95787B62E730E846CB80
                      Function 0147A470 Relevance: .1, Instructions: 127COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43b67dcec29b02be9f1d3a9c3a3db9958fe15a2430ad04d5f02e31c80c981c35
                      • Instruction ID: 0b890a691b03851acad1b42889373ca9e5e03ed2a0cd5d5154aaeb61fd390402
                      • Opcode Fuzzy Hash: 43b67dcec29b02be9f1d3a9c3a3db9958fe15a2430ad04d5f02e31c80c981c35
                      • Instruction Fuzzy Hash: 6041E432941205DFDB21CF68C4847EE7BB4FB68318F29016BD421BB3A5DB359905DBA4
                      Function 01458BF0 Relevance: .1, Instructions: 124COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3ace8a9c42f7a8e57b03ce60e62f599ae284ab5e30833465ade28299fb785fc2
                      • Instruction ID: 40d78a74ee9aedf2c0cc781ebbc7bdb873eead2d11b440142f7fb6829590ca64
                      • Opcode Fuzzy Hash: 3ace8a9c42f7a8e57b03ce60e62f599ae284ab5e30833465ade28299fb785fc2
                      • Instruction Fuzzy Hash: A3413835901203DBD725DF5AC880B5ABBB5FBA4308F15802FD9215F366DB75D802CB90
                      Function 01448918 Relevance: .1, Instructions: 123COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9900f5a19d569c114d5468ae59ba847510bba3a5b0a3040c66cea430aed19428
                      • Instruction ID: 11398c5d1cf3c9cb51c1a7480ba82187e53d01ea8f8bac03bb0de64629ad6201
                      • Opcode Fuzzy Hash: 9900f5a19d569c114d5468ae59ba847510bba3a5b0a3040c66cea430aed19428
                      • Instruction Fuzzy Hash: DE418C355087469FE312DFA9C840A6BBAE8EF94B54F41092FF984D7260E770DE058B93
                      Function 0144A020 Relevance: .1, Instructions: 122COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                      • Instruction ID: 464a07a72ca99c6d10b34473386efa2813c43083d0b1eb368ab853be4d41a1a0
                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                      • Instruction Fuzzy Hash: A9413B71A00211DFFB15DE1984507BBBB65EB70754F6A806BFA46CB360D6328D81CB90
                      Function 014509AD Relevance: .1, Instructions: 122COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6a23050b83ff1bbddca3436d64407c928cbd7a7308e3d8d806eafe37b9967357
                      • Instruction ID: 53e4b01f2c1a82577d91fa7780e5fc51481a6402c81312aed832cab67017026e
                      • Opcode Fuzzy Hash: 6a23050b83ff1bbddca3436d64407c928cbd7a7308e3d8d806eafe37b9967357
                      • Instruction Fuzzy Hash: 70414875600601EFD761CF19C840B26BBF4FF64314F648A6BE8598B362E771E942CB91
                      Function 01480710 Relevance: .1, Instructions: 121COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                      • Instruction ID: c573c017b5b0986dd5fa7a0031550abce55315af6cba9c2e08c5da0d2f5b9c83
                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                      • Instruction Fuzzy Hash: 48411971A10605EFDB24EF99C990AAEBBF4FF18700B10496EE556D7660D330EA49CF90
                      Function 0145262C Relevance: .1, Instructions: 119COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f186c33d978fe892d00109ac271ffac584f4991144d85ddd470fbd2edcb542ce
                      • Instruction ID: 9f6317fce8043191a63855c82098f56f89009a3009aff78dd243a3189ef6b048
                      • Opcode Fuzzy Hash: f186c33d978fe892d00109ac271ffac584f4991144d85ddd470fbd2edcb542ce
                      • Instruction Fuzzy Hash: BA419AB1501701CFCB61EF29C940B6AB7F1FB65324F1582AFC91A9B2B2DBB09941CB51
                      Function 0148C8F9 Relevance: .1, Instructions: 116COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c91194a3bbead27b971a9a3f4aadbca3d48ee383b8aec90f00ff25a7c692adba
                      • Instruction ID: b6e13083eb5b15e111e770996ef949fc262e66665ec59d8ebba8f2bf4c5680b0
                      • Opcode Fuzzy Hash: c91194a3bbead27b971a9a3f4aadbca3d48ee383b8aec90f00ff25a7c692adba
                      • Instruction Fuzzy Hash: BF317AB2A00355DFDB51DF58C44079ABBF0FB59728F2181AED519EB361D3329902CB94
                      Function 014D07C3 Relevance: .1, Instructions: 114COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1bf8b4d14d0c9536aa82a5e00ce6ba985543bb448e46e8ca49c31030c552e9ac
                      • Instruction ID: d2baa1b5b8e6ab93489222a3ae1819e96486e293eb0ca5d7aca4ac2496a03a53
                      • Opcode Fuzzy Hash: 1bf8b4d14d0c9536aa82a5e00ce6ba985543bb448e46e8ca49c31030c552e9ac
                      • Instruction Fuzzy Hash: 38418CB25043419FD720DF29C845B9BBBE8FF98614F004A2EF59897261D7709905CB92
                      Function 014480A0 Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 386903a5cadc7f2c6f8a9078e537378c282e42dc54b3461c15026d53bbb6af8d
                      • Instruction ID: 3464f233f905c965291d565bd47eec02f8b4a5024916a7c96967555da0e6f16d
                      • Opcode Fuzzy Hash: 386903a5cadc7f2c6f8a9078e537378c282e42dc54b3461c15026d53bbb6af8d
                      • Instruction Fuzzy Hash: 0841D271E05617AFEB11DF99C880AA9B7B1FF64764F14822BD815A73A0DB30ED418BD0
                      Function 014D05A7 Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2113b173afd6376c7e9188714e69b83f3f4a2f06ce26cbbd7695929c378497fc
                      • Instruction ID: b66135a932ab9677e008af032596079716b0379191f279795e4d9d9955466d19
                      • Opcode Fuzzy Hash: 2113b173afd6376c7e9188714e69b83f3f4a2f06ce26cbbd7695929c378497fc
                      • Instruction Fuzzy Hash: D741E3726046429FC720DF69C860A6BB7E9FFD8700F14061EF958877A0E730E915C7A6
                      Function 01454859 Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c606c4ed9f32ad78d6f865dc0495c05108f3bebe1768f77c9fa517e8b0927e5e
                      • Instruction ID: 91f5269d8a99d5a6e68fd858119dc0cf1a399b36971890213f70ae12ac2f1859
                      • Opcode Fuzzy Hash: c606c4ed9f32ad78d6f865dc0495c05108f3bebe1768f77c9fa517e8b0927e5e
                      • Instruction Fuzzy Hash: F641B0702003028BD765DF29D885B2BBBF9EF91354F18442EEA558F2B2EB70D885CB51
                      Function 01448B50 Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ca0b44c2ecb7ed2ca4f353d1c2d7aea8d0c84a2f4b04bf2c4e4d1d498fc10d95
                      • Instruction ID: 2aa66028d7fe1de8c06ddfb6c3911bd62734ee3f95366c6cf67cd001a3afb576
                      • Opcode Fuzzy Hash: ca0b44c2ecb7ed2ca4f353d1c2d7aea8d0c84a2f4b04bf2c4e4d1d498fc10d95
                      • Instruction Fuzzy Hash: 5341B0B1A01606CFDB15CFA9C98099DBBF1FF98320B24862FD566A7371D7349941CB40
                      Function 014602E1 Relevance: .1, Instructions: 106COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                      • Instruction ID: 06e9658d10480bb75712843641822d6b37a336bba626139b725fb1caf866bdfc
                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                      • Instruction Fuzzy Hash: 55312731A00244AFDB228B69CC80BDFBFE8AF14354F0441ABF856D7362C2749985CBA5
                      Function 014FE3DB Relevance: .1, Instructions: 105COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a947ec65efdd3503415fb5b282ace2cd44c4370d72c10b7e6adf821fde78ed13
                      • Instruction ID: ab3f0a1c5489be5b103dc0ff13537d7bc5ece3edc16ae7011a7c8ddec1008682
                      • Opcode Fuzzy Hash: a947ec65efdd3503415fb5b282ace2cd44c4370d72c10b7e6adf821fde78ed13
                      • Instruction Fuzzy Hash: 7D31A835740756ABD7229F668D41FAB76A8AB58B54F01003EF700BB3B1DAB4DC01C7A0
                      Function 01504B4B Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dc1c8661c78eb9db293b0d03214e1cc3a694ff4230ec76359f012eba5350be66
                      • Instruction ID: 2c5f6c59bdaf88f2231cff19ce7bd9a1905c2932d17e1cedb8d7f76904bb495a
                      • Opcode Fuzzy Hash: dc1c8661c78eb9db293b0d03214e1cc3a694ff4230ec76359f012eba5350be66
                      • Instruction Fuzzy Hash: 8431C1322056018FC732DF59D890F2AB7F5FB81364F0A446EEA958F295D730E804DB91
                      Function 01454260 Relevance: .1, Instructions: 102COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7ab329dad92434b0ca76507e838ed39c8823b617e87b99ce04a7aef53b99fd17
                      • Instruction ID: 1b66c21da9083048223dd65be47434677f8290ad68087489445dd79fdff9ac87
                      • Opcode Fuzzy Hash: 7ab329dad92434b0ca76507e838ed39c8823b617e87b99ce04a7aef53b99fd17
                      • Instruction Fuzzy Hash: CF41BC71200B459FD766CF28C880FD77BE8AB59754F04842EEA5A8B371D774E848CB60
                      Function 01504BB0 Relevance: .1, Instructions: 101COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b8c0a8e82361e9b120c94781129b023ac6f961a730a88b842726943d33e072b8
                      • Instruction ID: a24d085fc70240021a030d5a22e99cb19fc8501260421a896e8a94ded2a415f4
                      • Opcode Fuzzy Hash: b8c0a8e82361e9b120c94781129b023ac6f961a730a88b842726943d33e072b8
                      • Instruction Fuzzy Hash: BE319A716043019FD721DF69C880E2AB7E5FB84724F1A496DEAA59F291E730EC04CB92
                      Function 014CEB1D Relevance: .1, Instructions: 100COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b9cde40426b0722f0c9620b7cf98299503fc616c61b7e2e3e2390bedb54755a0
                      • Instruction ID: 6608035d2eea0ab74d5e7f4702500ef9d54cd056f01b95f8af2e3b1c8e779794
                      • Opcode Fuzzy Hash: b9cde40426b0722f0c9620b7cf98299503fc616c61b7e2e3e2390bedb54755a0
                      • Instruction Fuzzy Hash: 7E31B8352016C29BF322D75DC958B267FD8BB50F84F1D00AAAB45AB7F1E738D841C221
                      Function 015161C3 Relevance: .1, Instructions: 97COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f65ea4aa67a2c01f2392b57634c8ebec9473b92a4db0ab7aa89b136a1bed2768
                      • Instruction ID: 523dffc859cc635ba46f10cfe90636ba5a23fdcdc29f29a8131a4cff30bb7b6c
                      • Opcode Fuzzy Hash: f65ea4aa67a2c01f2392b57634c8ebec9473b92a4db0ab7aa89b136a1bed2768
                      • Instruction Fuzzy Hash: 1331E475A0015AABEB16DF98CC40BAEB7B9FB44744F454169E910AF258D7B0ED01CBA0
                      Function 014F483A Relevance: .1, Instructions: 96COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 51781fe9c0ebb3f7de6e8c45adc0437c27c289e6c65cab44b6737fe66a193c3f
                      • Instruction ID: a5b638e4cc2ab53273eb6f645f2537ca3f92c2943c2d176f514f4f84cb352e7c
                      • Opcode Fuzzy Hash: 51781fe9c0ebb3f7de6e8c45adc0437c27c289e6c65cab44b6737fe66a193c3f
                      • Instruction Fuzzy Hash: A3315476A4012DABCF21DF65DC44FDF7BB9AB98350F1400AAA608A7360CA309E518F90
                      Function 0147EB20 Relevance: .1, Instructions: 96COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 42514afe124a8524a41c9702c443230cfd7e64d809e1622cbfbdacc377f017b6
                      • Instruction ID: 8022970665540766db2b7956b53d5e4bb89abdbcf8d1f41f7cd2ad0af4156024
                      • Opcode Fuzzy Hash: 42514afe124a8524a41c9702c443230cfd7e64d809e1622cbfbdacc377f017b6
                      • Instruction Fuzzy Hash: 5C31B572E00215AFDB21DFA9CC40BEFBBB8EF14750F01456BE916E7260D6709E019BA0
                      Function 015160B8 Relevance: .1, Instructions: 95COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 66278cf2a5e796d2207d073c784c835c29f0163eb8c8c449bdf1a9128cb975f2
                      • Instruction ID: afa98ff513e55ec3146c945faf85740b7635524105b128584c39bb61d7fffb55
                      • Opcode Fuzzy Hash: 66278cf2a5e796d2207d073c784c835c29f0163eb8c8c449bdf1a9128cb975f2
                      • Instruction Fuzzy Hash: 3731F436A80212AFEB239FA9C850B6EB7F9BF54758F00006EE505DF355DAB0DC008B90
                      Function 014507AF Relevance: .1, Instructions: 95COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c776e0b456ddda933a54db0c3fb6bee1d5a0be90746b84e465526868f4e552c0
                      • Instruction ID: c075389e9e7c9b597e935aa23b42e41aa10ce47beb153488d0b803472d380a14
                      • Opcode Fuzzy Hash: c776e0b456ddda933a54db0c3fb6bee1d5a0be90746b84e465526868f4e552c0
                      • Instruction Fuzzy Hash: 4431C576A04612EBC762DE298880E6BBBA5AFA4750F05452FFD55A7332DA30DC0187E1
                      Function 01458550 Relevance: .1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 360b6bb7d47d7575417fa6ec03bdabdba1af3cf35b88fbf4c9d85f6f08d88033
                      • Instruction ID: 62d633ff72d61cbb79a3f9027f17a1bdd694e36f55c86cfa6c9a9e2802f5e3f2
                      • Opcode Fuzzy Hash: 360b6bb7d47d7575417fa6ec03bdabdba1af3cf35b88fbf4c9d85f6f08d88033
                      • Instruction Fuzzy Hash: 1D3183B16093028FE760CF19C840B57BBE5FB98714F15496EFA8597361D770E844CBA1
                      Function 0148A6C7 Relevance: .1, Instructions: 92COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                      • Instruction ID: 1c5061e4222dfea47a6a7f4e281542feecf84c30259a1dc90cfaa2d43ef65a1e
                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                      • Instruction Fuzzy Hash: 25312FB2B01B01AFD761EF6DCD40B57BBF8BB18A50F14452EA55AC3760E670E900DB64
                      Function 014FEBD0 Relevance: .1, Instructions: 91COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e3c7741338fdfdf309571333018bccf66d8982200fa915d39335b1202e05a80c
                      • Instruction ID: 020e5f7c48aed817c63cffb6192c00e495756794a0485aa6cf8d1b1835c3dd29
                      • Opcode Fuzzy Hash: e3c7741338fdfdf309571333018bccf66d8982200fa915d39335b1202e05a80c
                      • Instruction Fuzzy Hash: E131B8B15053819FCB20DF1AC540A1ABBF5FF89209F0649AEF588AB331D330DA44CB82
                      Function 0147438F Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a9ddf1eceed46d56543050d824304843929d9024953dc1490a193c21f823e968
                      • Instruction ID: 23ba77ef0ceaad3ee2dfdbeebeccda72a1b02509b39061f2d3b24695ebb2de09
                      • Opcode Fuzzy Hash: a9ddf1eceed46d56543050d824304843929d9024953dc1490a193c21f823e968
                      • Instruction Fuzzy Hash: 8231AF32B002059FD720DFA9C980ABABBF9FB94304F04852BD146D7664D730D945DB91
                      Function 0144CB7E Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                      • Instruction ID: 9612fab4d6ae5bb22f609e0c27be780a1bbc040231ae25352014e2a619f9a4ad
                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                      • Instruction Fuzzy Hash: 93210932E0125AABE7109FB98841BBFBBB5AF24740F1A80379E15E7350E270C901C794
                      Function 0144C156 Relevance: .1, Instructions: 88COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9616108a6b248ddafb54bc14e063e3734d8e1f356ac627cc6fcef9ed2073260f
                      • Instruction ID: edbea99c0141f9aea78e59250b935b027658a0e3fd44c27b329157f7e84b1ee3
                      • Opcode Fuzzy Hash: 9616108a6b248ddafb54bc14e063e3734d8e1f356ac627cc6fcef9ed2073260f
                      • Instruction Fuzzy Hash: 9431ABB59002018BDB34AF18CC40B797B74BF61308F8581AFDC4A8F3A2DA34D882CB90
                      Function 0150C3CD Relevance: .1, Instructions: 88COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                      • Instruction ID: 57e573cf3d74192c365a5608bc9d362faa5bcae665fe6e594ca24fc44b9790ae
                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                      • Instruction Fuzzy Hash: 33214B36600653A7CB16ABD58800BBBBBB4FF91711F00815FFA958F6E2E635D940C360
                      Function 0144E420 Relevance: .1, Instructions: 88COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c868859bfd1d0d157b0451146ca61011b863973117297d750e72e40c64173a33
                      • Instruction ID: de8390211f173249283e1d266d3c0156db8dbfb306941ddbe432851274c85cd2
                      • Opcode Fuzzy Hash: c868859bfd1d0d157b0451146ca61011b863973117297d750e72e40c64173a33
                      • Instruction Fuzzy Hash: 9131E832A0051C9BEB31DF19CC41FEEB7B9FB25754F0101A6E645B72A0D6789E818F91
                      Function 01484588 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                      • Instruction ID: 41411484ba1b56cc58b1f4c574d5867b5e50fdf63861d55fba63bea1f5685c05
                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                      • Instruction Fuzzy Hash: 2521B431A00706EBCB10DF59C980A8EBBB5FF58318F15806AEE19AF250D674DA01CB50
                      Function 014844B0 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a08ab1fcda78188b98e59d1b02c181b60afe40f2c33fa24ce8762c534cf7c19f
                      • Instruction ID: 9e9929722142a2f488d28018c83c55be97eed35cc2b2412d64374dc67d33f6ec
                      • Opcode Fuzzy Hash: a08ab1fcda78188b98e59d1b02c181b60afe40f2c33fa24ce8762c534cf7c19f
                      • Instruction Fuzzy Hash: 5621BF726047469BCB22EF59C880B6F77E4FB88760F09451EFA589B651D730E9018BA2
                      Function 0144E388 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                      • Instruction ID: 6a4b3403519c98e0eb569e916a8f7753bcf598ee3f58abd70aebb564e4721bd0
                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                      • Instruction Fuzzy Hash: 0731AB31600605AFE721CFA8C884F6AB7B9FF84354F1045AAE5029B6A1E734EE02CB50
                      Function 014CE609 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d0619399e3754d49284e35246c6c5b94e1b7d56a7de94bbcafd4ee2354567ecc
                      • Instruction ID: 19422fdbb314b6832f33c6d3427efd957f2a992be19d03f2690a44687849deb7
                      • Opcode Fuzzy Hash: d0619399e3754d49284e35246c6c5b94e1b7d56a7de94bbcafd4ee2354567ecc
                      • Instruction Fuzzy Hash: 7F318D79710245DFCB54CF1CC884AAEBBB5FF84704B55445EE809AB3A1E731EA41CB90
                      Function 014D06F1 Relevance: .1, Instructions: 79COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1cb2d62b023339d253cc7ee8781d48987e3c9f231e141ff0ae35bddb65906e4
                      • Instruction ID: e9ab967061752f7ead40d7c82e4e9ad01d2d58088afaf6c11dea3c3ab186a262
                      • Opcode Fuzzy Hash: c1cb2d62b023339d253cc7ee8781d48987e3c9f231e141ff0ae35bddb65906e4
                      • Instruction Fuzzy Hash: 5E219175A001299BCF20DF59C881ABEB7F8FF58744F55006AF541EB260D738AD42CBA1
                      Function 014D019F Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9a5be09210545e6d8a1651c4f9168eb521ad602ea90587c1621e1e0bff17f357
                      • Instruction ID: a8cfaf55ff8ca107bc0d3e60fa63e6bed2bfecd874a7e8e024d9bb718eaf239f
                      • Opcode Fuzzy Hash: 9a5be09210545e6d8a1651c4f9168eb521ad602ea90587c1621e1e0bff17f357
                      • Instruction Fuzzy Hash: 2821BC71600645AFDB15DF6DC850F6AB7A8FFA8744F14006AF904DB7A0D634ED00CBA8
                      Function 014D0283 Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 74ed42f69b55144913d5e2c9ba59d01fb00e9fb62f158fce9eb6b2de066817e9
                      • Instruction ID: 118b2225e88e585bc3e29405588fddff51d0389e955accbb3588a56f5b680966
                      • Opcode Fuzzy Hash: 74ed42f69b55144913d5e2c9ba59d01fb00e9fb62f158fce9eb6b2de066817e9
                      • Instruction Fuzzy Hash: 8B21F8725053469FDB11EF5AC858B5BBBDCEFA1244F08045BBD84C7271D730D905C6A2
                      Function 01472835 Relevance: .1, Instructions: 73COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 74ade0dd970b17d04dd6755a41138a18a384867f1438984f82d554dc1243b1e1
                      • Instruction ID: 07a1b0f1379b99f0a2525136f8c9822146f438f9f04dd65e8d95a08cdf6b5141
                      • Opcode Fuzzy Hash: 74ade0dd970b17d04dd6755a41138a18a384867f1438984f82d554dc1243b1e1
                      • Instruction Fuzzy Hash: 86213A316056C29BF322976D8C54F953B89AB11764F290367FA209B7F2D7B8C8038111
                      Function 0148A30B Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f4c26e6dcf5f9f7131261ee33388467588806919bfccb4f3bb538ab6201c2e3
                      • Instruction ID: 9cbe37372c66b624276a42edca3c1a7fa03a6064bfd584306ccea81ef48d2a05
                      • Opcode Fuzzy Hash: 6f4c26e6dcf5f9f7131261ee33388467588806919bfccb4f3bb538ab6201c2e3
                      • Instruction Fuzzy Hash: 8A21AC792006419FC725DF29CC00B4677F5BF68B08F24846EA509CB761E371E843CB94
                      Function 0150A49A Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 276b7185eb9a690938a2314cf52fe8d02ceafd354a5f6fd2c06b138715d423c6
                      • Instruction ID: ef1508bed3453db9c895859ee060191bda1e8bd5cf5f45f9331c7037dfa203cd
                      • Opcode Fuzzy Hash: 276b7185eb9a690938a2314cf52fe8d02ceafd354a5f6fd2c06b138715d423c6
                      • Instruction Fuzzy Hash: 3E110433240B12BBEB335A95AC01F6B7699BBE4B60F510428BB088F1D0DBB1DC018695
                      Function 014D0946 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 27701dc1aa8ef0c70544832181d871344bfece8176c9180659d7daa723db088d
                      • Instruction ID: 111457f317e5ef781d9c91ce211958bee3c42f109108e843f028460011e43fc1
                      • Opcode Fuzzy Hash: 27701dc1aa8ef0c70544832181d871344bfece8176c9180659d7daa723db088d
                      • Instruction Fuzzy Hash: E4212AB1E00209ABDB20CFAAD8809AEFBF8FFA8704F10016FE405A7354D7709945CB50
                      Function 014E80A8 Relevance: .1, Instructions: 69COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                      • Instruction ID: bfceeebe76fd3951b4435a111993f1e415f3836f9ada86816f55f3a50c70201e
                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                      • Instruction Fuzzy Hash: 73218E72A0020AEFDF129F99CC44BAEBBF9EF58321F21445AF944A7261D734D951CB50
                      Function 01480124 Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                      • Instruction ID: 89e1fd4b70a6713758a8fc26012d215b67ed8b049d05e49b250ccb69ae2eef0f
                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                      • Instruction Fuzzy Hash: 7311E673600605AFD712AF45CC81F9F7BB8EB90764F10402AF6008B1A0D672ED44C750
                      Function 01458770 Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3f641416f0a432245f5158ec0da2cdae5b34fe683ac109b34a773b8c600d8f84
                      • Instruction ID: 18270d8455dc93da6161520ab5e881c8c55944ebefc5e4c369b01f2348c063fb
                      • Opcode Fuzzy Hash: 3f641416f0a432245f5158ec0da2cdae5b34fe683ac109b34a773b8c600d8f84
                      • Instruction Fuzzy Hash: 2A11B675700612DBDB51CF5FC880A27BBE5EF56750B14406EED08DF316DAB1D9018790
                      Function 0148AAEE Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                      • Instruction ID: a83eca7c95fd5263f87c6a81f339302e5cdffad1e279c726bf218ac851798b2f
                      • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                      • Instruction Fuzzy Hash: 62215E72640641DFD735AF4AC540A6AFBE6EB94B50F25887FE64997720D7B0EC01CB40
                      Function 014580E9 Relevance: .1, Instructions: 66COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2c69ad9a4082653b632028ea97eec0f8198ca87a6073ff53768c9076366f38c6
                      • Instruction ID: a7e4173d8a98f7110abf0156b40f090c1988528f73d32287bbc0f05b7a520038
                      • Opcode Fuzzy Hash: 2c69ad9a4082653b632028ea97eec0f8198ca87a6073ff53768c9076366f38c6
                      • Instruction Fuzzy Hash: 77216D75A0020ADFCB14CF99C581AAEBBF5FB89318F24416ED505AB325CB71AD06CBD0
                      Function 0148674D Relevance: .1, Instructions: 65COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f8776f5afdf4c2751d268641ec951e097aecdf1d5358fb7a7dff81278c1d9019
                      • Instruction ID: 44ec7523ec541eb3a1f0b08779c1dcd2a018d8652f19d0dfbe4f95939734f7e7
                      • Opcode Fuzzy Hash: f8776f5afdf4c2751d268641ec951e097aecdf1d5358fb7a7dff81278c1d9019
                      • Instruction Fuzzy Hash: 3C219075610A01EFD760AF69C840F6AB7F8FF84350F05882EE59EC7260DA30A840CBA0
                      Function 014E6870 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 58b9081f2012d94a3ba7abf37ea425001136ae991cb4b09e5236d7b44bca054e
                      • Instruction ID: 746c9e05da08558333ea1b6cdd3f564c8e0db486affa999897bf2fb9e4882d0b
                      • Opcode Fuzzy Hash: 58b9081f2012d94a3ba7abf37ea425001136ae991cb4b09e5236d7b44bca054e
                      • Instruction Fuzzy Hash: F1119132240515EBC722DB5ECD44F9A77E8EFA5765F12402AF215DB271DA70ED01C7A0
                      Function 0147E8C0 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f1e87caab4834bbf91fa5fdcdc634a89b56a658e691227c07d1f09a0999b609b
                      • Instruction ID: bce9bae5ab9d8f940b672eec52f62fea8de0930598b843fb8c71af28fa6b577b
                      • Opcode Fuzzy Hash: f1e87caab4834bbf91fa5fdcdc634a89b56a658e691227c07d1f09a0999b609b
                      • Instruction Fuzzy Hash: 2E112F733001155FCB19DB29CC85BAB726AEFD5374B25493ED527DB3A0D9309802C390
                      Function 014866B0 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3f42e41a62814e56dcba4497aeea0df75a944f5ca9ae3141132149ae9efbed84
                      • Instruction ID: 071cb37c142bd9a2f90604e93d10469c56f6fb5a4de67c6d767055b8121bacb2
                      • Opcode Fuzzy Hash: 3f42e41a62814e56dcba4497aeea0df75a944f5ca9ae3141132149ae9efbed84
                      • Instruction Fuzzy Hash: D311BC76A01245EBCB65FF9DC580E5ABBE8AB94614B02407FE9099B324EA70DD00CBD0
                      Function 0151A8E4 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                      • Instruction ID: 221f40aed69d83cbb42de16b8c3cb23882e276509e96717b6dabc29214e16d7f
                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                      • Instruction Fuzzy Hash: CA110836600506AFEB1ACB54C811B9EB7F6FFD4210F058269E8459B344D771AD41CB80
                      Function 01450AD0 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                      • Instruction ID: 9398ecc39e263e23b32e315ce7389e14072d305a865c1b99859ebcf1edd52c17
                      • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                      • Instruction Fuzzy Hash: 262106B5A00B059FD3A0CF29C481B56BBF4FB48B20F10492EE98AC7B50E371E814CB90
                      Function 014DE7E1 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                      • Instruction ID: 6d785df6527075b36bf3b5080ec2de197f2912c651b92df6e8fb5038a8f0c698
                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                      • Instruction Fuzzy Hash: B4119E32600601EFEF219F49C856B5BBBA5EB65758F05842EFA09AF270DB31DC40DB90
                      Function 014727ED Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e3010e2e2120c2e7f559376137a8d1e101c969ed416e7048b923838f99ba4227
                      • Instruction ID: dd8d83fb992744da2531e4d944a19aaceefc5c43c02872f75bae8b7244e9d595
                      • Opcode Fuzzy Hash: e3010e2e2120c2e7f559376137a8d1e101c969ed416e7048b923838f99ba4227
                      • Instruction Fuzzy Hash: 68010431205685ABE326A66ED894FA76ADDEF50294F16006BF9048B371D975DC02C271
                      Function 01454690 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a90b922ed07af5d84cddf61f3fb4d703112fefc85d8294d4a896bf47f74b203d
                      • Instruction ID: 5621ba6507cd1bb375c52af847f52ecbe0f15f0538f1130c115b1fafd3f4add6
                      • Opcode Fuzzy Hash: a90b922ed07af5d84cddf61f3fb4d703112fefc85d8294d4a896bf47f74b203d
                      • Instruction Fuzzy Hash: 4111E036200645AFDB21CF9AC840B167BA8EB96B64F08411BFD088F762D334E880CF60
                      Function 01524B00 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1abb877096250e3b180eaca228283ff66d52a0b1486f2d09efc5b4b6ee260fe8
                      • Instruction ID: 70120041a144845e4de54926e10e8b029ffe4dff568d28482f98640470f69c73
                      • Opcode Fuzzy Hash: 1abb877096250e3b180eaca228283ff66d52a0b1486f2d09efc5b4b6ee260fe8
                      • Instruction Fuzzy Hash: 1511E9372006219FDB21DA69D840F5BB7E5FFC6711F154419E696CB6D0DA30E802CB90
                      Function 01486620 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bc2f365094e2907920c593c887eaeeb6c6d370c83c75cca37ded3234a2514a14
                      • Instruction ID: 2d7e60f9862873c8ca4e18a1dc372c277136ead704d627c81e8ff3cdc3a7ad49
                      • Opcode Fuzzy Hash: bc2f365094e2907920c593c887eaeeb6c6d370c83c75cca37ded3234a2514a14
                      • Instruction Fuzzy Hash: C111C672900655ABDB61EF59C980B5EFBB9FF54744F51045ADA08B7311D730AD018B50
                      Function 0147EA2E Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ad7538eebe2d514fc1a52068ed3daad8ca2d41c12472f6ad23d8b7e9cdf9c86
                      • Instruction ID: 3151b9c4cc602b8b062d229f8471caf746d389d96a6a041f381130737641a425
                      • Opcode Fuzzy Hash: 6ad7538eebe2d514fc1a52068ed3daad8ca2d41c12472f6ad23d8b7e9cdf9c86
                      • Instruction Fuzzy Hash: 300100715101069FC325DB19D404F56BBE9FBA171CF2182ABE0049B231D7709C46CB90
                      Function 0147E53E Relevance: .1, Instructions: 55COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                      • Instruction ID: b504d6b764c2160b38e258a8ece703ff0840245b39a7302aa15bad7b497d0f53
                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                      • Instruction Fuzzy Hash: 6511E5712016C69BE7239B6CCD94BA63BD8AB11788F1900E3DE4997772F338D847C261
                      Function 014DE75D Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                      • Instruction ID: 9a128e4b14f1278997ee32f6e796b3ae1f057092ba3bb2a952c7bb027f986471
                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                      • Instruction Fuzzy Hash: 6F01D232600505EFEF619F5ACC10F5B7AA9EB90750F06802BEA05AF270E771DD40C790
                      Function 0144A250 Relevance: .1, Instructions: 52COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                      • Instruction ID: 4143ec752864af366879200492e4ebf694654c2d3b95d9c3b591cefa84307b16
                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                      • Instruction Fuzzy Hash: 66012631544722ABDB318F19D840A337BA8FF55760710852EFC968B3A1C331D401DB60
                      Function 01524940 Relevance: .1, Instructions: 52COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b3cd86e4a528615ae341773b16e1e4e113cf3d405cdf9605e46a5a4f5142c928
                      • Instruction ID: c06137d92927dbd4fa4cb29aed2abe196763d078d54d82dc5a67ed55db87069d
                      • Opcode Fuzzy Hash: b3cd86e4a528615ae341773b16e1e4e113cf3d405cdf9605e46a5a4f5142c928
                      • Instruction Fuzzy Hash: C00100736412219BC332DF1C8800E16B7A8FB92774B25422AE9A99F1E6D730D801CB80
                      Function 014CE1D0 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0602ca537251e9791ed0611f30cc87584a92db738e126525f3913119cac583bf
                      • Instruction ID: 192f698e9a2f042177d16cb48c1cbfe4039998ab370c2ffa962ea32d0493c4fc
                      • Opcode Fuzzy Hash: 0602ca537251e9791ed0611f30cc87584a92db738e126525f3913119cac583bf
                      • Instruction Fuzzy Hash: A411A136241241EFDB55EF1ACD90F56BBB9FF64B44F10006AF9059B661C335ED01CA90
                      Function 01456259 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2dfde79e1ac0f915034d308016c109ebfb70230bdf87604acfc9459f8b97fa0f
                      • Instruction ID: 4ee13f3bb19d4c9e30af6c3809aef31669ff2f6ba35308405b9e3081f1d6cb97
                      • Opcode Fuzzy Hash: 2dfde79e1ac0f915034d308016c109ebfb70230bdf87604acfc9459f8b97fa0f
                      • Instruction Fuzzy Hash: E3119E70502228ABDF65AF25CC41FE976B4AB14710F50419AB718A61F0DA709E81CF84
                      Function 014D6050 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fa0580f6cda78f9665bc7e0ed5cab8b5f09a40bb5d5b3e9edf58eb1de1e72aeb
                      • Instruction ID: c911dd713086ecaa7266f0d51422c93c0f307d832c395960571443de800400a9
                      • Opcode Fuzzy Hash: fa0580f6cda78f9665bc7e0ed5cab8b5f09a40bb5d5b3e9edf58eb1de1e72aeb
                      • Instruction Fuzzy Hash: 87111B72900019ABCF12DB95CC80DDF7B7CEF58258F054166A906E7211EA34AA55CBE0
                      Function 0145208A Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                      • Instruction ID: f7dc256c56a08b237e190c0220188c6a44d1ff330c1b28894926b7bad3fc220f
                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                      • Instruction Fuzzy Hash: CA014572202100DBEF519E19C880E977766BFD4A00F4640ABEE008F367DAB1C882C390
                      Function 014E6500 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9b33f824918bf080f6a17b80e83e4a7998129c843bc1c9342456ddcb6bda95b7
                      • Instruction ID: 674848cd8b69f50db074f8c3217763a9193d066a9d0cb003a3b3306b6c4fbce6
                      • Opcode Fuzzy Hash: 9b33f824918bf080f6a17b80e83e4a7998129c843bc1c9342456ddcb6bda95b7
                      • Instruction Fuzzy Hash: 2311A5366441459FD711CF59D800BA6BBF9FF66314F09815AE8498F325D732EC45CBA0
                      Function 014DC810 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be80843e1109a0bf10de4207f879a19e797dadaca1774ec711e1fbed149edc80
                      • Instruction ID: 17f74d260ba754200efd442a81096c190b34361d2e3d52509c1a8143997ff543
                      • Opcode Fuzzy Hash: be80843e1109a0bf10de4207f879a19e797dadaca1774ec711e1fbed149edc80
                      • Instruction Fuzzy Hash: A611ECB1A002499FCF04DFAAD591A9EBBF8FF58350F14406AB905E7351D674EE01CBA4
                      Function 014FEA60 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ab446996e472d7908abfe16036115a232c25277403202ed1bcd8839202b6def9
                      • Instruction ID: 22f4ff9e3fd986014aeacd53d78fa3e1d796baefa250187ff3e1747298858202
                      • Opcode Fuzzy Hash: ab446996e472d7908abfe16036115a232c25277403202ed1bcd8839202b6def9
                      • Instruction Fuzzy Hash: FA01B531940111ABC732AA2A8540D3BBBA9FF61656B06442FE3556B331C770DC46CB92
                      Function 0144C020 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                      • Instruction ID: 246f83a0f7dca6be57cd678f6f602de5bed6efee9c7fe3d7e962f0d6ab48eabc
                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                      • Instruction Fuzzy Hash: 5E012D325007059FFB22D6AAC440EA777E9FFE6210F45441FE5968BA60DE70E402C750
                      Function 014920F0 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5bdb94d65c678ac8d55607478fc42b842138eb83b6a36b797d4ba71f6f080160
                      • Instruction ID: 5f361cb865a75a15a87159cb61ecd17597c848b44710fc717c0611cc746ba743
                      • Opcode Fuzzy Hash: 5bdb94d65c678ac8d55607478fc42b842138eb83b6a36b797d4ba71f6f080160
                      • Instruction Fuzzy Hash: 7911AD75A0020DAFCF01DFA5C851EAE7BB5EB94784F00405EE9019B260EA30AE12CB90
                      Function 0148E5CF Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ca649f7119f53f675f554826c18154016a3943e7dba031f2c14d182e59a49f99
                      • Instruction ID: b4fabc92be977c4a8efd67bbb1ed99127ba425c60fa10a91c6d74fb29a88570b
                      • Opcode Fuzzy Hash: ca649f7119f53f675f554826c18154016a3943e7dba031f2c14d182e59a49f99
                      • Instruction Fuzzy Hash: A501D4B2200642BFD211AB6ACD40E57B7ACFB65768700052FB10993670DB74EC11C6A0
                      Function 014E69C0 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8da496e74f94bf6ed0ffd600872f985ee1bcb5ceaf9c33e44a767b94b342edd4
                      • Instruction ID: 1fdf238e1856bbb91dd198c8076f6441664a48d9dd18d9e0e23d87c84cdb88aa
                      • Opcode Fuzzy Hash: 8da496e74f94bf6ed0ffd600872f985ee1bcb5ceaf9c33e44a767b94b342edd4
                      • Instruction Fuzzy Hash: A80140327142019BC330DF7AD44C967BBE8FF65664F12461FE95887290D7309902C7D1
                      Function 014DC460 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a162012972f7225f6b884db341298c126db9c9984460732a9fca8716b8842b74
                      • Instruction ID: b558345e3bd9cff07df527ab409e811eaa559da084973850561e4cff1924553f
                      • Opcode Fuzzy Hash: a162012972f7225f6b884db341298c126db9c9984460732a9fca8716b8842b74
                      • Instruction Fuzzy Hash: BE115B75A0024DABDF15EFA9C890EAE7BB6EB58344F00406EF90197360DA34E912CB90
                      Function 014DC97C Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7e0eb5bacbe909cdd5549f6bbed9c8d8e9005c849f5e7c81ec175fb30c5d3742
                      • Instruction ID: a569ef39ddbf261a7a9230f7613db92a1a26b725cffd7a5dd1a7e054503d9f30
                      • Opcode Fuzzy Hash: 7e0eb5bacbe909cdd5549f6bbed9c8d8e9005c849f5e7c81ec175fb30c5d3742
                      • Instruction Fuzzy Hash: 15117CB16053449FC700DF6AC44195BBBE8EFA8310F00455FB998D7360D630E901CB92
                      Function 014DCA11 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7c9f9c94b0951ad5fd6215a9c9a8a9a017f5335f3d47d34e213651fd48c67e7c
                      • Instruction ID: 0fe4b4f29af5ca557e92fe032f93440321b4a8bf3e91362a215e0675ac5adcb1
                      • Opcode Fuzzy Hash: 7c9f9c94b0951ad5fd6215a9c9a8a9a017f5335f3d47d34e213651fd48c67e7c
                      • Instruction Fuzzy Hash: 721127B16183499FC710DF6AD441A5BBBE8AFA9750F00851FB958D73A4E630E901CB92
                      Function 01524A80 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                      • Instruction ID: fbcee6717b9750431c7c9f202ca17a8783a71c996119d6a051d59b9500a13fd4
                      • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                      • Instruction Fuzzy Hash: D201B1332006129FE7259A69D844E9ABBEAFBD6210F054819E6428F690DBF5F841C794
                      Function 0146E016 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                      • Instruction ID: d1507fe34866c33c28477a863974727dd92e026f821b8537e6116606722965f0
                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                      • Instruction Fuzzy Hash: F8015E71204690DFE322C61DC958F277BECEB68758F4904A6E905DB6B2D638DC41C662
                      Function 0144826B Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cb5aae37041bb5328941392dc7c49c77abf1b919bdba0caf7923db5b2dcaf69f
                      • Instruction ID: c4cd7666035e2180299e70adcd63c4f2747e453af7d90e0db7d4f0b88ac935de
                      • Opcode Fuzzy Hash: cb5aae37041bb5328941392dc7c49c77abf1b919bdba0caf7923db5b2dcaf69f
                      • Instruction Fuzzy Hash: FD01A231700516DFEB14EBAAD8149AF7BA9FFA0624B16402BD901AB770DE30DD06C790
                      Function 014FEB50 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 5073e30aee7adcb4fc84e6b4806f107842086d79289ec14afed8794115061a0f
                      • Instruction ID: 93f587d0f5787a04d7777214c6756d1f52c1717bd94dce1b1a1ef37955e0bb2f
                      • Opcode Fuzzy Hash: 5073e30aee7adcb4fc84e6b4806f107842086d79289ec14afed8794115061a0f
                      • Instruction Fuzzy Hash: 5301DF71280615AFD331AB1AD800F02BBA8AF65B54F12082FA356AF3B0C6B098418B95
                      Function 01452582 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fc889d7393b996c6922f751aa91631fbe4558bcc596c832092878f22f2378371
                      • Instruction ID: e62d278eaba0d88b3aa0cb85e726e64321dcfdd9f497a4ab47c2726e92b2b9fb
                      • Opcode Fuzzy Hash: fc889d7393b996c6922f751aa91631fbe4558bcc596c832092878f22f2378371
                      • Instruction Fuzzy Hash: B1F0F932641614B7C7329F57CC40F477AADEB94B94F01402ABA0597661C670ED01C6A0
                      Function 0147C073 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                      • Instruction ID: 7f9fa04ee5e08d63b7968e7b7e95956cc2d6973578ccc6ada9c1da1ee1bce769
                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                      • Instruction Fuzzy Hash: ECF0AFF2600A11ABD335CF8EDC40EA7FBEADBD1A90F048129A515CB320EA31DD04CB90
                      Function 0152634F Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7947b06a3acd6032005e1bc68a4c33e2bd00dc8c5ba892a6774e8e63bc8c1f81
                      • Instruction ID: a7dfd0fef0fecdd55832638691df0ea0ddd1fc997e1b7d9d2cdab7f8158be93e
                      • Opcode Fuzzy Hash: 7947b06a3acd6032005e1bc68a4c33e2bd00dc8c5ba892a6774e8e63bc8c1f81
                      • Instruction Fuzzy Hash: 23018471A10249EFDB00DFAAD55099EBBF8FF68304F10401AF904EB390D634DE018BA0
                      Function 0144C310 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                      • Instruction ID: fcde15a2cc064e43487ff100ffd7716ad377767e07f6c8904ff15a8b6a814fc1
                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                      • Instruction Fuzzy Hash: 16F0FC732476239BF7321B9A48C0B2BA5958FE1A64F1E003BF2099B364CA748D0296D5
                      Function 0152625D Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8aeb2316c378adefaa4dd91fa25f9359947546b9604b0696ccb349528f6c8c19
                      • Instruction ID: b1a6f9caa5c621f74105d3cdbb09793d5a4843b26909a8e224cdb1bc8f19ea4a
                      • Opcode Fuzzy Hash: 8aeb2316c378adefaa4dd91fa25f9359947546b9604b0696ccb349528f6c8c19
                      • Instruction Fuzzy Hash: 39017171A00259AFCB04DFA9D451AAEB7F8FF69304F10401AF904EB390D67499018BA0
                      Function 015262D6 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 823b3dff02243d207bd21fdaee98142254a821431f2b87b5d3c99026fce31cc1
                      • Instruction ID: fdbb8f3887617c40ac528a4bd360bf8046b78db78b85305a31d48a18cc1f8ba9
                      • Opcode Fuzzy Hash: 823b3dff02243d207bd21fdaee98142254a821431f2b87b5d3c99026fce31cc1
                      • Instruction Fuzzy Hash: 60018471A00209EFDB00DFA9D44199EBBF8FF68304F50401AF914EB390D674DD018BA0
                      Function 0148CA6F Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                      • Instruction ID: 03a359ebd63d4689fa25023cdb941d69e380999f6a6110ab93887fc967d28a6a
                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                      • Instruction Fuzzy Hash: EC01F9352006869BE323D75DC845F9AFB9CEF51B54F08407BFA148B7B1E675C801C225
                      Function 015261E5 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 55ca86c74c6277388958f62ef180bf91ef89124c1508131b47172eda666b7c09
                      • Instruction ID: 35a22918ab7444a7102bc47b3586f58d82be3cbaeb9dc06de98a3ecd1461454f
                      • Opcode Fuzzy Hash: 55ca86c74c6277388958f62ef180bf91ef89124c1508131b47172eda666b7c09
                      • Instruction Fuzzy Hash: 57018F71A002599FDF04DFAAD841AEEBBF8BF59314F14405AE901AB290D734EA02CB94
                      Function 014D63C0 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                      • Instruction ID: f982ac43d6121522cad45a4dc0af845a5e766a6bf1ac06cabd54c38502df5d41
                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                      • Instruction Fuzzy Hash: A0F0127210001DBFEF019F95DD80DEF7B7EEB55298B114129FA1192170D635DD21ABA0
                      Function 014DA4B0 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b5818ee5c2208972cac9ade2e285dc7067f2ba1265a1040c47ce61d3a65481b4
                      • Instruction ID: 6aec637c885b2348490709ee2c9756e26396c4ca8340c14cbea76ea484ad619b
                      • Opcode Fuzzy Hash: b5818ee5c2208972cac9ade2e285dc7067f2ba1265a1040c47ce61d3a65481b4
                      • Instruction Fuzzy Hash: 82019736110209ABCF129F84DC50EDE3F66FB4C768F068116FE286A220C336D971EB81
                      Function 0144C0F0 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f351cc6e04ae95725641cf65d9dc0bcf5d676e9b603d02e741a2b183bb3489e3
                      • Instruction ID: 16614b6c9ec7c94b1130afff4c98b117bb6890b266b727f3e7d3ea1d4df20735
                      • Opcode Fuzzy Hash: f351cc6e04ae95725641cf65d9dc0bcf5d676e9b603d02e741a2b183bb3489e3
                      • Instruction Fuzzy Hash: 09F024722052519BF31096199C81F237696EBE4652F6D802BEB058B7F2EE70DC818B94
                      Function 0148656A Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 37571d9f46109224625c854399f5166e1f6ccf1782ff7b128bedac89305d83c0
                      • Instruction ID: bf535cd2e844065d1fdb34736342b83ea3013745e8605520bb834a9cc25b5cd2
                      • Opcode Fuzzy Hash: 37571d9f46109224625c854399f5166e1f6ccf1782ff7b128bedac89305d83c0
                      • Instruction Fuzzy Hash: 0601A9743016C19BF763EB6CDD68F2B3798BB50B44F49055ABA458B7F6D778D4028220
                      Function 014F437C Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                      • Instruction ID: 536adb5335d234f73d9cc2d53f82f6717f58ab4ebf31c8faac051027ea99d778
                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                      • Instruction Fuzzy Hash: CDF0B43534191347EB36AA2E8420B2BA695EFA0950B0D052E9701CB7A0EF30D8118781
                      Function 014DE872 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                      • Instruction ID: 923b636f23f5dbb2fcddcbbd25cdf99f8be790b7a419ece11bae1eb0d91b581a
                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                      • Instruction Fuzzy Hash: 90F05E337116529BEB219E4EDC91F17B7A8AFD5A60F19006AB608AF374C770EC0287D0
                      Function 014DC89D Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 54e957a5687b351e6d726df433debc458e2ec17b864343590733a80a745d1177
                      • Instruction ID: feb6c0015ef1072ea15b47060fda783e035d1306e09a90d0ffa1f04b29fa7598
                      • Opcode Fuzzy Hash: 54e957a5687b351e6d726df433debc458e2ec17b864343590733a80a745d1177
                      • Instruction Fuzzy Hash: 6EF08C706053449FC710EF69C952A1ABBE8EFA8714F40465EB898DB3A4E634E901C796
                      Function 01480854 Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                      • Instruction ID: 518051322806b4f58cc6c003905d6e91636a1e074519ea12b07fb2e61847fadb
                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                      • Instruction Fuzzy Hash: 7BF02472620200AFE714EF22CC00F4AB6E9EFA8340F148079A544C7270FAB0ED81C655
                      Function 014DC912 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 96af1d376a01e9f0c0bd3e96ccab584a2c933a396456cd6ea1d9b29055af1f55
                      • Instruction ID: 6ab82cce263f5eaa82db2d4758350427b3e9def67c6200c1ae2ea2cd9f617b28
                      • Opcode Fuzzy Hash: 96af1d376a01e9f0c0bd3e96ccab584a2c933a396456cd6ea1d9b29055af1f55
                      • Instruction Fuzzy Hash: 13F0C270A00249DFCF04EFAAC565A5EBBB4FF28304F00805AB915EB395DA34EA01CB50
                      Function 014547FB Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3a0638faf4fd94b016fe0a3ad254904e9379c1e301610a0afb0b028a4f1b5166
                      • Instruction ID: a992b7cfcb49ab1987d01fba7e0ae69535261dd8dd894a6c49b46cff1489b111
                      • Opcode Fuzzy Hash: 3a0638faf4fd94b016fe0a3ad254904e9379c1e301610a0afb0b028a4f1b5166
                      • Instruction Fuzzy Hash: 5BF0F0399022E19FE7A28B1CC804B627BC49B00B24F0C986BCD698F633E734D8C0C601
                      Function 01510115 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 93dc09c95fde22a1b5d0440c029cd152da7be939cc3e12eed8a72f2699395672
                      • Instruction ID: f6386061c23d311903e6f7ec3e76f74680e32c515ea240d7e759addb998a404b
                      • Opcode Fuzzy Hash: 93dc09c95fde22a1b5d0440c029cd152da7be939cc3e12eed8a72f2699395672
                      • Instruction Fuzzy Hash: F7F0273E4596C217EB337B2C6C513E97B64B782018F0A1449D4B15F28DC6B888C7D320
                      Function 0148C5ED Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 90e190ad2966abee099b2273c730e77e02b16359c9b6aee45b2dde59f3a9e4dd
                      • Instruction ID: 3a3bc291b01cdfa2a4883864b7291c7685406911bcb08e2eacd027c37911b6d1
                      • Opcode Fuzzy Hash: 90e190ad2966abee099b2273c730e77e02b16359c9b6aee45b2dde59f3a9e4dd
                      • Instruction Fuzzy Hash: 45F0E9715115519FE322B72CC1C4B9AB7D49B4576CF089437D40D97672C770E882C6B1
                      Function 01492619 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                      • Instruction ID: e0cc6859ea8a04034fad3aa4e3ddae64a4674735949b1bedfeb69ff5e8e6dbe9
                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                      • Instruction Fuzzy Hash: 06E092723006012BEB119E5ACC80F477B6E9FE2B14F04007EB5045E261C9F29D1982A4
                      Function 014E6030 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                      • Instruction ID: 9523ff293c121ee5339f6e0fc3fd844e34eac959b19585cc8a57039a70fc3b47
                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                      • Instruction Fuzzy Hash: AFF030B21042149FE321DF09D948F52BBF8EB25365F46C02AE6099B671D37AEC40CBA4
                      Function 01450710 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                      • Instruction ID: 7507c5ff4472f2d74d06405021799cdbbc36fba7d1aca90405e1818e81e45140
                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                      • Instruction Fuzzy Hash: 53F0E53A2047419FEB56CF19D050AD57BA8FB61350F010066FD468B362D731E982CB50
                      Function 014849D0 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                      • Instruction ID: b441a0de316a0c762ef6a4673535821cdeb717b7af3f3b1e5dd4b3020d9f4f2c
                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                      • Instruction Fuzzy Hash: 01E09232244146EBD7213A5A8800B6EB6A99BE07A0F19442BE2408F260DB70DC41C798
                      Function 01524164 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6222cac0d964bd9a133f8dc0511a03ab21a1f0ffc9fa4e3906301106b875aa64
                      • Instruction ID: e0230014d6fce785678a1aa5de061ce0c0cd452a7b38c789e63f3e347663a158
                      • Opcode Fuzzy Hash: 6222cac0d964bd9a133f8dc0511a03ab21a1f0ffc9fa4e3906301106b875aa64
                      • Instruction Fuzzy Hash: B1F0A032A256B14FE762D728D180B5D77E4BB52A30F2A0565D4008B992C720DC80C650
                      Function 014F678E Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                      • Instruction ID: 93ca467024e698989ceb9192df3f3ec67dae26fe3f94c8e5c81578138765b749
                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                      • Instruction Fuzzy Hash: 5CE04872640114BBDB21975A8D05F9B7EECDB64EA4F15405AB701D71A0D570DE00D690
                      Function 015208C0 Relevance: .0, Instructions: 25COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                      • Instruction ID: e740ea592a150eac15105254d32e2c3a880d8cd16fa7198f5cb53fd162fe1acb
                      • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                      • Instruction Fuzzy Hash: E2E09B336417608BCB258A1DC144A57B7E8FFD6660F658069E9054B693C271F842C6D0
                      Function 014525E0 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 123f47a23a059a648d3e9621714e86e240ef0866d43e9badf4a8df4afc5e0c63
                      • Instruction ID: c379e42d5bd2e541a51a03baf4f48e58a15abc420b87aaf19683d7279e90295a
                      • Opcode Fuzzy Hash: 123f47a23a059a648d3e9621714e86e240ef0866d43e9badf4a8df4afc5e0c63
                      • Instruction Fuzzy Hash: CDE09232100694ABC722BF2ADD01F8A7BAAEB70364F01451AF5195B1A5CA70A950C798
                      Function 0150A456 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                      • Instruction ID: 87e92159b295332990f563a97a5c7acc8118e0159003effe401c3c4ef1bbc550
                      • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                      • Instruction Fuzzy Hash: B8E06D31011651DBEB326F2BD948B9A7AE0BFA0711F15882EA09A164F0C7B498C0CA40
                      Function 014D4000 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                      • Instruction ID: 57efee2409ae9e0e29cf48225c476476c3c99648f4a187b5005dce3ec4658999
                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                      • Instruction Fuzzy Hash: ADE052753003459FEB16CF19C094B677BB6BFD5A50F28C069A9488F705EB36E842CB51
                      Function 0148CA38 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d0d298554c81b1aba0687742791aa5cbb1435ac5679d86487d516cfc1da0f26d
                      • Instruction ID: d965818cbb2cf0219164d660e82e53eea3705e97e87be1cdea5b430fda511c9c
                      • Opcode Fuzzy Hash: d0d298554c81b1aba0687742791aa5cbb1435ac5679d86487d516cfc1da0f26d
                      • Instruction Fuzzy Hash: A2D02B324850206ACB35F359BC44FEB7A5D9B64260F024863F108D6030D534CC81D2E4
                      Function 0144823B Relevance: .0, Instructions: 21COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                      • Instruction ID: 73dde10ca62f7030d71290abc722a36ff8baaccab1be32bbdba409588269cf0c
                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                      • Instruction Fuzzy Hash: 6DE08C32401A12EFEB322F56DC00F527AA5FB64B20F11482FE085160B886B0A882DA44
                      Function 01452050 Relevance: .0, Instructions: 20COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 22401f4c4bb89418689c7b7b8415c63178144dd775524589bf67926736f4a64c
                      • Instruction ID: 1979f8d0c7bf7be866e736d8b445d4ff95c8bca3854725cce6622f025a524b8f
                      • Opcode Fuzzy Hash: 22401f4c4bb89418689c7b7b8415c63178144dd775524589bf67926736f4a64c
                      • Instruction Fuzzy Hash: 33E0C233100590ABC312FF6EDD11F4A73AEEFB5364F05012AF5558B2A4CA70AC40C7A8
                      Function 0148E59C Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                      • Instruction ID: f35ae1816c39559c20a38eefdeffafa1ee0ae47ae677789aec811559a818a532
                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                      • Instruction Fuzzy Hash: 33D0A933204660ABD772AA1DFC00FC333E9BB98B24F06085EB008C7160C370AC81CA84
                      Function 014CE908 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                      • Instruction ID: ee059a8aedd4b3a56de0b018043adec29f4eed7795788b4e4cff7ab4c11e30c4
                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                      • Instruction Fuzzy Hash: D3E0EC369506849BDF52DF5AC640F9EBBB9BB94B40F150059A5086B671C734A900CB40
                      Function 0144A0E3 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                      • Instruction ID: 9028e34130892c1de5d5d1e6b10414d095e20149f4a638e97a3e43b2e02b25fc
                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                      • Instruction Fuzzy Hash: DCD0223321707093EB285E566800F636909AB80A94F2A002E740B93920C0248C43C2E0
                      Function 0148A830 Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                      • Instruction ID: 3d2180e40c8d2f6a30a9c6872023e0343e5b2a506423b81b414b5c639f405ef7
                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                      • Instruction Fuzzy Hash: 3BD012371D054DBBCB119F66DC01F957BA9E764BA0F444021B508875A0C63AE950D584
                      Function 0148CA24 Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ad5af6080ac4306c8e43509dc9b0f2b03a1769430701875c15adfea141fe3ee3
                      • Instruction ID: e47073b0f74b7f4fc92b1218f0bc31399f77ecdde562abe164a2c37578144eeb
                      • Opcode Fuzzy Hash: ad5af6080ac4306c8e43509dc9b0f2b03a1769430701875c15adfea141fe3ee3
                      • Instruction Fuzzy Hash: F8D05E385011128BDF16DF19C550A6EB674EB10A44B40007EF60151130E335D8019654
                      Function 014602A0 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                      • Instruction ID: 2ab5c1ce8a2a4bb6345c8fd27debff526ea28d384f89013c683112e9aa831d35
                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                      • Instruction Fuzzy Hash: F6D09235212A80CFD61A8B0CC5A4B1633A8BB44A48F850491E442CBB22D638D940CA01
                      Function 0148C700 Relevance: .0, Instructions: 12COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                      • Instruction ID: 21e5ee4d10fa94334433b499372901e05466ae94d3a8df4bdd6f0d4675f4696d
                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                      • Instruction Fuzzy Hash: FFC01233150644AFC7119E95CD01F0177A9E7A8B40F000021F20447570C531E810D644
                      Function 01470310 Relevance: .0, Instructions: 11COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                      • Instruction ID: cbad0c7a51c9c87812c596627375daf85e0e65c5926a8ab927dd21cdbbaceb1b
                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                      • Instruction Fuzzy Hash: BBD01236100248EFCB01DF41C890D9AB72AFBD8710F108019FD19077108A31ED62DA50
                      Function 01450750 Relevance: .0, Instructions: 9COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                      • Instruction ID: 6e17ee78c0de00db3cceb564b2cf76925a68dbdeded8e24b27b0a23496f67a37
                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                      • Instruction Fuzzy Hash: 74C04C757015418FDF15DF1AD294F4577E4F764744F150891E905DB732E634E801CA11
                      Function 01494340 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7ab0b8f52ac8b646c86316c6ada5054b60ab3e980207a23c1994799a28d32d2d
                      • Instruction ID: b0c27b1c1e98faf89a13d7b97169828ee0c61f9177759ceab9fe0ebf13327311
                      • Opcode Fuzzy Hash: 7ab0b8f52ac8b646c86316c6ada5054b60ab3e980207a23c1994799a28d32d2d
                      • Instruction Fuzzy Hash: 61900271B05801129140719848945464005E7F0302B96C012E0424555CCB248A565361
                      Function 01494650 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d1b0802eb5ddc97043b6ac9bf69d7781d57cedfa647aae43cd4133eea9f60496
                      • Instruction ID: 9c4b794f3fbef463bc2b3921eda85ebb585167511a6affdc0434a059630a302a
                      • Opcode Fuzzy Hash: d1b0802eb5ddc97043b6ac9bf69d7781d57cedfa647aae43cd4133eea9f60496
                      • Instruction Fuzzy Hash: 7E9002A1B01501424140719848144066005E7F13023D6C116A0554561CC72889559369
                      Function 01492B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8f9602060acbad77f7b58e071bd87eb3c33c50ede70e76274090ec57efd41038
                      • Instruction ID: 214cbdb501815a88e75808a0faae434451ca3715192d75c74f0cc72231c7d8a1
                      • Opcode Fuzzy Hash: 8f9602060acbad77f7b58e071bd87eb3c33c50ede70e76274090ec57efd41038
                      • Instruction Fuzzy Hash: F19002A170240103410571984424616400AD7F0202B96C022E1014591DC63589916225
                      Function 01492BE0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3e15b64039148bff9978460ed5763cf4bfe64fde44e5650b9c342ca2dc4cea30
                      • Instruction ID: f4407893e278eb9e0ce11b0040a91b5a23023cde86b334c12301769214aaaf02
                      • Opcode Fuzzy Hash: 3e15b64039148bff9978460ed5763cf4bfe64fde44e5650b9c342ca2dc4cea30
                      • Instruction Fuzzy Hash: 6D90027170544942D14071984414A460015D7F0306F96C012A0064695DD7358E55B761
                      Function 01492BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6845d07d8fd5a12337ed16d50c9ac506afbbaa895ccdc91a34f781a093c73f96
                      • Instruction ID: 248a72d5e6dccb6fc39dd8a28341b9c52540532dd4002a30eb82e7c5ea00e58a
                      • Opcode Fuzzy Hash: 6845d07d8fd5a12337ed16d50c9ac506afbbaa895ccdc91a34f781a093c73f96
                      • Instruction Fuzzy Hash: 0590027170140902D1807198441464A0005D7F1302FD6C016A0025655DCB258B5977A1
                      Function 01492B80 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7298225acca113b90f8c2a81e4dcf06b686fd450e781780673c5753162975b66
                      • Instruction ID: 12f681d26348e54462e0e06f060c7c47ef0e8d6aecc782a8e364bc68e67972fc
                      • Opcode Fuzzy Hash: 7298225acca113b90f8c2a81e4dcf06b686fd450e781780673c5753162975b66
                      • Instruction Fuzzy Hash: 4B90027170140902D104719848146860005D7F0302F96C012A6024656ED77589917231
                      Function 01492BA0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3d6b0b6298529192aa75aa9de2f2874271f56b6490899fdbff49bff7308620ef
                      • Instruction ID: 512bbd381d26fa10e79476cb8e38033a2a5b8759c60f6300b90ad452e0db62bf
                      • Opcode Fuzzy Hash: 3d6b0b6298529192aa75aa9de2f2874271f56b6490899fdbff49bff7308620ef
                      • Instruction Fuzzy Hash: 02900271B0540902D150719844247460005D7F0302F96C012A0024655DC7658B5577A1
                      Function 01492AD0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 34e173144420aba75b02fa5e7861ae3ac35a0c3cc76d5979406c01e26f2aa996
                      • Instruction ID: 3e97b90a3f38ab03ab26f0d1ba1296d77f4360bf7a3dd9f956b3115d6e74374b
                      • Opcode Fuzzy Hash: 34e173144420aba75b02fa5e7861ae3ac35a0c3cc76d5979406c01e26f2aa996
                      • Instruction Fuzzy Hash: 4A900265711401030105B59807145070046D7F5352396C022F1015551CD73189615221
                      Function 01492AF0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0c31762d0cf89e481cfd23554b989fd35d0572f251c4f9986efb78159e92da05
                      • Instruction ID: 01a5e08dc4251f70d77dbb1ec282b4466a9604a95408d4a1c75849bbff8d92a6
                      • Opcode Fuzzy Hash: 0c31762d0cf89e481cfd23554b989fd35d0572f251c4f9986efb78159e92da05
                      • Instruction Fuzzy Hash: 34900265721401020145B598061450B0445E7F63523D6C016F1416591CC73189655321
                      Function 01492AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e929a68a5af871543ebd7bff81c8b3a7c24029bde2053a1099513f9ecde2d0c6
                      • Instruction ID: 40d364a53891189610a6c52aa2be3b23573937bf5cbaf2034ecb7d72f85a93f8
                      • Opcode Fuzzy Hash: e929a68a5af871543ebd7bff81c8b3a7c24029bde2053a1099513f9ecde2d0c6
                      • Instruction Fuzzy Hash: E99002E1701541924500B2988414B0A4505D7F0202B96C017E1054561CC63589519235
                      Function 01492D00 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4fe0d62c3bd08ff4389878e890571adfd2fe8dbc3cf0d1bff50e0d143b016921
                      • Instruction ID: 81ee6c73e3b972f9c92f9dd1aab706aae5e0fb896c418a59d1c45afec41ceba9
                      • Opcode Fuzzy Hash: 4fe0d62c3bd08ff4389878e890571adfd2fe8dbc3cf0d1bff50e0d143b016921
                      • Instruction Fuzzy Hash: 7290026170544542D10075985418A060005D7F0206F96D012A1064596DC7358951A231
                      Function 01492D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e62ed1392f3988701157f6e83ef0b0c3539abf107240a6c1e2c64bfef7f5c478
                      • Instruction ID: 1e8535d12770ca5bf595089fc4d3bdf8d109bd88c0a42223b721cf184b2b74ef
                      • Opcode Fuzzy Hash: e62ed1392f3988701157f6e83ef0b0c3539abf107240a6c1e2c64bfef7f5c478
                      • Instruction Fuzzy Hash: 1D90026971340102D1807198541860A0005D7F1203FD6D416A0015559CCA2589695321
                      Function 01492D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 98088d0795cf2f084330e5d27a421e11bc55a2eb01b5a09ad7971b5c342ad7be
                      • Instruction ID: f1263174403cceaaddc3429a215cf62437d440096cf144d96a5b7032c8abea5c
                      • Opcode Fuzzy Hash: 98088d0795cf2f084330e5d27a421e11bc55a2eb01b5a09ad7971b5c342ad7be
                      • Instruction Fuzzy Hash: 8C90026170140103D140719854286064005E7F1302F96D012E0414555CDA2589565322
                      Function 01492DD0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 29a2d9a53279541fd270573ca3c1014c9e5be273a03fade74a328b12bebbe251
                      • Instruction ID: 909af83a47e84992de757a2770193568f3a0446120a05f510ab4683c1a05d90e
                      • Opcode Fuzzy Hash: 29a2d9a53279541fd270573ca3c1014c9e5be273a03fade74a328b12bebbe251
                      • Instruction Fuzzy Hash: 04900261742442525545B19844145074006E7F02427D6C013A1414951CC6369956D721
                      Function 01492DB0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1148244293c0de2551412866b01111b40fab46b415b3355e907ecf1dac1327b5
                      • Instruction ID: 858047c53b809764f823c0fb1eb42998e526cbf0308166b515c290c9ed46f30d
                      • Opcode Fuzzy Hash: 1148244293c0de2551412866b01111b40fab46b415b3355e907ecf1dac1327b5
                      • Instruction Fuzzy Hash: 8490027174140502D141719844146060009E7F0242FD6C013A0424555EC7658B56AB61
                      Function 01492C60 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cbf2667a192d79ed8d6ab7b8c926c95fa0e32f3e301f84f4db2971ac95bfb464
                      • Instruction ID: ef2395f7543f3bf94f4f921256cfb19c199e84b0969347c4cc76f67372ed3bb3
                      • Opcode Fuzzy Hash: cbf2667a192d79ed8d6ab7b8c926c95fa0e32f3e301f84f4db2971ac95bfb464
                      • Instruction Fuzzy Hash: A090027170140942D10071984414B460005D7F0302F96C017A0124655DC725C9517621
                      Function 01492CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 02b6089761da515acceae1b6aacb5ae1b4a9cd64711e4f7e17aa7e0d26cb4837
                      • Instruction ID: fd4b5ce407a552b6e8d510e4c4ff728429f3347bf7c487ceb4c9fde333753ae0
                      • Opcode Fuzzy Hash: 02b6089761da515acceae1b6aacb5ae1b4a9cd64711e4f7e17aa7e0d26cb4837
                      • Instruction Fuzzy Hash: 65900261B0540502D140719854287060015D7F0202F96D012A0024555DC7698B5567A1
                      Function 01492CF0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bbdbf8617276a1b677c84a21a259b9b07a98f1a501c5c307bb5b46c712f6c05f
                      • Instruction ID: aca26a6041b816cd1dd7be8a52f67ba07194858352ddeedd16f067ea013a143d
                      • Opcode Fuzzy Hash: bbdbf8617276a1b677c84a21a259b9b07a98f1a501c5c307bb5b46c712f6c05f
                      • Instruction Fuzzy Hash: 7590027170140503D100719855187070005D7F0202F96D412A0424559DD76689516221
                      Function 01492CA0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d644b3923389e1cce29c1b931fe93af4a666ce54f84e50551872d6afa932b691
                      • Instruction ID: dee7974523984d21f896dcd061df7cbb10a399444a8d42a9ae316aa6e6d72ea8
                      • Opcode Fuzzy Hash: d644b3923389e1cce29c1b931fe93af4a666ce54f84e50551872d6afa932b691
                      • Instruction Fuzzy Hash: 0090027170140502D10075D854186460005D7F0302F96D012A5024556EC77589916231
                      Function 01492F60 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 49f8df44dfa5c3ecef93017e024f77a82192ec2efddf5ab9c4354ae2b0f76eaa
                      • Instruction ID: cd36bb1672c13d7526e0e196904bfd4f75beb4a89e522625d16e83b3eb94eaf2
                      • Opcode Fuzzy Hash: 49f8df44dfa5c3ecef93017e024f77a82192ec2efddf5ab9c4354ae2b0f76eaa
                      • Instruction Fuzzy Hash: 5E9002A171140142D104719844147060045D7F1202F96C013A2154555CC6398D615225
                      Function 01492F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7fe1a89df56450e3d43a1af25608095ceea2609ae4f2c552dab6b763b526948f
                      • Instruction ID: a5bfa4107b570d0e533e18cca60e05dbfe438e235b0677b1715c6df1d891443b
                      • Opcode Fuzzy Hash: 7fe1a89df56450e3d43a1af25608095ceea2609ae4f2c552dab6b763b526948f
                      • Instruction Fuzzy Hash: 6D9002A174140542D10071984424B060005D7F1302F96C016E1064555DC729CD526226
                      Function 01492FE0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4aba9ff4159a87a364d68bfba6eaa859beb12041742aee25dee8f10d42f9f1bd
                      • Instruction ID: 27b9f215cd50cc8728b906d044d237e63b6d64371785ed326d0f0891708c2327
                      • Opcode Fuzzy Hash: 4aba9ff4159a87a364d68bfba6eaa859beb12041742aee25dee8f10d42f9f1bd
                      • Instruction Fuzzy Hash: 8D900261711C0142D20075A84C24B070005D7F0303F96C116A0154555CCA2589615621
                      Function 01492F90 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 68dcd7403567a53fde573ade1348b0ab0f7005bb8b286e04a692c52d3df5ce86
                      • Instruction ID: d5fa5941de1404f273310fe5d7db4ddd01955d4fb76b655a6946000661d53203
                      • Opcode Fuzzy Hash: 68dcd7403567a53fde573ade1348b0ab0f7005bb8b286e04a692c52d3df5ce86
                      • Instruction Fuzzy Hash: E190027170180502D1007198482470B0005D7F0303F96C012A1164556DC73589516671
                      Function 01492FA0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1c73a512bb882aadaa0cbaabe513c00e3a9565b0d0252af5816445c2715370bb
                      • Instruction ID: 0d7292b67998e53f65d69ea8557991bf9c197b7a1ecc677ca2fe898dcca5a32e
                      • Opcode Fuzzy Hash: 1c73a512bb882aadaa0cbaabe513c00e3a9565b0d0252af5816445c2715370bb
                      • Instruction Fuzzy Hash: E590027170180502D100719848187470005D7F0303F96C012A5164556EC775C9916631
                      Function 01492FB0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6b46a7dd5ac5c6cb24b8150a6a10092f62cbdf23f4279628030cc5849d4b06f8
                      • Instruction ID: 3525f091d643b0dea68586645d89c792eeb6034d86dd2f130942750240f8be2e
                      • Opcode Fuzzy Hash: 6b46a7dd5ac5c6cb24b8150a6a10092f62cbdf23f4279628030cc5849d4b06f8
                      • Instruction Fuzzy Hash: 0D900261B0140142414071A888549064005FBF1212796C122A0998551DC66989655765
                      Function 01492E30 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d3a60b21d26eeff85bcb724085546bf71846b541d7e86898377341166c94c114
                      • Instruction ID: 11744b2f99d049d3b53fdfc73a6d4a11f3b0b35cb2c944459d8d15cd2c020648
                      • Opcode Fuzzy Hash: d3a60b21d26eeff85bcb724085546bf71846b541d7e86898377341166c94c114
                      • Instruction Fuzzy Hash: B190026170140502D102719844246060009D7F1346FD6C013E1424556DC7358A53A232
                      Function 01492EE0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6866a12f5176a8316dee3fbbb7034dfd61c30aaaae935bf08e6f558ddd27b36f
                      • Instruction ID: 609aa1be5db8575b174d83f7b7f27e6cc0ccfa5379c087d0eb9e408bfc9b1f05
                      • Opcode Fuzzy Hash: 6866a12f5176a8316dee3fbbb7034dfd61c30aaaae935bf08e6f558ddd27b36f
                      • Instruction Fuzzy Hash: 759002A170180503D140759848146070005D7F0303F96C012A2064556ECB398D516235
                      Function 01492E80 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f1d5c1957b89ac639f0296d826f790af975d2b44de240853c67838db2a119ffd
                      • Instruction ID: 34770c3b0affa20712222ca7de65f24c2677ff3a4db427c56b571f5943b343f9
                      • Opcode Fuzzy Hash: f1d5c1957b89ac639f0296d826f790af975d2b44de240853c67838db2a119ffd
                      • Instruction Fuzzy Hash: E3900261B0140602D10171984414616000AD7F0242FD6C023A1024556ECB358A92A231
                      Function 01492EA0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 107e3f1dafa1f5e1b0b99bcd7cc8e0cbd266d2c3f23999415aa3ecd4240bce0d
                      • Instruction ID: 8579face46b0b17957219d6ca740a3a83d12b49bad80cbba2a137a8bdb39c59e
                      • Opcode Fuzzy Hash: 107e3f1dafa1f5e1b0b99bcd7cc8e0cbd266d2c3f23999415aa3ecd4240bce0d
                      • Instruction Fuzzy Hash: 389002B170140502D140719844147460005D7F0302F96C012A5064555EC7698ED56765
                      Function 01493010 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fea742c2681d3df5548c92678dfdd978f697ed8b31e11440c9db7075e3b16c3a
                      • Instruction ID: 8873e1025716825b4911d4ce021195e4980375647b9aa3b6b51b390666338222
                      • Opcode Fuzzy Hash: fea742c2681d3df5548c92678dfdd978f697ed8b31e11440c9db7075e3b16c3a
                      • Instruction Fuzzy Hash: B590026170184542D14072984814B0F4105D7F1203FD6C01AA4156555CCA2589555721
                      Function 01493090 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4422d776cef5faaecdbe25cc36b67c7add257dce4ea65412a2d54b9b539f303e
                      • Instruction ID: a9e9a1484c51d46a4ff34d34406c958484e8cf567a96c21c48c79392f026cbb3
                      • Opcode Fuzzy Hash: 4422d776cef5faaecdbe25cc36b67c7add257dce4ea65412a2d54b9b539f303e
                      • Instruction Fuzzy Hash: 6E90026174140902D140719884247070006D7F0602F96C012A0024555DC7268A6567B1
                      Function 014939B0 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d80a7bec15992e516d1267299506ba36900592b8dfefce4f56ff64bb5a16ad7f
                      • Instruction ID: b3cb7a6c2e77995684d8f5d91f728d02ab7293b11e6a5fb9cbdf2125f0c97ce5
                      • Opcode Fuzzy Hash: d80a7bec15992e516d1267299506ba36900592b8dfefce4f56ff64bb5a16ad7f
                      • Instruction Fuzzy Hash: 9590026174545202D150719C44146164005F7F0202F96C022A0814595DC66589556321
                      Function 01493D70 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c4dba716caf5465d93c1a3d7eeb35c6324a3ce87d385d3d8742089caafe6869e
                      • Instruction ID: badcacf41342af77f7d41d273a00ae0a70d9019b352b657621b2abf84b866d16
                      • Opcode Fuzzy Hash: c4dba716caf5465d93c1a3d7eeb35c6324a3ce87d385d3d8742089caafe6869e
                      • Instruction Fuzzy Hash: 3C90027570140502D510719858146460046D7F0302F96D412A0424559DC76489A1A221
                      Function 01493D10 Relevance: .0, Instructions: 4COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5e8bd7db33877e0a2a9875c91dfba53f7a61c62e491ae3301835143a5465b0ba
                      • Instruction ID: 95e655a12bd527aafbe8b9c4c199ead7b8b3a91c64b60e3eb17baf17a05a4ec6
                      • Opcode Fuzzy Hash: 5e8bd7db33877e0a2a9875c91dfba53f7a61c62e491ae3301835143a5465b0ba
                      • Instruction Fuzzy Hash: 1590027170240242954072985814A4E4105D7F1303BD6D416A0015555CCA2489615321
                      Function 01492C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                      • Instruction ID: 62df735e50ffbd65ab8ae71135fd5760656fb03d914101c3c00f2803dbc8885b
                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                      • Instruction Fuzzy Hash:
                      Function 01492890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                      • API String ID: 48624451-2108815105
                      • Opcode ID: b6f4c33e81fca075e1ddaaf5158087c3b01895cb9a439ea3cab724141f859c64
                      • Instruction ID: d484fc7999ec1b4bb5ae969cc3804231dd5c87084f21b37839be3532af1f6184
                      • Opcode Fuzzy Hash: b6f4c33e81fca075e1ddaaf5158087c3b01895cb9a439ea3cab724141f859c64
                      • Instruction Fuzzy Hash: 6D51D3A6A0411ABFDF11DB9D888097EFBB8BB18640764C22FE4A5D7651E374DE4087A0
                      Function 01502410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                      • API String ID: 48624451-2108815105
                      • Opcode ID: 56e0c483a55911315bf27ab936ceb9d8d1095301db0c19e216870d5bec53ac2c
                      • Instruction ID: 237db0c5f92e352e252d7f753ad4cba9b7f000e07bcbebcfc1098160abfd1fca
                      • Opcode Fuzzy Hash: 56e0c483a55911315bf27ab936ceb9d8d1095301db0c19e216870d5bec53ac2c
                      • Instruction Fuzzy Hash: 50510571A00646AFDF32DEDDC89487EBBF8FB44204F44885AE4D6DB681EA75DA008760
                      Function 01487630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                      Download Yara Rule
                      Strings
                      • Execute=1, xrefs: 014C4713
                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 014C4725
                      • ExecuteOptions, xrefs: 014C46A0
                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 014C4787
                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014C46FC
                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 014C4655
                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 014C4742
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                      • API String ID: 0-484625025
                      • Opcode ID: 5e55db71464e29a3278fcb6d596bd26d2a5185a515ce3b4326fff8b7a117bea4
                      • Instruction ID: 13ba9efd9f9f4af0539e6ec288c0ca4fc7a108b3887dcddb3c5ee2c1481b2f0d
                      • Opcode Fuzzy Hash: 5e55db71464e29a3278fcb6d596bd26d2a5185a515ce3b4326fff8b7a117bea4
                      • Instruction Fuzzy Hash: 325171356002097BEF20BBA5DCA5FAE3BA8EF54715F28009FD509A72B0D7719A46CF50
                      Function 01526940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                      • Instruction ID: 14eab879aa5d801ac683ba9f52d3ea0c28f63009e6a1854d2997af795a3e489d
                      • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                      • Instruction Fuzzy Hash: 51021272608352AFD705DF19C490A6EBBE5FFD9700F00892DF9994B2A4DB31E905CB52
                      Function 0149B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: __aulldvrm
                      • String ID: +$-$0$0
                      • API String ID: 1302938615-699404926
                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                      • Instruction ID: b46a20d253740b0a787cc83f25634115b5d57b110c95532b55cb41498b0bac73
                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                      • Instruction Fuzzy Hash: 1A81A070E052499EEF25CE6CE891FFEBFA1EF45320F18425BD855A73A1C63498418B92
                      Function 015020E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: %%%u$[$]:%u
                      • API String ID: 48624451-2819853543
                      • Opcode ID: e2be7e0d282567891b4ed8382919137c51e541d6efbddc3828b63ec8f3c3ba61
                      • Instruction ID: 50ad3cc1a37035af1e00afc98b121ee0a9623da8d66670b67b5dbbf71debca27
                      • Opcode Fuzzy Hash: e2be7e0d282567891b4ed8382919137c51e541d6efbddc3828b63ec8f3c3ba61
                      • Instruction Fuzzy Hash: D421747AE00119ABDB11DFB9DC44AFEBBF8FF68644F45011AE915E7240E730D9058BA1
                      Function 0147F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                      Download Yara Rule
                      Strings
                      • RTL: Re-Waiting, xrefs: 014C031E
                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014C02E7
                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014C02BD
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                      • API String ID: 0-2474120054
                      • Opcode ID: e1fed0648de355802bd0bac579f8ad9e45c0a6a4c8bc93e9e467cc3f973c0455
                      • Instruction ID: 85bd15ed976c9e4c39c536e41fca8f875d98670d931041ea311d8f267f817e85
                      • Opcode Fuzzy Hash: e1fed0648de355802bd0bac579f8ad9e45c0a6a4c8bc93e9e467cc3f973c0455
                      • Instruction Fuzzy Hash: A6E18B34604742DFD725CF28C884B6ABBE1AB84714F140A1EF5A58B3B1D774D94ACB42
                      Function 0148BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                      Download Yara Rule
                      Strings
                      • RTL: Re-Waiting, xrefs: 014C7BAC
                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 014C7B7F
                      • RTL: Resource at %p, xrefs: 014C7B8E
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                      • API String ID: 0-871070163
                      • Opcode ID: a2f2d2e88a46d3d63dbf671fddb613b33761b3964a2c6b0f578ba10d1e9d2f0f
                      • Instruction ID: a2d71c2113955ef49fdbbee03b8281ef96d2b13dd11e9776227ea6a58c64c824
                      • Opcode Fuzzy Hash: a2f2d2e88a46d3d63dbf671fddb613b33761b3964a2c6b0f578ba10d1e9d2f0f
                      • Instruction Fuzzy Hash: EC4103353007029FD721DE29C850B2BB7E5EB98721F100A1FFA56D77A0DB31E4058B91
                      Function 0148B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                      Download Yara Rule
                      APIs
                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014C728C
                      Strings
                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 014C7294
                      • RTL: Re-Waiting, xrefs: 014C72C1
                      • RTL: Resource at %p, xrefs: 014C72A3
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                      • API String ID: 885266447-605551621
                      • Opcode ID: 05f97e27718808da0e20d6e130bdfb6c166d88618ff5d0f18efede53dde86351
                      • Instruction ID: 1e076b1c65554cd3bc9a7e84ab7aa3486feacb167f33349e4040fbcbbae9bdac
                      • Opcode Fuzzy Hash: 05f97e27718808da0e20d6e130bdfb6c166d88618ff5d0f18efede53dde86351
                      • Instruction Fuzzy Hash: BF41F435740602AFDB20DF2ACC41B6AB7A5FBA4B11F14061EF9559B360DB31F8468BD1
                      Function 01502300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: ___swprintf_l
                      • String ID: %%%u$]:%u
                      • API String ID: 48624451-3050659472
                      • Opcode ID: fb1d16efe34dc522490ea1bc9bf8ea3ec93a5a0581155f375dc73d266aca2442
                      • Instruction ID: ceeb5d07ee90efd3e8ea4384edccee05cad190aed182e10c1de236a0c3f8eca6
                      • Opcode Fuzzy Hash: fb1d16efe34dc522490ea1bc9bf8ea3ec93a5a0581155f375dc73d266aca2442
                      • Instruction Fuzzy Hash: 5D319872A002199FDB21DF6DCC44BEEB7F8FF54610F55455AE949E7280EB30DA448BA0
                      Function 01497D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID: __aulldvrm
                      • String ID: +$-
                      • API String ID: 1302938615-2137968064
                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                      • Instruction ID: 16fb851ac65fd6001d1a594101dccb03b50ac86c48e936fcd8b0cc1c61bc2973
                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                      • Instruction Fuzzy Hash: 5191B271E5020A9AEF24CF6DC891ABFBFA1AF44722F14461BE955A73E4D73089418F11
                      Function 01459126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.1872945700.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_1420000_WF2DL1l7E8.jbxd
                      Similarity
                      • API ID:
                      • String ID: $$@
                      • API String ID: 0-1194432280
                      • Opcode ID: 3d3f00d733be4e5f273f3448171b25acc3439b84cebcfb08ff6cc747251df61f
                      • Instruction ID: 5f393cf37a0b8945446f1b12b54370565d0cd5977a7f450d36be3b154d0295d5
                      • Opcode Fuzzy Hash: 3d3f00d733be4e5f273f3448171b25acc3439b84cebcfb08ff6cc747251df61f
                      • Instruction Fuzzy Hash: C38119B5D002699BDB31CB54CC44BEEBAB8AB18754F0441EBEA1DB7250D7709E85CFA0