Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wN7EPNiHSM.exe

Overview

General Information

Sample name:wN7EPNiHSM.exe
renamed because original name is a hash value
Original sample name:fcebb7294aba738107afce200d17aa674b8bfe835351750ca6ad01ba55174f00.exe
Analysis ID:1587724
MD5:4e8944d70c0b6ade6eafea2d95434873
SHA1:97b3b6c541a8685a3d4df1f2e7462eb6be42b0b2
SHA256:fcebb7294aba738107afce200d17aa674b8bfe835351750ca6ad01ba55174f00
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • wN7EPNiHSM.exe (PID: 7900 cmdline: "C:\Users\user\Desktop\wN7EPNiHSM.exe" MD5: 4E8944D70C0B6ADE6EAFEA2D95434873)
    • wN7EPNiHSM.exe (PID: 8048 cmdline: "C:\Users\user\Desktop\wN7EPNiHSM.exe" MD5: 4E8944D70C0B6ADE6EAFEA2D95434873)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1992586361.0000000001580000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Process Memory Space: wN7EPNiHSM.exe PID: 7900JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.wN7EPNiHSM.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.wN7EPNiHSM.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: wN7EPNiHSM.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: wN7EPNiHSM.exeVirustotal: Detection: 84%Perma Link
            Source: wN7EPNiHSM.exeReversingLabs: Detection: 84%
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.wN7EPNiHSM.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.wN7EPNiHSM.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1992586361.0000000001580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: wN7EPNiHSM.exeJoe Sandbox ML: detected
            Source: wN7EPNiHSM.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: wN7EPNiHSM.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: wN7EPNiHSM.exe, 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: wN7EPNiHSM.exe, wN7EPNiHSM.exe, 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.wN7EPNiHSM.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.wN7EPNiHSM.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1992586361.0000000001580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0042C8E3 NtClose,3_2_0042C8E3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0040AA86 NtAllocateVirtualMemory,3_2_0040AA86
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_016C2DF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_016C2C70
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C35C0 NtCreateMutant,LdrInitializeThunk,3_2_016C35C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C4340 NtSetContextThread,3_2_016C4340
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C4650 NtSuspendThread,3_2_016C4650
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2B60 NtClose,3_2_016C2B60
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2BE0 NtQueryValueKey,3_2_016C2BE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2BF0 NtAllocateVirtualMemory,3_2_016C2BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2BA0 NtEnumerateValueKey,3_2_016C2BA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2B80 NtQueryInformationFile,3_2_016C2B80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2AF0 NtWriteFile,3_2_016C2AF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2AD0 NtReadFile,3_2_016C2AD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2AB0 NtWaitForSingleObject,3_2_016C2AB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2D30 NtUnmapViewOfSection,3_2_016C2D30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2D00 NtSetInformationFile,3_2_016C2D00
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2D10 NtMapViewOfSection,3_2_016C2D10
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2DD0 NtDelayExecution,3_2_016C2DD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2DB0 NtEnumerateKey,3_2_016C2DB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2C60 NtCreateKey,3_2_016C2C60
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2C00 NtQueryInformationProcess,3_2_016C2C00
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2CF0 NtOpenProcess,3_2_016C2CF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2CC0 NtQueryVirtualMemory,3_2_016C2CC0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2CA0 NtQueryInformationToken,3_2_016C2CA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2F60 NtCreateProcessEx,3_2_016C2F60
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2F30 NtCreateSection,3_2_016C2F30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2FE0 NtCreateFile,3_2_016C2FE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2FA0 NtQuerySection,3_2_016C2FA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2FB0 NtResumeThread,3_2_016C2FB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2F90 NtProtectVirtualMemory,3_2_016C2F90
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2E30 NtWriteVirtualMemory,3_2_016C2E30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2EE0 NtQueueApcThread,3_2_016C2EE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2EA0 NtAdjustPrivilegesToken,3_2_016C2EA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2E80 NtReadVirtualMemory,3_2_016C2E80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C3010 NtOpenDirectoryObject,3_2_016C3010
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C3090 NtSetValueKey,3_2_016C3090
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C39B0 NtGetContextThread,3_2_016C39B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C3D70 NtOpenThread,3_2_016C3D70
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C3D10 NtOpenProcessToken,3_2_016C3D10
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_014370220_2_01437022
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_055CA4E00_2_055CA4E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_055CA4D00_2_055CA4D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_055C9F300_2_055C9F30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_055C9F200_2_055C9F20
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_07401DE80_2_07401DE8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_0740CDF00_2_0740CDF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_074049480_2_07404948
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004030003_2_00403000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004100133_2_00410013
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004169DF3_2_004169DF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004169E33_2_004169E3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0040E2133_2_0040E213
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004102333_2_00410233
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004012803_2_00401280
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0040E3583_2_0040E358
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0040E3633_2_0040E363
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004023103_2_00402310
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004024FE3_2_004024FE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004025003_2_00402500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0042EEF33_2_0042EEF3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017181583_2_01718158
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016801003_2_01680100
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172A1183_2_0172A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017481CC3_2_017481CC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017441A23_2_017441A2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017501AA3_2_017501AA
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017220003_2_01722000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174A3523_2_0174A352
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017503E63_2_017503E6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169E3F03_2_0169E3F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017302743_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017102C03_2_017102C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016905353_2_01690535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017505913_2_01750591
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017424463_2_01742446
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017344203_2_01734420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173E4F63_2_0173E4F6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016907703_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B47503_2_016B4750
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168C7C03_2_0168C7C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AC6E03_2_016AC6E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A69623_2_016A6962
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A03_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0175A9A63_2_0175A9A6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169A8403_2_0169A840
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016928403_2_01692840
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE8F03_2_016BE8F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016768B83_2_016768B8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174AB403_2_0174AB40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01746BD73_2_01746BD7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA803_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169AD003_2_0169AD00
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172CD1F3_2_0172CD1F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168ADE03_2_0168ADE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A8DBF3_2_016A8DBF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690C003_2_01690C00
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680CF23_2_01680CF2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730CB53_2_01730CB5
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01704F403_2_01704F40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01732F303_2_01732F30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016D2F283_2_016D2F28
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B0F303_2_016B0F30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169CFE03_2_0169CFE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01682FC83_2_01682FC8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170EFA03_2_0170EFA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690E593_2_01690E59
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174EE263_2_0174EE26
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174EEDB3_2_0174EEDB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174CE933_2_0174CE93
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A2E903_2_016A2E90
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C516C3_2_016C516C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167F1723_2_0167F172
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0175B16B3_2_0175B16B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169B1B03_2_0169B1B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174F0E03_2_0174F0E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017470E93_2_017470E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016970C03_2_016970C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173F0CC3_2_0173F0CC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167D34C3_2_0167D34C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174132D3_2_0174132D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016D739A3_2_016D739A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017312ED3_2_017312ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AB2C03_2_016AB2C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016952A03_2_016952A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017475713_2_01747571
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172D5B03_2_0172D5B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016814603_2_01681460
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174F43F3_2_0174F43F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174F7B03_2_0174F7B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016D56303_2_016D5630
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017416CC3_2_017416CC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016999503_2_01699950
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AB9503_2_016AB950
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017259103_2_01725910
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FD8003_2_016FD800
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016938E03_2_016938E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174FB763_2_0174FB76
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01705BF03_2_01705BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016CDBF93_2_016CDBF9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AFB803_2_016AFB80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01703A6C3_2_01703A6C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01747A463_2_01747A46
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174FA493_2_0174FA49
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173DAC63_2_0173DAC6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016D5AA03_2_016D5AA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01731AA33_2_01731AA3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172DAAC3_2_0172DAAC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01747D733_2_01747D73
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01693D403_2_01693D40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01741D5A3_2_01741D5A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AFDC03_2_016AFDC0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01709C323_2_01709C32
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174FCF23_2_0174FCF2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174FF093_2_0174FF09
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174FFB13_2_0174FFB1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01691F923_2_01691F92
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01699EB03_2_01699EB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 0167B970 appears 280 times
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 016D7E54 appears 103 times
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 016FEA12 appears 86 times
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 0170F290 appears 105 times
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 016C5130 appears 58 times
            Source: wN7EPNiHSM.exe, 00000000.00000002.1408987087.00000000058D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1409783160.0000000007460000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1405626318.00000000040A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1389442632.00000000030E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1388101343.00000000011DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000000.1374193805.0000000000C42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTdjI.exe" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1405626318.00000000040F8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000003.00000002.1992934707.000000000177D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exeBinary or memory string: OriginalFilenameTdjI.exe" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: wN7EPNiHSM.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal80.troj.evad.winEXE@3/1@0/0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wN7EPNiHSM.exe.logJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMutant created: NULL
            Source: wN7EPNiHSM.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: wN7EPNiHSM.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: wN7EPNiHSM.exeVirustotal: Detection: 84%
            Source: wN7EPNiHSM.exeReversingLabs: Detection: 84%
            Source: unknownProcess created: C:\Users\user\Desktop\wN7EPNiHSM.exe "C:\Users\user\Desktop\wN7EPNiHSM.exe"
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess created: C:\Users\user\Desktop\wN7EPNiHSM.exe "C:\Users\user\Desktop\wN7EPNiHSM.exe"
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess created: C:\Users\user\Desktop\wN7EPNiHSM.exe "C:\Users\user\Desktop\wN7EPNiHSM.exe"Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: wN7EPNiHSM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: wN7EPNiHSM.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: wN7EPNiHSM.exe, 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: wN7EPNiHSM.exe, wN7EPNiHSM.exe, 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_055C56F8 push esp; retf 0_2_055C56F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_004050EB push eax; ret 3_2_004050F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_00403270 push eax; ret 3_2_00403272
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0041F2E5 push ds; iretd 3_2_0041F320
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0041737C push FFFFFFD1h; iretd 3_2_0041739D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_00415C43 push esi; iretd 3_2_00415C4E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_00414447 push ebp; retf 3_2_00414448
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_00414561 push edx; ret 3_2_00414568
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_00413523 push es; retf 3_2_00413605
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_00404E88 push 87AF7CBCh; retf 3_2_00404E96
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_00404F63 push edi; retf 3_2_00404F64
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_00416782 push ds; iretd 3_2_00416785
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0040179F push edi; retf 3_2_004017A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016809AD push ecx; mov dword ptr [esp], ecx3_2_016809B6
            Source: wN7EPNiHSM.exeStatic PE information: section name: .text entropy: 7.555536758399242
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: wN7EPNiHSM.exe PID: 7900, type: MEMORYSTR
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 1430000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 2E60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 9360000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 7C00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: A360000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: B360000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C096E rdtsc 3_2_016C096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeAPI coverage: 0.6 %
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exe TID: 7920Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exe TID: 8052Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C096E rdtsc 3_2_016C096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_00417973 LdrLoadDll,3_2_00417973
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754164 mov eax, dword ptr fs:[00000030h]3_2_01754164
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754164 mov eax, dword ptr fs:[00000030h]3_2_01754164
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01718158 mov eax, dword ptr fs:[00000030h]3_2_01718158
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167C156 mov eax, dword ptr fs:[00000030h]3_2_0167C156
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01714144 mov eax, dword ptr fs:[00000030h]3_2_01714144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01714144 mov eax, dword ptr fs:[00000030h]3_2_01714144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01714144 mov ecx, dword ptr fs:[00000030h]3_2_01714144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01714144 mov eax, dword ptr fs:[00000030h]3_2_01714144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01714144 mov eax, dword ptr fs:[00000030h]3_2_01714144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686154 mov eax, dword ptr fs:[00000030h]3_2_01686154
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686154 mov eax, dword ptr fs:[00000030h]3_2_01686154
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B0124 mov eax, dword ptr fs:[00000030h]3_2_016B0124
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01740115 mov eax, dword ptr fs:[00000030h]3_2_01740115
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172A118 mov ecx, dword ptr fs:[00000030h]3_2_0172A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172A118 mov eax, dword ptr fs:[00000030h]3_2_0172A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172A118 mov eax, dword ptr fs:[00000030h]3_2_0172A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172A118 mov eax, dword ptr fs:[00000030h]3_2_0172A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov eax, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov ecx, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov eax, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov eax, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov ecx, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov eax, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov eax, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov ecx, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov eax, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E10E mov ecx, dword ptr fs:[00000030h]3_2_0172E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017561E5 mov eax, dword ptr fs:[00000030h]3_2_017561E5
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B01F8 mov eax, dword ptr fs:[00000030h]3_2_016B01F8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017461C3 mov eax, dword ptr fs:[00000030h]3_2_017461C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017461C3 mov eax, dword ptr fs:[00000030h]3_2_017461C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE1D0 mov eax, dword ptr fs:[00000030h]3_2_016FE1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE1D0 mov eax, dword ptr fs:[00000030h]3_2_016FE1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE1D0 mov ecx, dword ptr fs:[00000030h]3_2_016FE1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE1D0 mov eax, dword ptr fs:[00000030h]3_2_016FE1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE1D0 mov eax, dword ptr fs:[00000030h]3_2_016FE1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C0185 mov eax, dword ptr fs:[00000030h]3_2_016C0185
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170019F mov eax, dword ptr fs:[00000030h]3_2_0170019F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170019F mov eax, dword ptr fs:[00000030h]3_2_0170019F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170019F mov eax, dword ptr fs:[00000030h]3_2_0170019F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170019F mov eax, dword ptr fs:[00000030h]3_2_0170019F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167A197 mov eax, dword ptr fs:[00000030h]3_2_0167A197
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167A197 mov eax, dword ptr fs:[00000030h]3_2_0167A197
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167A197 mov eax, dword ptr fs:[00000030h]3_2_0167A197
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01724180 mov eax, dword ptr fs:[00000030h]3_2_01724180
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01724180 mov eax, dword ptr fs:[00000030h]3_2_01724180
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173C188 mov eax, dword ptr fs:[00000030h]3_2_0173C188
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173C188 mov eax, dword ptr fs:[00000030h]3_2_0173C188
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AC073 mov eax, dword ptr fs:[00000030h]3_2_016AC073
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01706050 mov eax, dword ptr fs:[00000030h]3_2_01706050
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01682050 mov eax, dword ptr fs:[00000030h]3_2_01682050
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01716030 mov eax, dword ptr fs:[00000030h]3_2_01716030
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167A020 mov eax, dword ptr fs:[00000030h]3_2_0167A020
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167C020 mov eax, dword ptr fs:[00000030h]3_2_0167C020
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01704000 mov ecx, dword ptr fs:[00000030h]3_2_01704000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01722000 mov eax, dword ptr fs:[00000030h]3_2_01722000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01722000 mov eax, dword ptr fs:[00000030h]3_2_01722000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01722000 mov eax, dword ptr fs:[00000030h]3_2_01722000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01722000 mov eax, dword ptr fs:[00000030h]3_2_01722000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01722000 mov eax, dword ptr fs:[00000030h]3_2_01722000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01722000 mov eax, dword ptr fs:[00000030h]3_2_01722000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01722000 mov eax, dword ptr fs:[00000030h]3_2_01722000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01722000 mov eax, dword ptr fs:[00000030h]3_2_01722000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169E016 mov eax, dword ptr fs:[00000030h]3_2_0169E016
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169E016 mov eax, dword ptr fs:[00000030h]3_2_0169E016
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169E016 mov eax, dword ptr fs:[00000030h]3_2_0169E016
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169E016 mov eax, dword ptr fs:[00000030h]3_2_0169E016
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016880E9 mov eax, dword ptr fs:[00000030h]3_2_016880E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0167A0E3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017060E0 mov eax, dword ptr fs:[00000030h]3_2_017060E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167C0F0 mov eax, dword ptr fs:[00000030h]3_2_0167C0F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C20F0 mov ecx, dword ptr fs:[00000030h]3_2_016C20F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017020DE mov eax, dword ptr fs:[00000030h]3_2_017020DE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017460B8 mov eax, dword ptr fs:[00000030h]3_2_017460B8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017460B8 mov ecx, dword ptr fs:[00000030h]3_2_017460B8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017180A8 mov eax, dword ptr fs:[00000030h]3_2_017180A8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168208A mov eax, dword ptr fs:[00000030h]3_2_0168208A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172437C mov eax, dword ptr fs:[00000030h]3_2_0172437C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01728350 mov ecx, dword ptr fs:[00000030h]3_2_01728350
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174A352 mov eax, dword ptr fs:[00000030h]3_2_0174A352
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170035C mov eax, dword ptr fs:[00000030h]3_2_0170035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170035C mov eax, dword ptr fs:[00000030h]3_2_0170035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170035C mov eax, dword ptr fs:[00000030h]3_2_0170035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170035C mov ecx, dword ptr fs:[00000030h]3_2_0170035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170035C mov eax, dword ptr fs:[00000030h]3_2_0170035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170035C mov eax, dword ptr fs:[00000030h]3_2_0170035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01702349 mov eax, dword ptr fs:[00000030h]3_2_01702349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA30B mov eax, dword ptr fs:[00000030h]3_2_016BA30B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA30B mov eax, dword ptr fs:[00000030h]3_2_016BA30B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA30B mov eax, dword ptr fs:[00000030h]3_2_016BA30B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167C310 mov ecx, dword ptr fs:[00000030h]3_2_0167C310
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A0310 mov ecx, dword ptr fs:[00000030h]3_2_016A0310
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016903E9 mov eax, dword ptr fs:[00000030h]3_2_016903E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016903E9 mov eax, dword ptr fs:[00000030h]3_2_016903E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016903E9 mov eax, dword ptr fs:[00000030h]3_2_016903E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016903E9 mov eax, dword ptr fs:[00000030h]3_2_016903E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016903E9 mov eax, dword ptr fs:[00000030h]3_2_016903E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016903E9 mov eax, dword ptr fs:[00000030h]3_2_016903E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016903E9 mov eax, dword ptr fs:[00000030h]3_2_016903E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016903E9 mov eax, dword ptr fs:[00000030h]3_2_016903E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B63FF mov eax, dword ptr fs:[00000030h]3_2_016B63FF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169E3F0 mov eax, dword ptr fs:[00000030h]3_2_0169E3F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169E3F0 mov eax, dword ptr fs:[00000030h]3_2_0169E3F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169E3F0 mov eax, dword ptr fs:[00000030h]3_2_0169E3F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017243D4 mov eax, dword ptr fs:[00000030h]3_2_017243D4
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017243D4 mov eax, dword ptr fs:[00000030h]3_2_017243D4
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A3C0 mov eax, dword ptr fs:[00000030h]3_2_0168A3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A3C0 mov eax, dword ptr fs:[00000030h]3_2_0168A3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A3C0 mov eax, dword ptr fs:[00000030h]3_2_0168A3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A3C0 mov eax, dword ptr fs:[00000030h]3_2_0168A3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A3C0 mov eax, dword ptr fs:[00000030h]3_2_0168A3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A3C0 mov eax, dword ptr fs:[00000030h]3_2_0168A3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016883C0 mov eax, dword ptr fs:[00000030h]3_2_016883C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016883C0 mov eax, dword ptr fs:[00000030h]3_2_016883C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016883C0 mov eax, dword ptr fs:[00000030h]3_2_016883C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016883C0 mov eax, dword ptr fs:[00000030h]3_2_016883C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E3DB mov eax, dword ptr fs:[00000030h]3_2_0172E3DB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E3DB mov eax, dword ptr fs:[00000030h]3_2_0172E3DB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E3DB mov ecx, dword ptr fs:[00000030h]3_2_0172E3DB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172E3DB mov eax, dword ptr fs:[00000030h]3_2_0172E3DB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017063C0 mov eax, dword ptr fs:[00000030h]3_2_017063C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173C3CD mov eax, dword ptr fs:[00000030h]3_2_0173C3CD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A438F mov eax, dword ptr fs:[00000030h]3_2_016A438F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A438F mov eax, dword ptr fs:[00000030h]3_2_016A438F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167E388 mov eax, dword ptr fs:[00000030h]3_2_0167E388
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167E388 mov eax, dword ptr fs:[00000030h]3_2_0167E388
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167E388 mov eax, dword ptr fs:[00000030h]3_2_0167E388
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01678397 mov eax, dword ptr fs:[00000030h]3_2_01678397
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01678397 mov eax, dword ptr fs:[00000030h]3_2_01678397
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01678397 mov eax, dword ptr fs:[00000030h]3_2_01678397
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01730274 mov eax, dword ptr fs:[00000030h]3_2_01730274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01684260 mov eax, dword ptr fs:[00000030h]3_2_01684260
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01684260 mov eax, dword ptr fs:[00000030h]3_2_01684260
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01684260 mov eax, dword ptr fs:[00000030h]3_2_01684260
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167826B mov eax, dword ptr fs:[00000030h]3_2_0167826B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173A250 mov eax, dword ptr fs:[00000030h]3_2_0173A250
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173A250 mov eax, dword ptr fs:[00000030h]3_2_0173A250
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686259 mov eax, dword ptr fs:[00000030h]3_2_01686259
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01708243 mov eax, dword ptr fs:[00000030h]3_2_01708243
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01708243 mov ecx, dword ptr fs:[00000030h]3_2_01708243
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167A250 mov eax, dword ptr fs:[00000030h]3_2_0167A250
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167823B mov eax, dword ptr fs:[00000030h]3_2_0167823B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016902E1 mov eax, dword ptr fs:[00000030h]3_2_016902E1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016902E1 mov eax, dword ptr fs:[00000030h]3_2_016902E1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016902E1 mov eax, dword ptr fs:[00000030h]3_2_016902E1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A2C3 mov eax, dword ptr fs:[00000030h]3_2_0168A2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A2C3 mov eax, dword ptr fs:[00000030h]3_2_0168A2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A2C3 mov eax, dword ptr fs:[00000030h]3_2_0168A2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A2C3 mov eax, dword ptr fs:[00000030h]3_2_0168A2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A2C3 mov eax, dword ptr fs:[00000030h]3_2_0168A2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016902A0 mov eax, dword ptr fs:[00000030h]3_2_016902A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016902A0 mov eax, dword ptr fs:[00000030h]3_2_016902A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017162A0 mov eax, dword ptr fs:[00000030h]3_2_017162A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017162A0 mov ecx, dword ptr fs:[00000030h]3_2_017162A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017162A0 mov eax, dword ptr fs:[00000030h]3_2_017162A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017162A0 mov eax, dword ptr fs:[00000030h]3_2_017162A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017162A0 mov eax, dword ptr fs:[00000030h]3_2_017162A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017162A0 mov eax, dword ptr fs:[00000030h]3_2_017162A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE284 mov eax, dword ptr fs:[00000030h]3_2_016BE284
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE284 mov eax, dword ptr fs:[00000030h]3_2_016BE284
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01700283 mov eax, dword ptr fs:[00000030h]3_2_01700283
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01700283 mov eax, dword ptr fs:[00000030h]3_2_01700283
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01700283 mov eax, dword ptr fs:[00000030h]3_2_01700283
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B656A mov eax, dword ptr fs:[00000030h]3_2_016B656A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B656A mov eax, dword ptr fs:[00000030h]3_2_016B656A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B656A mov eax, dword ptr fs:[00000030h]3_2_016B656A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01688550 mov eax, dword ptr fs:[00000030h]3_2_01688550
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01688550 mov eax, dword ptr fs:[00000030h]3_2_01688550
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE53E mov eax, dword ptr fs:[00000030h]3_2_016AE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE53E mov eax, dword ptr fs:[00000030h]3_2_016AE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE53E mov eax, dword ptr fs:[00000030h]3_2_016AE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE53E mov eax, dword ptr fs:[00000030h]3_2_016AE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE53E mov eax, dword ptr fs:[00000030h]3_2_016AE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690535 mov eax, dword ptr fs:[00000030h]3_2_01690535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690535 mov eax, dword ptr fs:[00000030h]3_2_01690535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690535 mov eax, dword ptr fs:[00000030h]3_2_01690535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690535 mov eax, dword ptr fs:[00000030h]3_2_01690535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690535 mov eax, dword ptr fs:[00000030h]3_2_01690535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690535 mov eax, dword ptr fs:[00000030h]3_2_01690535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01716500 mov eax, dword ptr fs:[00000030h]3_2_01716500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754500 mov eax, dword ptr fs:[00000030h]3_2_01754500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754500 mov eax, dword ptr fs:[00000030h]3_2_01754500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754500 mov eax, dword ptr fs:[00000030h]3_2_01754500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754500 mov eax, dword ptr fs:[00000030h]3_2_01754500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754500 mov eax, dword ptr fs:[00000030h]3_2_01754500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754500 mov eax, dword ptr fs:[00000030h]3_2_01754500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754500 mov eax, dword ptr fs:[00000030h]3_2_01754500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BC5ED mov eax, dword ptr fs:[00000030h]3_2_016BC5ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BC5ED mov eax, dword ptr fs:[00000030h]3_2_016BC5ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016825E0 mov eax, dword ptr fs:[00000030h]3_2_016825E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE5E7 mov eax, dword ptr fs:[00000030h]3_2_016AE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE5E7 mov eax, dword ptr fs:[00000030h]3_2_016AE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE5E7 mov eax, dword ptr fs:[00000030h]3_2_016AE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE5E7 mov eax, dword ptr fs:[00000030h]3_2_016AE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE5E7 mov eax, dword ptr fs:[00000030h]3_2_016AE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE5E7 mov eax, dword ptr fs:[00000030h]3_2_016AE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE5E7 mov eax, dword ptr fs:[00000030h]3_2_016AE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE5E7 mov eax, dword ptr fs:[00000030h]3_2_016AE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE5CF mov eax, dword ptr fs:[00000030h]3_2_016BE5CF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE5CF mov eax, dword ptr fs:[00000030h]3_2_016BE5CF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016865D0 mov eax, dword ptr fs:[00000030h]3_2_016865D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA5D0 mov eax, dword ptr fs:[00000030h]3_2_016BA5D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA5D0 mov eax, dword ptr fs:[00000030h]3_2_016BA5D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017005A7 mov eax, dword ptr fs:[00000030h]3_2_017005A7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017005A7 mov eax, dword ptr fs:[00000030h]3_2_017005A7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017005A7 mov eax, dword ptr fs:[00000030h]3_2_017005A7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A45B1 mov eax, dword ptr fs:[00000030h]3_2_016A45B1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A45B1 mov eax, dword ptr fs:[00000030h]3_2_016A45B1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B4588 mov eax, dword ptr fs:[00000030h]3_2_016B4588
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01682582 mov eax, dword ptr fs:[00000030h]3_2_01682582
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01682582 mov ecx, dword ptr fs:[00000030h]3_2_01682582
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE59C mov eax, dword ptr fs:[00000030h]3_2_016BE59C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170C460 mov ecx, dword ptr fs:[00000030h]3_2_0170C460
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AA470 mov eax, dword ptr fs:[00000030h]3_2_016AA470
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AA470 mov eax, dword ptr fs:[00000030h]3_2_016AA470
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AA470 mov eax, dword ptr fs:[00000030h]3_2_016AA470
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173A456 mov eax, dword ptr fs:[00000030h]3_2_0173A456
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE443 mov eax, dword ptr fs:[00000030h]3_2_016BE443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE443 mov eax, dword ptr fs:[00000030h]3_2_016BE443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE443 mov eax, dword ptr fs:[00000030h]3_2_016BE443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE443 mov eax, dword ptr fs:[00000030h]3_2_016BE443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE443 mov eax, dword ptr fs:[00000030h]3_2_016BE443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE443 mov eax, dword ptr fs:[00000030h]3_2_016BE443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE443 mov eax, dword ptr fs:[00000030h]3_2_016BE443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BE443 mov eax, dword ptr fs:[00000030h]3_2_016BE443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A245A mov eax, dword ptr fs:[00000030h]3_2_016A245A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167645D mov eax, dword ptr fs:[00000030h]3_2_0167645D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167C427 mov eax, dword ptr fs:[00000030h]3_2_0167C427
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167E420 mov eax, dword ptr fs:[00000030h]3_2_0167E420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167E420 mov eax, dword ptr fs:[00000030h]3_2_0167E420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167E420 mov eax, dword ptr fs:[00000030h]3_2_0167E420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01706420 mov eax, dword ptr fs:[00000030h]3_2_01706420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01706420 mov eax, dword ptr fs:[00000030h]3_2_01706420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01706420 mov eax, dword ptr fs:[00000030h]3_2_01706420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01706420 mov eax, dword ptr fs:[00000030h]3_2_01706420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01706420 mov eax, dword ptr fs:[00000030h]3_2_01706420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01706420 mov eax, dword ptr fs:[00000030h]3_2_01706420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01706420 mov eax, dword ptr fs:[00000030h]3_2_01706420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA430 mov eax, dword ptr fs:[00000030h]3_2_016BA430
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B8402 mov eax, dword ptr fs:[00000030h]3_2_016B8402
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B8402 mov eax, dword ptr fs:[00000030h]3_2_016B8402
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B8402 mov eax, dword ptr fs:[00000030h]3_2_016B8402
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016804E5 mov ecx, dword ptr fs:[00000030h]3_2_016804E5
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170A4B0 mov eax, dword ptr fs:[00000030h]3_2_0170A4B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016864AB mov eax, dword ptr fs:[00000030h]3_2_016864AB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B44B0 mov ecx, dword ptr fs:[00000030h]3_2_016B44B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0173A49A mov eax, dword ptr fs:[00000030h]3_2_0173A49A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01688770 mov eax, dword ptr fs:[00000030h]3_2_01688770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690770 mov eax, dword ptr fs:[00000030h]3_2_01690770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01704755 mov eax, dword ptr fs:[00000030h]3_2_01704755
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B674D mov esi, dword ptr fs:[00000030h]3_2_016B674D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B674D mov eax, dword ptr fs:[00000030h]3_2_016B674D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B674D mov eax, dword ptr fs:[00000030h]3_2_016B674D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170E75D mov eax, dword ptr fs:[00000030h]3_2_0170E75D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680750 mov eax, dword ptr fs:[00000030h]3_2_01680750
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2750 mov eax, dword ptr fs:[00000030h]3_2_016C2750
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2750 mov eax, dword ptr fs:[00000030h]3_2_016C2750
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BC720 mov eax, dword ptr fs:[00000030h]3_2_016BC720
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BC720 mov eax, dword ptr fs:[00000030h]3_2_016BC720
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B273C mov eax, dword ptr fs:[00000030h]3_2_016B273C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B273C mov ecx, dword ptr fs:[00000030h]3_2_016B273C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B273C mov eax, dword ptr fs:[00000030h]3_2_016B273C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FC730 mov eax, dword ptr fs:[00000030h]3_2_016FC730
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BC700 mov eax, dword ptr fs:[00000030h]3_2_016BC700
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680710 mov eax, dword ptr fs:[00000030h]3_2_01680710
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B0710 mov eax, dword ptr fs:[00000030h]3_2_016B0710
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A27ED mov eax, dword ptr fs:[00000030h]3_2_016A27ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A27ED mov eax, dword ptr fs:[00000030h]3_2_016A27ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A27ED mov eax, dword ptr fs:[00000030h]3_2_016A27ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170E7E1 mov eax, dword ptr fs:[00000030h]3_2_0170E7E1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016847FB mov eax, dword ptr fs:[00000030h]3_2_016847FB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016847FB mov eax, dword ptr fs:[00000030h]3_2_016847FB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168C7C0 mov eax, dword ptr fs:[00000030h]3_2_0168C7C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017007C3 mov eax, dword ptr fs:[00000030h]3_2_017007C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016807AF mov eax, dword ptr fs:[00000030h]3_2_016807AF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017347A0 mov eax, dword ptr fs:[00000030h]3_2_017347A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172678E mov eax, dword ptr fs:[00000030h]3_2_0172678E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA660 mov eax, dword ptr fs:[00000030h]3_2_016BA660
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA660 mov eax, dword ptr fs:[00000030h]3_2_016BA660
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174866E mov eax, dword ptr fs:[00000030h]3_2_0174866E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174866E mov eax, dword ptr fs:[00000030h]3_2_0174866E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B2674 mov eax, dword ptr fs:[00000030h]3_2_016B2674
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169C640 mov eax, dword ptr fs:[00000030h]3_2_0169C640
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168262C mov eax, dword ptr fs:[00000030h]3_2_0168262C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B6620 mov eax, dword ptr fs:[00000030h]3_2_016B6620
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B8620 mov eax, dword ptr fs:[00000030h]3_2_016B8620
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0169E627 mov eax, dword ptr fs:[00000030h]3_2_0169E627
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE609 mov eax, dword ptr fs:[00000030h]3_2_016FE609
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C2619 mov eax, dword ptr fs:[00000030h]3_2_016C2619
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017006F1 mov eax, dword ptr fs:[00000030h]3_2_017006F1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017006F1 mov eax, dword ptr fs:[00000030h]3_2_017006F1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE6F2 mov eax, dword ptr fs:[00000030h]3_2_016FE6F2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE6F2 mov eax, dword ptr fs:[00000030h]3_2_016FE6F2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE6F2 mov eax, dword ptr fs:[00000030h]3_2_016FE6F2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE6F2 mov eax, dword ptr fs:[00000030h]3_2_016FE6F2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA6C7 mov ebx, dword ptr fs:[00000030h]3_2_016BA6C7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA6C7 mov eax, dword ptr fs:[00000030h]3_2_016BA6C7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BC6A6 mov eax, dword ptr fs:[00000030h]3_2_016BC6A6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B66B0 mov eax, dword ptr fs:[00000030h]3_2_016B66B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01684690 mov eax, dword ptr fs:[00000030h]3_2_01684690
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01684690 mov eax, dword ptr fs:[00000030h]3_2_01684690
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C096E mov eax, dword ptr fs:[00000030h]3_2_016C096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C096E mov edx, dword ptr fs:[00000030h]3_2_016C096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016C096E mov eax, dword ptr fs:[00000030h]3_2_016C096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A6962 mov eax, dword ptr fs:[00000030h]3_2_016A6962
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A6962 mov eax, dword ptr fs:[00000030h]3_2_016A6962
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A6962 mov eax, dword ptr fs:[00000030h]3_2_016A6962
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01724978 mov eax, dword ptr fs:[00000030h]3_2_01724978
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01724978 mov eax, dword ptr fs:[00000030h]3_2_01724978
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170C97C mov eax, dword ptr fs:[00000030h]3_2_0170C97C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754940 mov eax, dword ptr fs:[00000030h]3_2_01754940
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01700946 mov eax, dword ptr fs:[00000030h]3_2_01700946
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170892A mov eax, dword ptr fs:[00000030h]3_2_0170892A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0171892B mov eax, dword ptr fs:[00000030h]3_2_0171892B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170C912 mov eax, dword ptr fs:[00000030h]3_2_0170C912
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE908 mov eax, dword ptr fs:[00000030h]3_2_016FE908
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FE908 mov eax, dword ptr fs:[00000030h]3_2_016FE908
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01678918 mov eax, dword ptr fs:[00000030h]3_2_01678918
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01678918 mov eax, dword ptr fs:[00000030h]3_2_01678918
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170E9E0 mov eax, dword ptr fs:[00000030h]3_2_0170E9E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B29F9 mov eax, dword ptr fs:[00000030h]3_2_016B29F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B29F9 mov eax, dword ptr fs:[00000030h]3_2_016B29F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174A9D3 mov eax, dword ptr fs:[00000030h]3_2_0174A9D3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017169C0 mov eax, dword ptr fs:[00000030h]3_2_017169C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A9D0 mov eax, dword ptr fs:[00000030h]3_2_0168A9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A9D0 mov eax, dword ptr fs:[00000030h]3_2_0168A9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A9D0 mov eax, dword ptr fs:[00000030h]3_2_0168A9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A9D0 mov eax, dword ptr fs:[00000030h]3_2_0168A9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A9D0 mov eax, dword ptr fs:[00000030h]3_2_0168A9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168A9D0 mov eax, dword ptr fs:[00000030h]3_2_0168A9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B49D0 mov eax, dword ptr fs:[00000030h]3_2_016B49D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017089B3 mov esi, dword ptr fs:[00000030h]3_2_017089B3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017089B3 mov eax, dword ptr fs:[00000030h]3_2_017089B3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017089B3 mov eax, dword ptr fs:[00000030h]3_2_017089B3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016809AD mov eax, dword ptr fs:[00000030h]3_2_016809AD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016809AD mov eax, dword ptr fs:[00000030h]3_2_016809AD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016929A0 mov eax, dword ptr fs:[00000030h]3_2_016929A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01716870 mov eax, dword ptr fs:[00000030h]3_2_01716870
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01716870 mov eax, dword ptr fs:[00000030h]3_2_01716870
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170E872 mov eax, dword ptr fs:[00000030h]3_2_0170E872
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170E872 mov eax, dword ptr fs:[00000030h]3_2_0170E872
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01692840 mov ecx, dword ptr fs:[00000030h]3_2_01692840
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01684859 mov eax, dword ptr fs:[00000030h]3_2_01684859
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01684859 mov eax, dword ptr fs:[00000030h]3_2_01684859
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B0854 mov eax, dword ptr fs:[00000030h]3_2_016B0854
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172483A mov eax, dword ptr fs:[00000030h]3_2_0172483A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172483A mov eax, dword ptr fs:[00000030h]3_2_0172483A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BA830 mov eax, dword ptr fs:[00000030h]3_2_016BA830
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A2835 mov eax, dword ptr fs:[00000030h]3_2_016A2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A2835 mov eax, dword ptr fs:[00000030h]3_2_016A2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A2835 mov eax, dword ptr fs:[00000030h]3_2_016A2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A2835 mov ecx, dword ptr fs:[00000030h]3_2_016A2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A2835 mov eax, dword ptr fs:[00000030h]3_2_016A2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A2835 mov eax, dword ptr fs:[00000030h]3_2_016A2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170C810 mov eax, dword ptr fs:[00000030h]3_2_0170C810
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174A8E4 mov eax, dword ptr fs:[00000030h]3_2_0174A8E4
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BC8F9 mov eax, dword ptr fs:[00000030h]3_2_016BC8F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BC8F9 mov eax, dword ptr fs:[00000030h]3_2_016BC8F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AE8C0 mov eax, dword ptr fs:[00000030h]3_2_016AE8C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_017508C0 mov eax, dword ptr fs:[00000030h]3_2_017508C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170C89D mov eax, dword ptr fs:[00000030h]3_2_0170C89D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680887 mov eax, dword ptr fs:[00000030h]3_2_01680887
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0167CB7E mov eax, dword ptr fs:[00000030h]3_2_0167CB7E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172EB50 mov eax, dword ptr fs:[00000030h]3_2_0172EB50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01752B57 mov eax, dword ptr fs:[00000030h]3_2_01752B57
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01752B57 mov eax, dword ptr fs:[00000030h]3_2_01752B57
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01752B57 mov eax, dword ptr fs:[00000030h]3_2_01752B57
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01752B57 mov eax, dword ptr fs:[00000030h]3_2_01752B57
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01728B42 mov eax, dword ptr fs:[00000030h]3_2_01728B42
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01716B40 mov eax, dword ptr fs:[00000030h]3_2_01716B40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01716B40 mov eax, dword ptr fs:[00000030h]3_2_01716B40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0174AB40 mov eax, dword ptr fs:[00000030h]3_2_0174AB40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01734B4B mov eax, dword ptr fs:[00000030h]3_2_01734B4B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01734B4B mov eax, dword ptr fs:[00000030h]3_2_01734B4B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AEB20 mov eax, dword ptr fs:[00000030h]3_2_016AEB20
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AEB20 mov eax, dword ptr fs:[00000030h]3_2_016AEB20
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01748B28 mov eax, dword ptr fs:[00000030h]3_2_01748B28
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01748B28 mov eax, dword ptr fs:[00000030h]3_2_01748B28
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FEB1D mov eax, dword ptr fs:[00000030h]3_2_016FEB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FEB1D mov eax, dword ptr fs:[00000030h]3_2_016FEB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FEB1D mov eax, dword ptr fs:[00000030h]3_2_016FEB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FEB1D mov eax, dword ptr fs:[00000030h]3_2_016FEB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FEB1D mov eax, dword ptr fs:[00000030h]3_2_016FEB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FEB1D mov eax, dword ptr fs:[00000030h]3_2_016FEB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FEB1D mov eax, dword ptr fs:[00000030h]3_2_016FEB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FEB1D mov eax, dword ptr fs:[00000030h]3_2_016FEB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FEB1D mov eax, dword ptr fs:[00000030h]3_2_016FEB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754B00 mov eax, dword ptr fs:[00000030h]3_2_01754B00
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170CBF0 mov eax, dword ptr fs:[00000030h]3_2_0170CBF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AEBFC mov eax, dword ptr fs:[00000030h]3_2_016AEBFC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01688BF0 mov eax, dword ptr fs:[00000030h]3_2_01688BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01688BF0 mov eax, dword ptr fs:[00000030h]3_2_01688BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01688BF0 mov eax, dword ptr fs:[00000030h]3_2_01688BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A0BCB mov eax, dword ptr fs:[00000030h]3_2_016A0BCB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A0BCB mov eax, dword ptr fs:[00000030h]3_2_016A0BCB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A0BCB mov eax, dword ptr fs:[00000030h]3_2_016A0BCB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172EBD0 mov eax, dword ptr fs:[00000030h]3_2_0172EBD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680BCD mov eax, dword ptr fs:[00000030h]3_2_01680BCD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680BCD mov eax, dword ptr fs:[00000030h]3_2_01680BCD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680BCD mov eax, dword ptr fs:[00000030h]3_2_01680BCD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01734BB0 mov eax, dword ptr fs:[00000030h]3_2_01734BB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01734BB0 mov eax, dword ptr fs:[00000030h]3_2_01734BB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690BBE mov eax, dword ptr fs:[00000030h]3_2_01690BBE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690BBE mov eax, dword ptr fs:[00000030h]3_2_01690BBE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BCA6F mov eax, dword ptr fs:[00000030h]3_2_016BCA6F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BCA6F mov eax, dword ptr fs:[00000030h]3_2_016BCA6F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BCA6F mov eax, dword ptr fs:[00000030h]3_2_016BCA6F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0172EA60 mov eax, dword ptr fs:[00000030h]3_2_0172EA60
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FCA72 mov eax, dword ptr fs:[00000030h]3_2_016FCA72
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016FCA72 mov eax, dword ptr fs:[00000030h]3_2_016FCA72
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690A5B mov eax, dword ptr fs:[00000030h]3_2_01690A5B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01690A5B mov eax, dword ptr fs:[00000030h]3_2_01690A5B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686A50 mov eax, dword ptr fs:[00000030h]3_2_01686A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686A50 mov eax, dword ptr fs:[00000030h]3_2_01686A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686A50 mov eax, dword ptr fs:[00000030h]3_2_01686A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686A50 mov eax, dword ptr fs:[00000030h]3_2_01686A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686A50 mov eax, dword ptr fs:[00000030h]3_2_01686A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686A50 mov eax, dword ptr fs:[00000030h]3_2_01686A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01686A50 mov eax, dword ptr fs:[00000030h]3_2_01686A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016AEA2E mov eax, dword ptr fs:[00000030h]3_2_016AEA2E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BCA24 mov eax, dword ptr fs:[00000030h]3_2_016BCA24
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BCA38 mov eax, dword ptr fs:[00000030h]3_2_016BCA38
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A4A35 mov eax, dword ptr fs:[00000030h]3_2_016A4A35
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016A4A35 mov eax, dword ptr fs:[00000030h]3_2_016A4A35
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0170CA11 mov eax, dword ptr fs:[00000030h]3_2_0170CA11
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BAAEE mov eax, dword ptr fs:[00000030h]3_2_016BAAEE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016BAAEE mov eax, dword ptr fs:[00000030h]3_2_016BAAEE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016D6ACC mov eax, dword ptr fs:[00000030h]3_2_016D6ACC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016D6ACC mov eax, dword ptr fs:[00000030h]3_2_016D6ACC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016D6ACC mov eax, dword ptr fs:[00000030h]3_2_016D6ACC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680AD0 mov eax, dword ptr fs:[00000030h]3_2_01680AD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B4AD0 mov eax, dword ptr fs:[00000030h]3_2_016B4AD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B4AD0 mov eax, dword ptr fs:[00000030h]3_2_016B4AD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01688AA0 mov eax, dword ptr fs:[00000030h]3_2_01688AA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01688AA0 mov eax, dword ptr fs:[00000030h]3_2_01688AA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016D6AA4 mov eax, dword ptr fs:[00000030h]3_2_016D6AA4
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA80 mov eax, dword ptr fs:[00000030h]3_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA80 mov eax, dword ptr fs:[00000030h]3_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA80 mov eax, dword ptr fs:[00000030h]3_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA80 mov eax, dword ptr fs:[00000030h]3_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA80 mov eax, dword ptr fs:[00000030h]3_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA80 mov eax, dword ptr fs:[00000030h]3_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA80 mov eax, dword ptr fs:[00000030h]3_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA80 mov eax, dword ptr fs:[00000030h]3_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_0168EA80 mov eax, dword ptr fs:[00000030h]3_2_0168EA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01754A80 mov eax, dword ptr fs:[00000030h]3_2_01754A80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_016B8A90 mov edx, dword ptr fs:[00000030h]3_2_016B8A90
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01718D6B mov eax, dword ptr fs:[00000030h]3_2_01718D6B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680D59 mov eax, dword ptr fs:[00000030h]3_2_01680D59
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680D59 mov eax, dword ptr fs:[00000030h]3_2_01680D59
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01680D59 mov eax, dword ptr fs:[00000030h]3_2_01680D59
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 3_2_01688D59 mov eax, dword ptr fs:[00000030h]3_2_01688D59
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess created: C:\Users\user\Desktop\wN7EPNiHSM.exe "C:\Users\user\Desktop\wN7EPNiHSM.exe"Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Users\user\Desktop\wN7EPNiHSM.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.wN7EPNiHSM.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.wN7EPNiHSM.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1992586361.0000000001580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.wN7EPNiHSM.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.wN7EPNiHSM.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1992586361.0000000001580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		11
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            wN7EPNiHSM.exe85%VirustotalBrowse
            wN7EPNiHSM.exe84%ReversingLabsWin32.Trojan.Jalapeno
            wN7EPNiHSM.exe100%AviraHEUR/AGEN.1363068
            wN7EPNiHSM.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            s-part-0017.t-0009.fb-t-msedge.net
            		13.107.253.45
            		truefalse
              		high

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1587724
              Start date and time:2025-01-10 17:24:22 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 0s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:8
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:wN7EPNiHSM.exe
              renamed because original name is a hash value
              Original Sample Name:fcebb7294aba738107afce200d17aa674b8bfe835351750ca6ad01ba55174f00.exe
              Detection:MAL
              Classification:mal80.troj.evad.winEXE@3/1@0/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 96%
              • Number of executed functions: 27
              • Number of non-executed functions: 269
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 13.107.253.45, 184.28.90.27, 52.149.20.212, 20.109.210.53
              • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information

              Simulations

              Behavior and APIs

              TimeTypeDescription
              11:25:26API Interceptor4x Sleep call for process: wN7EPNiHSM.exe modified

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              s-part-0017.t-0009.fb-t-msedge.nethttp://infarmbureau.comGet hashmaliciousUnknownBrowse
              • 13.107.253.45
              32474162872806629906.jsGet hashmaliciousStrela DownloaderBrowse
              • 13.107.253.45
              0Ie2kYdPTW.exeGet hashmaliciousFormBookBrowse
              • 13.107.253.45
              97q26I8OtN.exeGet hashmaliciousFormBookBrowse
              • 13.107.253.45
              nkCBRtd25H.exeGet hashmaliciousUnknownBrowse
              • 13.107.253.45
              https://www.filemail.com/d/rxythqchkhluipl?skipreg=trueGet hashmaliciousUnknownBrowse
              • 13.107.253.45
              https://eu.jotform.com/app/250092704521347Get hashmaliciousUnknownBrowse
              • 13.107.253.45
              http://loginmicrosoftonline.Bdo.scoremasters.gr/cache/cdn?email=christian.wernli@bdo.chGet hashmaliciousUnknownBrowse
              • 13.107.253.45
              fghj.exeGet hashmaliciousLummaCBrowse
              • 13.107.253.45
              https://p3rsa.appdocumentcenter.com/BpdLOGet hashmaliciousHTMLPhisherBrowse
              • 13.107.253.45

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wN7EPNiHSM.exe.log

              Download File
              Process:C:\Users\user\Desktop\wN7EPNiHSM.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1216
              Entropy (8bit):5.34331486778365
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
              MD5:1330C80CAAC9A0FB172F202485E9B1E8
              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
              Malicious:true
              Reputation:high, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.5504484053447385
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:wN7EPNiHSM.exe
              File size:861'696 bytes
              MD5:4e8944d70c0b6ade6eafea2d95434873
              SHA1:97b3b6c541a8685a3d4df1f2e7462eb6be42b0b2
              SHA256:fcebb7294aba738107afce200d17aa674b8bfe835351750ca6ad01ba55174f00
              SHA512:8304633df914456f308004d7e45ed311528b06b7e685a331cb8a5ab7340bf744141473b6f463b3404e77510ccef8fc970080c07310fabb22e9cc9f1925b543a3
              SSDEEP:12288:QDkX1pKPhri+0uT6xakSev7R6fdT1P2RJNK8azs1EEUwhHmXVQv81:QAXaU+58SevUZ92oN2EjIGFQv81
              TLSH:DD0501B855B9C01EC4696B7586F2F2B912246FDD6B01E3CF5BC97EEBB823A0548443C1
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....hg..............0..............:... ...@....@.. ....................................@................................

              File Icon

              Icon Hash:90cececece8e8eb0

              Static PE Info

              General

              Entrypoint:0x4d3aee
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x6768B014 [Mon Dec 23 00:34:28 2024 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add dword ptr [eax], eax
              add byte ptr [eax], al
              add al, byte ptr [eax]
              add byte ptr [eax], al
              add al, 00h
              add byte ptr [eax], al
              or byte ptr [eax], al
              add byte ptr [eax], al
              adc byte ptr [eax], al
              add byte ptr [eax], al
              and byte ptr [eax], al
              add byte ptr [eax], al
              inc eax
              add byte ptr [eax], al
              add byte ptr [eax+00000000h], al
              add dword ptr [eax], eax
              add byte ptr [eax], al
              add al, byte ptr [eax]
              add byte ptr [eax], al
              add al, 00h
              add byte ptr [eax], al
              or byte ptr [eax], al
              add byte ptr [eax], al
              adc byte ptr [eax], al
              add byte ptr [eax], al
              and byte ptr [eax], al
              add byte ptr [eax], al
              inc eax
              add byte ptr [eax], al
              add byte ptr [eax+00530000h], al
              jns 00007F4918611B12h
              jnc 00007F4918611B12h
              je 00007F4918611B12h
              add byte ptr [ebp+00h], ch
              add byte ptr [edx+00h], dl
              add byte ptr [esi+00h], ah
              insb
              add byte ptr [ebp+00h], ah
              arpl word ptr [eax], ax
              je 00007F4918611B12h
              imul eax, dword ptr [eax], 006E006Fh
              add byte ptr [ecx+00h], al
              jnc 00007F4918611B12h
              jnc 00007F4918611B12h
              add byte ptr [ebp+00h], ch
              bound eax, dword ptr [eax]
              insb
              add byte ptr [ecx+00h], bh
              add byte ptr [eax], al
              add byte ptr [eax], al
              dec esp
              add byte ptr [edi+00h], ch
              popad
              add byte ptr [eax+eax+00h], ah
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xd3a9c0x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x59c.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xd60000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xd1b740xd1c00b0cec5f2b39e3baee8675b46efc92d4dFalse0.8182383231525626data7.555536758399242IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xd40000x59c0x6003157639e86f1fcc9ef115b4fbdbebbf4False0.4153645833333333data4.09928229529802IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xd60000xc0x2006dc8ce20d2e41fecd48b24f259e4e5b0False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xd40900x30cdata0.42435897435897435
              RT_MANIFEST0xd43ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jan 10, 2025 17:25:21.849807978 CET1.1.1.1192.168.2.110x2ce8No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
              Jan 10, 2025 17:25:21.849807978 CET1.1.1.1192.168.2.110x2ce8No error (0)dual.s-part-0017.t-0009.fb-t-msedge.nets-part-0017.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Jan 10, 2025 17:25:21.849807978 CET1.1.1.1192.168.2.110x2ce8No error (0)s-part-0017.t-0009.fb-t-msedge.net13.107.253.45A (IP address)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:11:25:25
              Start date:10/01/2025
              Path:C:\Users\user\Desktop\wN7EPNiHSM.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\wN7EPNiHSM.exe"
              Imagebase:0xc20000
              File size:861'696 bytes
              MD5 hash:4E8944D70C0B6ADE6EAFEA2D95434873
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:3
              Start time:11:25:26
              Start date:10/01/2025
              Path:C:\Users\user\Desktop\wN7EPNiHSM.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\wN7EPNiHSM.exe"
              Imagebase:0xc30000
              File size:861'696 bytes
              MD5 hash:4E8944D70C0B6ADE6EAFEA2D95434873
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1992586361.0000000001580000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:8.3%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:27
                Total number of Limit Nodes:3
                execution_graph 36654 74071e1 CloseHandle 36655 740724f 36654->36655 36642 7403318 36643 7403366 DrawTextExW 36642->36643 36645 74033be 36643->36645 36646 143ecd8 36647 143ece7 36646->36647 36649 143edc1 36646->36649 36650 143ee04 36649->36650 36651 143ede1 36649->36651 36650->36647 36651->36650 36652 143f008 GetModuleHandleW 36651->36652 36653 143f035 36652->36653 36653->36647 36656 1434668 36657 143467a 36656->36657 36658 1434686 36657->36658 36660 1434779 36657->36660 36661 143479d 36660->36661 36665 1434879 36661->36665 36669 1434888 36661->36669 36666 14348af 36665->36666 36667 143498c 36666->36667 36673 14344c4 36666->36673 36671 14348af 36669->36671 36670 143498c 36670->36670 36671->36670 36672 14344c4 CreateActCtxA 36671->36672 36672->36670 36674 1435918 CreateActCtxA 36673->36674 36676 14359db 36674->36676

                Executed Functions

                Function 01437022 Relevance: 2.0, Instructions: 1990COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1230 1437022-1437025 1231 1437027-143705b 1230->1231 1232 1437018-1437020 1230->1232 1233 1437062-1437172 call 1435d4c call 1435d5c 1231->1233 1234 143705d 1231->1234 1232->1230 1238 1437177-143725e call 14301c8 * 3 1233->1238 1234->1233 1251 1437269-1437275 1238->1251 1252 143727d-1437392 1251->1252 1266 1437435-143746e 1252->1266 1268 1437397-1437432 1266->1268 1269 1437474-143747a 1266->1269 1268->1266 1270 14374d1-143750a 1269->1270 1273 1437510-1437516 1270->1273 1274 143747c-14374ce 1270->1274 1276 143756d-14375a6 1273->1276 1274->1270 1281 1437518-143756a 1276->1281 1282 14375ac-14375b3 1276->1282 1281->1276 1284 1437605-143763e 1282->1284 1289 14375b5-1437602 1284->1289 1290 1437644-1437670 1284->1290 1289->1284 1290->1282 1293 1437676-14376a7 1290->1293 1296 143781d-1437856 1293->1296 1298 14376ac-143781a 1296->1298 1299 143785c-1437df4 1296->1299 1298->1296 1341 14381fa-1438241 1299->1341 1343 1438247-1438270 1341->1343 1344 1437df9-14381f4 1341->1344 1347 143833d-143837f 1343->1347 1344->1341 1351 1438275-1438337 1347->1351 1352 1438385-14383a5 1347->1352 1351->1347 1356 1438408-143844a 1352->1356 1361 1438450-1438459 1356->1361 1362 14383a7-1438402 1356->1362 1364 14384bc-14384fe 1361->1364 1362->1356 1372 1438504-143850d 1364->1372 1373 143845b-14384b6 1364->1373 1375 1438570-14385b2 1372->1375 1373->1364 1380 14385b8-14385c2 1375->1380 1381 143850f-143856a 1375->1381 1383 1438620-1438662 1380->1383 1381->1375 1388 14385c4-143861a 1383->1388 1389 1438668-143869a 1383->1389 1388->1383 1389->1380 1394 14386a0-14386c9 1389->1394 1397 143884e-1438890 1394->1397 1400 1438896-1438e59 1397->1400 1401 14386ce-1438848 1397->1401 1455 1439031-1439078 1400->1455 1401->1397 1457 1438e5e-143902b 1455->1457 1458 143907e-14390a7 1455->1458 1457->1455 1461 1439153-1439195 1458->1461 1464 143919b-14391bb 1461->1464 1465 14390ac-143914d 1461->1465 1470 143921e-1439260 1464->1470 1465->1461 1474 1439266-143926f 1470->1474 1475 14391bd-1439218 1470->1475 1478 14392d2-1439314 1474->1478 1475->1470 1484 1439271-14392cc 1478->1484 1485 143931a-1439323 1478->1485 1484->1478 1488 1439386-14393c8 1485->1488 1493 1439325-1439380 1488->1493 1494 14393ce-143941f 1488->1494 1493->1488 1502 1439421-143944a 1494->1502 1503 14395cf-1439611 1502->1503 1505 1439617-1439bda 1503->1505 1506 143944f-14395c9 1503->1506 1549 1439db2-1439df9 1505->1549 1506->1503 1551 1439bdf-1439dac 1549->1551 1552 1439dff-1439e28 1549->1552 1551->1549 1555 1439ed4-1439f16 1552->1555 1558 1439e2d-1439ece 1555->1558 1559 1439f1c-1439f3c 1555->1559 1558->1555 1564 1439f9f-1439fe1 1559->1564 1568 1439fe7-1439ff0 1564->1568 1569 1439f3e-1439f99 1564->1569 1572 143a053-143a095 1568->1572 1569->1564 1579 1439ff2-143a04d 1572->1579 1580 143a09b-143a0ec 1572->1580 1579->1572 1588 143a0ee-143a117 1580->1588 1589 143a29c-143a2de 1588->1589 1593 143a2e4-143a8a7 1589->1593 1594 143a11c-143a296 1589->1594 1637 143aa7f-143aac6 1593->1637 1594->1589 1639 143a8ac-143aa79 1637->1639 1640 143aacc-143aaf5 1637->1640 1639->1637 1643 143aba1-143abe3 1640->1643 1646 143aafa-143ab9b 1643->1646 1647 143abe9-143adeb 1643->1647 1646->1643
                Memory Dump Source
                • Source File: 00000000.00000002.1388823180.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1430000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c0a80a0756c755aa63854ec289462c7a731707cce868f6c1d0476d36df9a0c9
                • Instruction ID: 839b3999bcfd3ff4d0fb55965dde9b31b43df3c528d48ee1ae885a65e93cf176
                • Opcode Fuzzy Hash: 6c0a80a0756c755aa63854ec289462c7a731707cce868f6c1d0476d36df9a0c9
                • Instruction Fuzzy Hash: 1223E070D00629CFDB20EF28D854A99BBB1FF89301F1086E9D849B7694EB356AD5CF41
                Function 055CA4E0 Relevance: .6, Instructions: 612COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1408201741.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_55c0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1449de396ee978361f26b7709ca6ccbae30d42b7ca03ed0ef23a02d460d6b14
                • Instruction ID: acedd1cc760ef8d835531818ab1c0158d6e4db3421da28654b40dc214c9daac6
                • Opcode Fuzzy Hash: e1449de396ee978361f26b7709ca6ccbae30d42b7ca03ed0ef23a02d460d6b14
                • Instruction Fuzzy Hash: 2152C574E052198FDB24CFA9C980BEEFBF2BF89300F1485A9D419A7255D734AA85CF50
                Function 0143EDC1 Relevance: 1.7, APIs: 1, Instructions: 207COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1676 143edc1-143eddf 1677 143ede1-143edee call 143e794 1676->1677 1678 143ee0b-143ee0f 1676->1678 1685 143edf0 1677->1685 1686 143ee04 1677->1686 1680 143ee23-143ee64 1678->1680 1681 143ee11-143ee1b 1678->1681 1687 143ee71-143ee7f 1680->1687 1688 143ee66-143ee6e 1680->1688 1681->1680 1732 143edf6 call 143f058 1685->1732 1733 143edf6 call 143f068 1685->1733 1686->1678 1689 143eea3-143eea5 1687->1689 1690 143ee81-143ee86 1687->1690 1688->1687 1695 143eea8-143eeaf 1689->1695 1692 143ee91 1690->1692 1693 143ee88-143ee8f call 143e7a0 1690->1693 1691 143edfc-143edfe 1691->1686 1694 143ef40-143f000 1691->1694 1699 143ee93-143eea1 1692->1699 1693->1699 1727 143f002-143f005 1694->1727 1728 143f008-143f033 GetModuleHandleW 1694->1728 1696 143eeb1-143eeb9 1695->1696 1697 143eebc-143eec3 1695->1697 1696->1697 1700 143eed0-143eed9 call 143e7b0 1697->1700 1701 143eec5-143eecd 1697->1701 1699->1695 1707 143eee6-143eeeb 1700->1707 1708 143eedb-143eee3 1700->1708 1701->1700 1709 143ef09-143ef16 1707->1709 1710 143eeed-143eef4 1707->1710 1708->1707 1716 143ef39-143ef3f 1709->1716 1717 143ef18-143ef36 1709->1717 1710->1709 1712 143eef6-143ef06 call 143e7c0 call 143e7d0 1710->1712 1712->1709 1717->1716 1727->1728 1729 143f035-143f03b 1728->1729 1730 143f03c-143f050 1728->1730 1729->1730 1732->1691 1733->1691
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 0143F026
                Memory Dump Source
                • Source File: 00000000.00000002.1388823180.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1430000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 6550965090bab1f42236e72ea124a4c261596bf29852520c3aeda3dd653ded6d
                • Instruction ID: c95a25a8147f09c761370dbb9eee4ed4489db7dd4f1a3eac2ca4dba57c4f05d3
                • Opcode Fuzzy Hash: 6550965090bab1f42236e72ea124a4c261596bf29852520c3aeda3dd653ded6d
                • Instruction Fuzzy Hash: 378154B0A01B058FD725DF2AD04575BBBF1FF88214F00892ED58AE7B61D774E8498B91
                Function 0143590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1734 143590c-14359d9 CreateActCtxA 1736 14359e2-1435a3c 1734->1736 1737 14359db-14359e1 1734->1737 1744 1435a4b-1435a4f 1736->1744 1745 1435a3e-1435a41 1736->1745 1737->1736 1746 1435a51-1435a5d 1744->1746 1747 1435a60 1744->1747 1745->1744 1746->1747 1749 1435a61 1747->1749 1749->1749
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 014359C9
                Memory Dump Source
                • Source File: 00000000.00000002.1388823180.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1430000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: f5761cc348069e7383566c321c236273ec4ed09387275f4627379d6afeba631f
                • Instruction ID: e82632e11d7842201f48a65eda3a4019e912a31b9768c5b702d8bfea284ce008
                • Opcode Fuzzy Hash: f5761cc348069e7383566c321c236273ec4ed09387275f4627379d6afeba631f
                • Instruction Fuzzy Hash: 6541C1B1C00719CFDB24DFA9C884A9EBBB5BF89304F20815AD409AB265DB75694ACF50
                Function 014344C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1750 14344c4-14359d9 CreateActCtxA 1753 14359e2-1435a3c 1750->1753 1754 14359db-14359e1 1750->1754 1761 1435a4b-1435a4f 1753->1761 1762 1435a3e-1435a41 1753->1762 1754->1753 1763 1435a51-1435a5d 1761->1763 1764 1435a60 1761->1764 1762->1761 1763->1764 1766 1435a61 1764->1766 1766->1766
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 014359C9
                Memory Dump Source
                • Source File: 00000000.00000002.1388823180.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1430000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 8dfb90b5ccb129ec78a541465ddab6b306bb1836fa16b540d201a27c0fad9237
                • Instruction ID: 28ecb2e5ae392d84812a2fdb907481110ae998041e19e4286d3a5da743d5bc7f
                • Opcode Fuzzy Hash: 8dfb90b5ccb129ec78a541465ddab6b306bb1836fa16b540d201a27c0fad9237
                • Instruction Fuzzy Hash: 5D41D1B0C0071DCBDB24DFA9C884B9EBBF5BF89304F20815AD409AB265DB756946CF90
                Function 07403310 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1767 7403310-7403364 1768 7403366-740336c 1767->1768 1769 740336f-740337e 1767->1769 1768->1769 1770 7403380 1769->1770 1771 7403383-74033bc DrawTextExW 1769->1771 1770->1771 1772 74033c5-74033e2 1771->1772 1773 74033be-74033c4 1771->1773 1773->1772
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 074033AF
                Memory Dump Source
                • Source File: 00000000.00000002.1409646461.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7400000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: 9318caf5c20ade72fb5ce9a71c5b1d6b2d54907bbf23c22b3dd2375074442060
                • Instruction ID: eac874c6cc519f05f2ddec8be91d2c916d6b19a0b505b9ce7bd254ca6f0e1af6
                • Opcode Fuzzy Hash: 9318caf5c20ade72fb5ce9a71c5b1d6b2d54907bbf23c22b3dd2375074442060
                • Instruction Fuzzy Hash: 4F31BFB59002099FDB10CF9AD884ADEFBF5FB48320F14842EE919A7350D774A944CFA0
                Function 07403318 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1776 7403318-7403364 1777 7403366-740336c 1776->1777 1778 740336f-740337e 1776->1778 1777->1778 1779 7403380 1778->1779 1780 7403383-74033bc DrawTextExW 1778->1780 1779->1780 1781 74033c5-74033e2 1780->1781 1782 74033be-74033c4 1780->1782 1782->1781
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 074033AF
                Memory Dump Source
                • Source File: 00000000.00000002.1409646461.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7400000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: a95601f7649b5941bfc7209f59c7db941b18a9bd81e6a4dffaf7407fb97798cd
                • Instruction ID: 2209fdfd5fae929fa67cefc16b87bb1207eb649c17f55fd2e54fa58db56f9cd0
                • Opcode Fuzzy Hash: a95601f7649b5941bfc7209f59c7db941b18a9bd81e6a4dffaf7407fb97798cd
                • Instruction Fuzzy Hash: 1021AEB590020A9FDB10CF9AD884ADEBBF5FB48320F14842EE919A7350D775A944CFA4
                Function 0143EFC0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1785 143efc0-143f000 1786 143f002-143f005 1785->1786 1787 143f008-143f033 GetModuleHandleW 1785->1787 1786->1787 1788 143f035-143f03b 1787->1788 1789 143f03c-143f050 1787->1789 1788->1789
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 0143F026
                Memory Dump Source
                • Source File: 00000000.00000002.1388823180.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1430000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 8e7224b435db689faa135f3694d21df68cffa621d9beff55dc230a7f500a4f8f
                • Instruction ID: 5193fb9a3077dd010b484ad61562636453bc8de1289f7ee377d621c236301518
                • Opcode Fuzzy Hash: 8e7224b435db689faa135f3694d21df68cffa621d9beff55dc230a7f500a4f8f
                • Instruction Fuzzy Hash: 4411D2B6C002498FDB24CF9AD944A9EFBF4EB89214F14841AD519A7210C379A549CFA5
                Function 074068E4 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07407099,?,?), ref: 07407240
                Memory Dump Source
                • Source File: 00000000.00000002.1409646461.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7400000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: ed51de52206e09be20d6221c9765876a4fe0e008b16f9500bc65f21b1907db71
                • Instruction ID: 558309c3cca1bb133e5f6f832e09f752c50a7350374835d94e493f212e9f6781
                • Opcode Fuzzy Hash: ed51de52206e09be20d6221c9765876a4fe0e008b16f9500bc65f21b1907db71
                • Instruction Fuzzy Hash: 8B1125B6800349CFCB20DF9AD544BDEBBF4EB48320F14842AE958A7340D738A944CFA5
                Function 074071E1 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07407099,?,?), ref: 07407240
                Memory Dump Source
                • Source File: 00000000.00000002.1409646461.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7400000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: df8cbd45282d94e506565303a481efc43926a4f2916c523425b8a1135e7ac83b
                • Instruction ID: a4bf5e7fd9c49d4fddc6a0b1bb20e6e4d5bfa16a9930f70d6f262f0d362ef387
                • Opcode Fuzzy Hash: df8cbd45282d94e506565303a481efc43926a4f2916c523425b8a1135e7ac83b
                • Instruction Fuzzy Hash: 0D11E3B6800349DFDB20DF9AD545BDEBBF4EB48320F14841AD968A7241D738A944CFA5
                Function 013DD3D8 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1388527407.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_13dd000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 43045979a291f27f44f850bf9d8eecd95946088472b058965a5763e3fa919a12
                • Instruction ID: c601f0ec07c28c314efc58bdd215930c5f276ea91d0c74522a3f65327b1dd55b
                • Opcode Fuzzy Hash: 43045979a291f27f44f850bf9d8eecd95946088472b058965a5763e3fa919a12
                • Instruction Fuzzy Hash: 5C2148B2104204DFDB02DF98E9C0B66BF79FB88328F20C56CD9091B286C736E416C6A1
                Function 013ED01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1388577616.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_13ed000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 490fe3e84e45ced37ef2a80be7720befc4d79be0cbe55089e75996f23aab589b
                • Instruction ID: 76f420968fc4c6f2588f39f5d6e05c8ab1d3f5006a465a48f86de535a48aa8f5
                • Opcode Fuzzy Hash: 490fe3e84e45ced37ef2a80be7720befc4d79be0cbe55089e75996f23aab589b
                • Instruction Fuzzy Hash: A4210371504304DFCB15DF58D988B16BFA5FB84318F28C56DD80A0B286C33AD806CA61
                Function 013ED1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1388577616.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_13ed000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c9927bce83b0743a4f6a15556d7c60b17898b79a32c4bef23b86d0e4c3d2bd6
                • Instruction ID: 20f1536019331e2bc537b106c79ab7c6cd0e479ff2c2a755c4ca8f445a59a523
                • Opcode Fuzzy Hash: 9c9927bce83b0743a4f6a15556d7c60b17898b79a32c4bef23b86d0e4c3d2bd6
                • Instruction Fuzzy Hash: 6E210775504304DFDB06DF98D9C8B26BBA5FB84328F24C56DD9094B2D6C336D406CA61
                Function 013DD3D3 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1388527407.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_13dd000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                • Instruction ID: e2cb44dc4d52c066b19f66bcfa3ca8fb84051ef127e592d194ac00a147db6201
                • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                • Instruction Fuzzy Hash: 16110376404240DFDB12CF44D5C4B56BF71FB84328F24C2A9D9091B257C33AE45ACBA1
                Function 013ED1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1388577616.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_13ed000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                • Instruction ID: 4ddeba25ef55f62c0bba0421fcb2bd2e58f1b1d482fe923eb2d66e7f246a272b
                • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                • Instruction Fuzzy Hash: 50118B79504380DFDB16CF54D6C8B15BBB1FB84328F24C6ADD8494B696C33AD44ACB61
                Function 013ED017 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1388577616.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_13ed000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                • Instruction ID: ce1ec0eacf81683a124d67817c9d982a25a18703041110b32948836db0883c80
                • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                • Instruction Fuzzy Hash: A7118E75504380DFDB16CF54D5C8B15BFA1FB44318F28C6A9D8494B696C33AD84ACB61
                Function 013DD745 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1388527407.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_13dd000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 552c3efe6fe4235a6679e285e67e3d6663fac7ebd775c96699903219633cb2e8
                • Instruction ID: 735977f32630307266fdf002d978f74f3f7619f65473ef421503796077ba91a6
                • Opcode Fuzzy Hash: 552c3efe6fe4235a6679e285e67e3d6663fac7ebd775c96699903219633cb2e8
                • Instruction Fuzzy Hash: 9E01DB731043849AE7219E99DDC4B66BF9CEF41338F19C59AED090A2C7D7799840C6B1
                Function 013DD744 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1388527407.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_13dd000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bf1f8de3d65aeeb83a0d0708b19bce83c13a71eb316c9c931b68be861585e92f
                • Instruction ID: d314b1acfc56c580f10021ea727f647438566c03155a465eee4675fd01c57a78
                • Opcode Fuzzy Hash: bf1f8de3d65aeeb83a0d0708b19bce83c13a71eb316c9c931b68be861585e92f
                • Instruction Fuzzy Hash: 49F062724043849EE7218E5AD9C8B62FF98EB91634F18C55AED484A296C3799844CAB1

                Non-executed Functions

                Function 07401DE8 Relevance: 6.9, Strings: 5, Instructions: 620COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1409646461.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7400000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Hiq$Hiq$Hiq$Hiq$Hiq
                • API String ID: 0-1376665358
                • Opcode ID: f76544b678975bdd50c60c0a5089862e4200f0e85f394d69be2e899e6e322b49
                • Instruction ID: 0b38076728d1b0abd51f411ef1b0a450cf6deb37047642466b3b461c5dc62510
                • Opcode Fuzzy Hash: f76544b678975bdd50c60c0a5089862e4200f0e85f394d69be2e899e6e322b49
                • Instruction Fuzzy Hash: 31328EB0E002598FDB54DFA9C85079EBBF2BFC9300F14856AD50AAB395DB349D81CB91
                Function 0740CDF0 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1409646461.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7400000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: LReq
                • API String ID: 0-2687900687
                • Opcode ID: 5d61f1378512300f9a35908553fdc0bfc1b6dcfbe06ca3b40b3bcb49f7619495
                • Instruction ID: d065158e71482f979c118efb3cb2db90d70cbc87c150e00a5730544271264845
                • Opcode Fuzzy Hash: 5d61f1378512300f9a35908553fdc0bfc1b6dcfbe06ca3b40b3bcb49f7619495
                • Instruction Fuzzy Hash: 8441D0B1A14215CFC7108F69E8846FBB7B1EF89705F04867BE4168A2D1D378D942D7E2
                Function 07404948 Relevance: .3, Instructions: 277COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1409646461.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7400000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c8f991f0f7f893d922d4701cff99c7746a38c49f53eb72bc31e6383aed4ae02
                • Instruction ID: c6960b9b0f05d0ed17bc4903dd3bbe596957ef345b670bea923170d0c31a204c
                • Opcode Fuzzy Hash: 9c8f991f0f7f893d922d4701cff99c7746a38c49f53eb72bc31e6383aed4ae02
                • Instruction Fuzzy Hash: 79C15EB1E00259CFDF14CFA9C8807DEBBB2AF85310F14C56AD509AB295DB309995CF91
                Function 055C9F20 Relevance: .3, Instructions: 271COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1408201741.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_55c0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a779a86badff1a290ae3903d2adfb9e907d949871b8a76a62e1132044e15d7fa
                • Instruction ID: 739d5d63d74f85b7c81b2f6857bb498264571f867db5fa7787f51b1d2fb222db
                • Opcode Fuzzy Hash: a779a86badff1a290ae3903d2adfb9e907d949871b8a76a62e1132044e15d7fa
                • Instruction Fuzzy Hash: 2BD1E731D24B5A8ACB01EF74D990699B7B1FFD5300F518B9AE04937210EF786AD8CB81
                Function 055C9F30 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1408201741.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_55c0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 83493820c7e640346d83a77adfadf9921f4b26a4128c655b40c22b0942ed9d42
                • Instruction ID: cdfe8720e13841677fec391c18d00f384df730f33cd889e8d5fe061dd68cdbd9
                • Opcode Fuzzy Hash: 83493820c7e640346d83a77adfadf9921f4b26a4128c655b40c22b0942ed9d42
                • Instruction Fuzzy Hash: F1D1E731D24B5A8ACB11EF74D990699B7B1FFD5300F518B9AE04937210EF786AD8CB81
                Function 055CA4D0 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1408201741.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_55c0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7e46bb8fd9cc73fa8bce6eb3c7571ad4829549f634978d087e193eab1c27e15f
                • Instruction ID: 8b8e72567f31e0bde5dfa02b64f9fb9f8d305e6149fa468e78c06963e4733591
                • Opcode Fuzzy Hash: 7e46bb8fd9cc73fa8bce6eb3c7571ad4829549f634978d087e193eab1c27e15f
                • Instruction Fuzzy Hash: 6A51A5B1D006188FDB28CFAAC8557DEFBB2BF88304F14C1AAD558A7254DB744A85CF90

                Execution Graph

                Execution Coverage:0.7%
                Dynamic/Decrypted Code Coverage:5.8%
                Signature Coverage:9.7%
                Total number of Nodes:103
                Total number of Limit Nodes:8
                execution_graph 93542 42fb63 93543 42fad3 93542->93543 93544 42fb30 93543->93544 93548 42ea73 93543->93548 93546 42fb0d 93551 42e993 93546->93551 93554 42cc03 93548->93554 93550 42ea8e 93550->93546 93557 42cc53 93551->93557 93553 42e9ac 93553->93544 93555 42cc20 93554->93555 93556 42cc31 RtlAllocateHeap 93555->93556 93556->93550 93558 42cc6d 93557->93558 93559 42cc7e RtlFreeHeap 93558->93559 93559->93553 93560 424f63 93561 424f7c 93560->93561 93562 424fc4 93561->93562 93565 425001 93561->93565 93567 425006 93561->93567 93563 42e993 RtlFreeHeap 93562->93563 93564 424fd1 93563->93564 93566 42e993 RtlFreeHeap 93565->93566 93566->93567 93582 424bd3 93583 424bef 93582->93583 93584 424c17 93583->93584 93585 424c2b 93583->93585 93586 42c8e3 NtClose 93584->93586 93592 42c8e3 93585->93592 93588 424c20 93586->93588 93589 424c34 93595 42eab3 RtlAllocateHeap 93589->93595 93591 424c3f 93593 42c900 93592->93593 93594 42c911 NtClose 93593->93594 93594->93589 93595->93591 93596 42bef3 93597 42bf10 93596->93597 93600 16c2df0 LdrInitializeThunk 93597->93600 93598 42bf38 93600->93598 93601 42fa33 93602 42fa43 93601->93602 93603 42fa49 93601->93603 93604 42ea73 RtlAllocateHeap 93603->93604 93605 42fa6f 93604->93605 93568 413e43 93570 413e63 93568->93570 93571 413ecc 93570->93571 93573 41b583 RtlFreeHeap LdrInitializeThunk 93570->93573 93572 413ec2 93573->93572 93574 413c63 93577 42cb73 93574->93577 93578 42cb8d 93577->93578 93581 16c2c70 LdrInitializeThunk 93578->93581 93579 413c85 93581->93579 93606 417973 93607 417997 93606->93607 93608 4179d3 LdrLoadDll 93607->93608 93609 41799e 93607->93609 93608->93609 93610 4019d3 93611 401955 93610->93611 93611->93610 93614 42ff03 93611->93614 93617 42e543 93614->93617 93618 42e569 93617->93618 93627 407333 93618->93627 93620 42e57f 93626 401aba 93620->93626 93630 41b273 93620->93630 93622 42e59e 93623 42cca3 ExitProcess 93622->93623 93624 42e5b3 93622->93624 93623->93624 93641 42cca3 93624->93641 93629 407340 93627->93629 93644 416623 93627->93644 93629->93620 93631 41b29f 93630->93631 93662 41b163 93631->93662 93634 41b2e4 93637 41b300 93634->93637 93639 42c8e3 NtClose 93634->93639 93635 41b2cc 93636 41b2d7 93635->93636 93638 42c8e3 NtClose 93635->93638 93636->93622 93637->93622 93638->93636 93640 41b2f6 93639->93640 93640->93622 93642 42ccc0 93641->93642 93643 42ccd1 ExitProcess 93642->93643 93643->93626 93645 416640 93644->93645 93647 416659 93645->93647 93648 42d343 93645->93648 93647->93629 93649 42d35d 93648->93649 93650 42d38c 93649->93650 93655 42bf43 93649->93655 93650->93647 93653 42e993 RtlFreeHeap 93654 42d402 93653->93654 93654->93647 93656 42bf60 93655->93656 93659 16c2c0a 93656->93659 93657 42bf8c 93657->93653 93660 16c2c1f LdrInitializeThunk 93659->93660 93661 16c2c11 93659->93661 93660->93657 93661->93657 93663 41b17d 93662->93663 93667 41b259 93662->93667 93668 42bfe3 93663->93668 93666 42c8e3 NtClose 93666->93667 93667->93634 93667->93635 93669 42c000 93668->93669 93672 16c35c0 LdrInitializeThunk 93669->93672 93670 41b24d 93670->93666 93672->93670

                Executed Functions

                Function 00417973 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004179E5
                Memory Dump Source
                • Source File: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                • Instruction ID: 323f89a42f38ea3497f3970b352b260b71411728b8fd7408dcac9773fc2b6fba
                • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                • Instruction Fuzzy Hash: 45015EB1E4020DBBDF10DAA5DC42FDEB7789B54308F4041AAE90897241F635EB588B95
                Function 0042C8E3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 25 42c8e3-42c91f call 4046e3 call 42db23 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C91A
                Memory Dump Source
                • Source File: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 1d10642a27bc0e5df660e21782aed2f5f7ca33b2a92859ff1fb4c9ff2df5d239
                • Instruction ID: f4ea3f721504e19aaa1cfae9f58be35606ded5cddfc2611419a9eff57343eac7
                • Opcode Fuzzy Hash: 1d10642a27bc0e5df660e21782aed2f5f7ca33b2a92859ff1fb4c9ff2df5d239
                • Instruction Fuzzy Hash: 58E04F362006147BD220AA5ADC01FEB776CDFC5714F00442AFA086B241CA75790087F4
                Function 016C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 40 16c2df0-16c2dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 52780c8a72e85d9835ca1b116b980fb303374b5de293c6db2f7804c7918baf9b
                • Instruction ID: c08cc37efb45ac937da0324ac085d13602222ffee93ebb85978017cb70a5c62a
                • Opcode Fuzzy Hash: 52780c8a72e85d9835ca1b116b980fb303374b5de293c6db2f7804c7918baf9b
                • Instruction Fuzzy Hash: 2C90023560141413D11175584908707001D97D0241F99C412E4424658ED6568A52A222
                Function 016C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 39 16c2c70-16c2c7c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: b2f23cc41955ccb0005ba343f715396ae93ea391076284033edc928fa1198a44
                • Instruction ID: 9f76db68e0d6ef23339480440f72e58aafad3f8f2f0762cc4be90da9c83e1eda
                • Opcode Fuzzy Hash: b2f23cc41955ccb0005ba343f715396ae93ea391076284033edc928fa1198a44
                • Instruction Fuzzy Hash: AE90023560149802D1107558880874B001997D0301F5DC411E8424758EC69589917222
                Function 016C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 41 16c35c0-16c35cc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 42e6f88239fb6a209d781627474924264e4a21bd5992bb54db47d5421db39d6a
                • Instruction ID: 30d2f42a36a47d64f1c38753d2dbe37a3321b25684d6616e6467f17a68d220e9
                • Opcode Fuzzy Hash: 42e6f88239fb6a209d781627474924264e4a21bd5992bb54db47d5421db39d6a
                • Instruction Fuzzy Hash: 5D900235A0551402D10075584918707101997D0201F69C411E4424668EC7958A5166A3
                Function 0042CC53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 20 42cc53-42cc94 call 4046e3 call 42db23 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,DC6F212F,00000007,00000000,00000004,00000000,004171E2,000000F4), ref: 0042CC8F
                Memory Dump Source
                • Source File: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 557dd09d46155c8d065a74e52eabe62f6234a348c59970a36251551f2b987aa6
                • Instruction ID: 30aef10183c22a1a62fbcf210e3d78793f30011ff7b7d1cb521fc0f0deeee649
                • Opcode Fuzzy Hash: 557dd09d46155c8d065a74e52eabe62f6234a348c59970a36251551f2b987aa6
                • Instruction Fuzzy Hash: EEE06D762006147BC610EE99EC45FDB77ACEFC9711F004419FA08A7241D670B9108BB8
                Function 0042CC03 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 15 42cc03-42cc47 call 4046e3 call 42db23 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,0041E734,?,?,00000000,?,0041E734,?,?,?), ref: 0042CC42
                Memory Dump Source
                • Source File: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: 84f08f4a2066c6d9ed02fbe2f8cb8e7e803df185f40cb42189c945346acc7129
                • Instruction ID: 9da0e5a159acf8ebbc4f67d848927f48e29f48abd992e1debcfc74d30967a2d3
                • Opcode Fuzzy Hash: 84f08f4a2066c6d9ed02fbe2f8cb8e7e803df185f40cb42189c945346acc7129
                • Instruction Fuzzy Hash: FCE06D762002087BC610EE5AEC45FEB37ACEFC5714F004419FA08A7242DA75B91087B8
                Function 0042CCA3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 30 42cca3-42ccdf call 4046e3 call 42db23 ExitProcess
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 4e8808e30961d7915e61193a2ade2d1b0d33f20890588d16b0477d568bc97693
                • Instruction ID: 5e92d34dfac606af6914a61a49fda8cfab44f77039f2e86b1d2894ec50ce31b5
                • Opcode Fuzzy Hash: 4e8808e30961d7915e61193a2ade2d1b0d33f20890588d16b0477d568bc97693
                • Instruction Fuzzy Hash: CFE086362402147BD520EA5ADC41FDB776CDFC5714F408419FA0867241CA75B91187F5
                Function 016C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 35 16c2c0a-16c2c0f 36 16c2c1f-16c2c26 LdrInitializeThunk 35->36 37 16c2c11-16c2c18 35->37
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 7cfa99988effda531332c167ca33779c9c804de7ca627b9c201c8aa051ec5fe4
                • Instruction ID: 42c604e27f749b39702212e158504c0160204bcf0f95156abd06dc5d8cebde30
                • Opcode Fuzzy Hash: 7cfa99988effda531332c167ca33779c9c804de7ca627b9c201c8aa051ec5fe4
                • Instruction Fuzzy Hash: 03B09B71D015D5C5DA51E7644E0C7177914B7D0701F19C065D6030751F4738C1D1E276

                Non-executed Functions

                Function 01702349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: 3b380eac890132512c6cf7d143558258b26fb7a92a592a7f19f0aeedd71f1c45
                • Instruction ID: 6be1d574e6c0014c6ac34dd10f59d3e252c720d8f80aab4487b5720685af95cd
                • Opcode Fuzzy Hash: 3b380eac890132512c6cf7d143558258b26fb7a92a592a7f19f0aeedd71f1c45
                • Instruction Fuzzy Hash: 80927B72604742EBE722CF28C884B6BF7E9BB84754F04481DFA95D7292D770E844CB96
                Function 016B8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • Critical section address, xrefs: 016F5425, 016F54BC, 016F5534
                • Invalid debug info address of this critical section, xrefs: 016F54B6
                • Thread identifier, xrefs: 016F553A
                • undeleted critical section in freed memory, xrefs: 016F542B
                • corrupted critical section, xrefs: 016F54C2
                • 8, xrefs: 016F52E3
                • Thread is in a state in which it cannot own a critical section, xrefs: 016F5543
                • double initialized or corrupted critical section, xrefs: 016F5508
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016F54E2
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016F540A, 016F5496, 016F5519
                • Critical section address., xrefs: 016F5502
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016F54CE
                • Critical section debug info address, xrefs: 016F541F, 016F552E
                • Address of the debug info found in the active list., xrefs: 016F54AE, 016F54FA
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: ce93997059720a2b16a0142473e0741c26ee43f02ea78ad89b32b4ed847cee01
                • Instruction ID: b1d3aee87dff11421222c5ec2c066047b468683994c00e67eb2516267a6a37a0
                • Opcode Fuzzy Hash: ce93997059720a2b16a0142473e0741c26ee43f02ea78ad89b32b4ed847cee01
                • Instruction Fuzzy Hash: DE8158B1A41358EBDB20CFA9CC45BAEBBB9FB48714F10415DE606B7241E375A941CBA0
                Function 016B29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                Download Yara Rule
                Strings
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016F24C0
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 016F261F
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016F25EB
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 016F2409
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016F22E4
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 016F2506
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 016F2602
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 016F2624
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 016F2498
                • @, xrefs: 016F259B
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 016F2412
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: 7e0c7f51b73b7f011093747859fcaa856621c14be0f59c9507a2b5b518a4f230
                • Instruction ID: f96d3067cdc62449ad3c1cf7551107819efb22f10ab72f2dcf6220eec0f587b6
                • Opcode Fuzzy Hash: 7e0c7f51b73b7f011093747859fcaa856621c14be0f59c9507a2b5b518a4f230
                • Instruction Fuzzy Hash: 36025CB1D042299BDB61DB54CC90BEAB7B8AB54704F0041EEE709A7241EB70AEC5CF59
                Function 01728B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                • API String ID: 0-2515994595
                • Opcode ID: c0486eb942efe213c8d4b52f5f87102aefb056fd632bfd0a4c58a1279a52de43
                • Instruction ID: 22364ae55a04d9e88152e2aaec59c208df2160949cdb8b18823f31ac8bf190a4
                • Opcode Fuzzy Hash: c0486eb942efe213c8d4b52f5f87102aefb056fd632bfd0a4c58a1279a52de43
                • Instruction Fuzzy Hash: 6551D0711043219BC325DF28CC84BABBBECEF98650F54496DE999C3241E771D68ACB93
                Function 01730274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 1d67a4b4e93a9742aeca0cd0f2284a7b7d1be15820d7faaf8896e4a6a0065287
                • Instruction ID: 1b4e1152d2817bc993cc74b5e854c2c718f2ba88ab659d6c312db3563d50ea24
                • Opcode Fuzzy Hash: 1d67a4b4e93a9742aeca0cd0f2284a7b7d1be15820d7faaf8896e4a6a0065287
                • Instruction Fuzzy Hash: 97D1CD31600686DFDB22DF68C844AAEFBF2FF9A710F18805DF4869B252C7759981CB54
                Function 017089B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                Download Yara Rule
                Strings
                • VerifierDebug, xrefs: 01708CA5
                • VerifierFlags, xrefs: 01708C50
                • HandleTraces, xrefs: 01708C8F
                • VerifierDlls, xrefs: 01708CBD
                • AVRF: -*- final list of providers -*- , xrefs: 01708B8F
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01708A3D
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01708A67
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: ded3314ba0033777d5886aa076a1300e13991e523b599a496e412ed4f7cc328a
                • Instruction ID: 71ceca0554539d160a76ef09d1a93be69d79975e0494a58245e3e9cbff205494
                • Opcode Fuzzy Hash: ded3314ba0033777d5886aa076a1300e13991e523b599a496e412ed4f7cc328a
                • Instruction Fuzzy Hash: 0D9115B2A45712EFD723EF28CC80B5BFBE9AB54624F05455CFA45AB281C7309D40CB96
                Function 0168EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                • API String ID: 0-1109411897
                • Opcode ID: 878517cc1ea3a508179ee7958b17ced50f0339e6a33aa5983edee96055c9fe37
                • Instruction ID: e2875f5384239bf12b472f2ae4f8ccbcb51d91525c3f25b22278b74757f74a20
                • Opcode Fuzzy Hash: 878517cc1ea3a508179ee7958b17ced50f0339e6a33aa5983edee96055c9fe37
                • Instruction Fuzzy Hash: D0A24A70A0662ACFDB64DF29CC987A9BBB5AF45304F1442E9D90DA7390DB319E85CF40
                Function 016B63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: 3953d1413f47eb54ac89293d22d7b2e4bc665160b743d67c5d0c58e7868708c4
                • Instruction ID: 7902cc60f17f43c75a51e6bd4d12082bab5adce15d727265716cb7d9a7bd07ec
                • Opcode Fuzzy Hash: 3953d1413f47eb54ac89293d22d7b2e4bc665160b743d67c5d0c58e7868708c4
                • Instruction Fuzzy Hash: 4C915970B017119BEB35DF58DC84BBABBA6BF40B24F04812CEA056B785DB789881C7D4
                Function 0167645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 016D99ED
                • apphelp.dll, xrefs: 01676496
                • LdrpInitShimEngine, xrefs: 016D99F4, 016D9A07, 016D9A30
                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 016D9A2A
                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 016D9A01
                • minkernel\ntdll\ldrinit.c, xrefs: 016D9A11, 016D9A3A
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: 11319377c9de75ffe94ea4e3412c51d7010e1457a07b9b9d0f1d623c7e6e33fa
                • Instruction ID: 21f41ca47473d31e2fa76de05d6b3b9f04e7545b036ff762bca20210d64822d1
                • Opcode Fuzzy Hash: 11319377c9de75ffe94ea4e3412c51d7010e1457a07b9b9d0f1d623c7e6e33fa
                • Instruction Fuzzy Hash: 9251AF716087019FE721DF24CC91AABB7E9FB84758F04491DF98A9B260DB30E944CB97
                Function 016B2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • SXS: %s() passed the empty activation context, xrefs: 016F2165
                • RtlGetAssemblyStorageRoot, xrefs: 016F2160, 016F219A, 016F21BA
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 016F2180
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016F21BF
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 016F2178
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 016F219F
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: cf8a8f649dc4d715eb060309519bed10349438180c1e94fe2a829f5197629ab7
                • Instruction ID: fa144fc28e168561cd41baa3aff1888ab59f931b12ac2cfcee855347fe88db93
                • Opcode Fuzzy Hash: cf8a8f649dc4d715eb060309519bed10349438180c1e94fe2a829f5197629ab7
                • Instruction Fuzzy Hash: 5C313736B40215B7E721CA99CCA5FAF7AA8EB65A40F05006DFB0567240D370EE41CBA4
                Function 016BC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • Loading import redirection DLL: '%wZ', xrefs: 016F8170
                • LdrpInitializeImportRedirection, xrefs: 016F8177, 016F81EB
                • LdrpInitializeProcess, xrefs: 016BC6C4
                • minkernel\ntdll\ldrinit.c, xrefs: 016BC6C3
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 016F81E5
                • minkernel\ntdll\ldrredirect.c, xrefs: 016F8181, 016F81F5
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: 4225439734e0cefb0faedad19b7019ad611751b7d34c1ceb839054632f13683b
                • Instruction ID: 24c3e42157ec2a741bfac45b7a763cbad3ca2b9e29ea3b0a67620548faa65129
                • Opcode Fuzzy Hash: 4225439734e0cefb0faedad19b7019ad611751b7d34c1ceb839054632f13683b
                • Instruction Fuzzy Hash: FA3115717443029BC320EF28DC85E2AB7D9EF91B20F04055CF945AB391E720ED04CBA6
                Function 016C096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 016C2DF0: LdrInitializeThunk.NTDLL ref: 016C2DFA
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016C0BA3
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016C0BB6
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016C0D60
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016C0D74
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                • String ID:
                • API String ID: 1404860816-0
                • Opcode ID: 087b6029591638676fc22bc796b0b9475a41b04f4282cdc553bdfc66df154bdf
                • Instruction ID: d88cb95c7d9b9efe408d375ede7035adfafcc5c3ad55c3060b6e5eec08a89a30
                • Opcode Fuzzy Hash: 087b6029591638676fc22bc796b0b9475a41b04f4282cdc553bdfc66df154bdf
                • Instruction Fuzzy Hash: 94424775900715DFDB21CF28CC80BAAB7F5FB08704F1445AEEA99AB241D770AA85CF60
                Function 0168A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: 3d1c6430b4bfbebce1da53134ede55d39f716463b8faf70af2a6682d52615c55
                • Instruction ID: b34e9ae80fa7fc78c45291c6e554686fca1e14269799b059b8b9c4936ca31dd8
                • Opcode Fuzzy Hash: 3d1c6430b4bfbebce1da53134ede55d39f716463b8faf70af2a6682d52615c55
                • Instruction Fuzzy Hash: 05C18B71109382CFDB11EF98C844B6AB7E5BF84704F048A6EF9958B351E734C94ACB66
                Function 016B8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • @, xrefs: 016B8591
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 016B855E
                • LdrpInitializeProcess, xrefs: 016B8422
                • minkernel\ntdll\ldrinit.c, xrefs: 016B8421
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: 8014105bb00dc728d6099ce69522f219177b9f002b0b120c99bc68a8eace107d
                • Instruction ID: c6acc1aa556bfd1bb9a1d0976baf6bcc44dae27ea5700c5d95e7fac50055d32d
                • Opcode Fuzzy Hash: 8014105bb00dc728d6099ce69522f219177b9f002b0b120c99bc68a8eace107d
                • Instruction Fuzzy Hash: D391A972508341AFD721EF25CC90FABBAEDFF84644F40092EFA8593151E734D9848B66
                Function 016B273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • SXS: %s() passed the empty activation context, xrefs: 016F21DE
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016F22B6
                • .Local, xrefs: 016B28D8
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016F21D9, 016F22B1
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: 1a399ecd48875d4b15c92070f287d5a64208289ef6a0be7ccba8a6585dc67292
                • Instruction ID: 97acf938ffdfba8d0a943e6b4e4b6f549400d7ea3a5b33df1b18369ef407d88a
                • Opcode Fuzzy Hash: 1a399ecd48875d4b15c92070f287d5a64208289ef6a0be7ccba8a6585dc67292
                • Instruction Fuzzy Hash: C0A1A93590022A9BDB20DF69CC98BA9B3B5BF58354F1441EED908AB351D730AEC1CF84
                Function 016B4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                Download Yara Rule
                Strings
                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 016F342A
                • RtlDeactivateActivationContext, xrefs: 016F3425, 016F3432, 016F3451
                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 016F3456
                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 016F3437
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                • API String ID: 0-1245972979
                • Opcode ID: 1b09e35115b4f6b532f903fd0fd7a8cbff343d788b24c63a401e04fe39623005
                • Instruction ID: 8d1bf9a50da268b749e0862263df7aa7708388f123847f8e92cd039ca2fa2afd
                • Opcode Fuzzy Hash: 1b09e35115b4f6b532f903fd0fd7a8cbff343d788b24c63a401e04fe39623005
                • Instruction Fuzzy Hash: B2613432641B129BD722CF1DCC82B6AB7E5FF90B50F14851DEA569B382CB30E841CB95
                Function 016864AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 016E0FE5
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 016E1028
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016E10AE
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 016E106B
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: 236d84ad07735820c39269296edbf84d27fa099a87265f647264e5126f3fa1ee
                • Instruction ID: 03ee5d46da607db16b122e2c611f1747e96ae5f93e49f772d4f1fab9b7277c3b
                • Opcode Fuzzy Hash: 236d84ad07735820c39269296edbf84d27fa099a87265f647264e5126f3fa1ee
                • Instruction Fuzzy Hash: 6B71AFB19043059FCB21EF18CC88B9B7BA9EF94764F40066CF9498B246D774D589CBE2
                Function 016A245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • apphelp.dll, xrefs: 016A2462
                • LdrpDynamicShimModule, xrefs: 016EA998
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 016EA992
                • minkernel\ntdll\ldrinit.c, xrefs: 016EA9A2
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: 847b82290d66bfb431a37db0c802f65d09607b2cdcd8a8909e404f6d4ea46463
                • Instruction ID: eb3d184bd75968ff41330e57bbd80e1a26b7ddd26eb8690b2b9b6fd4b881d88d
                • Opcode Fuzzy Hash: 847b82290d66bfb431a37db0c802f65d09607b2cdcd8a8909e404f6d4ea46463
                • Instruction Fuzzy Hash: 62315971641301EBEB319F9DDC89AAAB7F5FB84720F16811DF9016B349C7705882CB80
                Function 016929A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                Download Yara Rule
                Strings
                • HEAP: , xrefs: 01693264
                • HEAP[%wZ]: , xrefs: 01693255
                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0169327D
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                • API String ID: 0-617086771
                • Opcode ID: d472dbad9f7893b5fc1e80b41494682c5abbd6ab46550e497f929ad8f0dfd3f5
                • Instruction ID: 13e3dcd233ac8b60211cd19f4ddf30dbfcb5789e3646a893fc237020b9534638
                • Opcode Fuzzy Hash: d472dbad9f7893b5fc1e80b41494682c5abbd6ab46550e497f929ad8f0dfd3f5
                • Instruction Fuzzy Hash: 7892AA71A042499FDF25CFA8C8547AEBBF5FF08314F18809DE85AAB352D334A946CB50
                Function 01690770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 04714f0ea627cf782d7394b1d59a0b27c1eba35bf9ba3398717b7db6f38e0f5a
                • Instruction ID: 33264cba01790d9993ea7c0730269caa1b4bc1a4065dc08342e721a76ef36824
                • Opcode Fuzzy Hash: 04714f0ea627cf782d7394b1d59a0b27c1eba35bf9ba3398717b7db6f38e0f5a
                • Instruction Fuzzy Hash: BBF19B34A01606DFEB25CF68CC98B6AB7F9FF45304F148269E5169B385D734E981CB90
                Function 016A6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: $@
                • API String ID: 0-1077428164
                • Opcode ID: 9751ff29ff10faa348907c7f1ca2c33b4ad55d60f4e3fe58a9b5b0ddf7e3627d
                • Instruction ID: 9bd334a57fe01ed0106a591124a1be321642db5f6228dc8c9f8c5afaab0555ef
                • Opcode Fuzzy Hash: 9751ff29ff10faa348907c7f1ca2c33b4ad55d60f4e3fe58a9b5b0ddf7e3627d
                • Instruction Fuzzy Hash: 60C27B71A093419FEB25CF28CC81BABBBE5AF88714F44892DE98987341D735D805CF92
                Function 0167A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 6850e6a02e0d61afd532a5668fa3111ea0228ff6eb846a6ed5148e04821542aa
                • Instruction ID: 04af81be00f73bf307e1ffa47d46ebbd668b9c5438b8e449af2dab9b1b3369fc
                • Opcode Fuzzy Hash: 6850e6a02e0d61afd532a5668fa3111ea0228ff6eb846a6ed5148e04821542aa
                • Instruction Fuzzy Hash: F9A18A71D116299BDB31DF68CC88BAAB7B8EF44710F0541EEE908A7250DB359E84CF54
                Function 016A0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                Download Yara Rule
                Strings
                • LdrpCheckModule, xrefs: 016EA117
                • Failed to allocated memory for shimmed module list, xrefs: 016EA10F
                • minkernel\ntdll\ldrinit.c, xrefs: 016EA121
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                • API String ID: 0-161242083
                • Opcode ID: 2be1046076be841ffca0262abf6836ca57080066711143524adf6d0ed5f8c826
                • Instruction ID: 484e40493f1349f62008d3ffe7c4cc8a0420f3758be3ba7ca77465529a952c73
                • Opcode Fuzzy Hash: 2be1046076be841ffca0262abf6836ca57080066711143524adf6d0ed5f8c826
                • Instruction Fuzzy Hash: D371DE71A00205DFDB25EFA8CD84ABEB7F5FB84614F54816DE802AB355E734AD82CB50
                Function 01690A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-1334570610
                • Opcode ID: 718ed762517512c8b2f19c67daf8ceb087fbe30982782854a00e219fccaac7ee
                • Instruction ID: 5dd0dbe999b447207b3d33fa21ae1215b273a4095f8e3808c1bc9a8e6f82f6b4
                • Opcode Fuzzy Hash: 718ed762517512c8b2f19c67daf8ceb087fbe30982782854a00e219fccaac7ee
                • Instruction Fuzzy Hash: 1761AF746003019FDB29CF28C844B6ABBE9FF45708F14855DE85A8B396D775E881CB91
                Function 016BC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                Download Yara Rule
                Strings
                • LdrpInitializePerUserWindowsDirectory, xrefs: 016F82DE
                • minkernel\ntdll\ldrinit.c, xrefs: 016F82E8
                • Failed to reallocate the system dirs string !, xrefs: 016F82D7
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: c216aaaaf766c286379b160220fa46457dc451fc40ece784269664f69104dc9c
                • Instruction ID: adf28aaa200e0535f4d68a916ee93901ab11a397292f406c9e123191e8b88c4e
                • Opcode Fuzzy Hash: c216aaaaf766c286379b160220fa46457dc451fc40ece784269664f69104dc9c
                • Instruction Fuzzy Hash: 6441E371545301ABD721EB68DC84FAB77E8EF54760F00892EBA49D3264E770D940CB95
                Function 0173C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • @, xrefs: 0173C1F1
                • PreferredUILanguages, xrefs: 0173C212
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0173C1C5
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: 943f8d0c1490d94209d14b4c9848b081eb9518a4e10c2d26bfc8a7796f5806b7
                • Instruction ID: 9fa9706453a904cd229d91cb3be8cdef55c2d038593775752693907ec293c5f7
                • Opcode Fuzzy Hash: 943f8d0c1490d94209d14b4c9848b081eb9518a4e10c2d26bfc8a7796f5806b7
                • Instruction Fuzzy Hash: 5D417272A04219EBDF12DAD8CC51BEEFBB9AB58700F04406BEA09B7241D7749A448B94
                Function 01714144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: 23e2d383da8526cb63e097ba7f743284e9428819b05ced9244f888a62126f998
                • Instruction ID: f10e8fb828d3496fbccb9c03914e780493b2cdc173d953d04daa87f6dcbdcc4b
                • Opcode Fuzzy Hash: 23e2d383da8526cb63e097ba7f743284e9428819b05ced9244f888a62126f998
                • Instruction Fuzzy Hash: CB41EE32A042588BEB229BACCC44BADFBB9FF55340F24045ED902EB785D7348942CB51
                Function 01704755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01704888
                • LdrpCheckRedirection, xrefs: 0170488F
                • minkernel\ntdll\ldrredirect.c, xrefs: 01704899
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: 0e76aa672ba2fdb3e43404f3128c703be8d551104a2c633b313e4fe7d2b91213
                • Instruction ID: d7cadbaea001b9797f2daefbecb8ad52cf3e7616da4ca5da21fa8e51f5c6a3f5
                • Opcode Fuzzy Hash: 0e76aa672ba2fdb3e43404f3128c703be8d551104a2c633b313e4fe7d2b91213
                • Instruction Fuzzy Hash: 2241C132A44751DFDB23CE68D840A26FBE5EF89660F0509ADEF4A972D5D730D900CB91
                Function 01690BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: 4540d7315f08e0e5be8b4ea01d5774cb313a3b6fc053fafd702d84f54ef4169c
                • Instruction ID: f1dc988d0ca2f8bf7ea64ebe1c64821762e6bfd8420c384260860690361e6430
                • Opcode Fuzzy Hash: 4540d7315f08e0e5be8b4ea01d5774cb313a3b6fc053fafd702d84f54ef4169c
                • Instruction Fuzzy Hash: AE11CD35316102DFDB29DA18CC48B7AB3ADAF40719F18821EF407CB255DB30D841C755
                Function 017020DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • LdrpInitializationFailure, xrefs: 017020FA
                • Process initialization failed with status 0x%08lx, xrefs: 017020F3
                • minkernel\ntdll\ldrinit.c, xrefs: 01702104
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: 219f679abca164e9e245491d7a6c401adf2a17297952c0c667456d9fffe6fdfc
                • Instruction ID: 63dc1fec1fdb530ed3688d611afb99ae64caf6e0c8078d311ce5495626416bea
                • Opcode Fuzzy Hash: 219f679abca164e9e245491d7a6c401adf2a17297952c0c667456d9fffe6fdfc
                • Instruction Fuzzy Hash: 30F02835640308FFE724E74CCC56FA5BBADEB80B64F11001CFA00772C5D2B0A500CA81
                Function 016903E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: f316efe2fa5a5f4e99c782913970f3100fca70b2ecf71479fb52292cbf0b6c03
                • Instruction ID: 32d8e01f503b7ebe524b6405ebe19a3892bdce4a660234a782452b0593c99356
                • Opcode Fuzzy Hash: f316efe2fa5a5f4e99c782913970f3100fca70b2ecf71479fb52292cbf0b6c03
                • Instruction Fuzzy Hash: E8713672A0124A9FDB01DFA8CD94BAEB7F9FF08744F144169E905E7351EB34A901CBA4
                Function 0168A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Enter, xrefs: 0168AA13
                • LdrResSearchResource Exit, xrefs: 0168AA25
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: f2993cd249e0bf4c37f51a911ed490311e11164ba857693d372ec91da253e132
                • Instruction ID: f5256597f6e404f3e05d2ee04d90628c44d652e0f70e5f4dff60febf8120872c
                • Opcode Fuzzy Hash: f2993cd249e0bf4c37f51a911ed490311e11164ba857693d372ec91da253e132
                • Instruction Fuzzy Hash: 1EE17C71A01219ABEB229EDDCD94BAEBBBABF04310F10462AED01E7351E774D941CB50
                Function 0174A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: c2d8ccb8d4c23196497b7cea555d6852d2fa488ada25b144a376acc3049075ff
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: 36C1DE312443429BEB25CF28C844B6BFBE6AFD4718F184A2DF696CB291D774D505CB82
                Function 016FE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: 0f547818f2ec53982f54df9a8edc22362cbead35a5289340337b73cc74f07db6
                • Instruction ID: dd0274bd13153836fea66d386d826bb86d5044a05cb3655f1b4a2aa7d3847c67
                • Opcode Fuzzy Hash: 0f547818f2ec53982f54df9a8edc22362cbead35a5289340337b73cc74f07db6
                • Instruction Fuzzy Hash: 59615B71E006199FDB24DFA8CC50BAEBBB9FB44700F16406EE659EB261D732A901CB54
                Function 017243D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: b6916a31ff37b487a9416cf083629ed9133a0e6c383356ade6987d8803e4fca9
                • Instruction ID: 6f23b1c6e2e98b3445d67742ccc26d6512eec826bce03bff1f96f67f15e6beef
                • Opcode Fuzzy Hash: b6916a31ff37b487a9416cf083629ed9133a0e6c383356ade6987d8803e4fca9
                • Instruction Fuzzy Hash: C85108B1D0062DAFDB11DFA9CC90AEEBBB9EB44754F10052DEA11A7290D6309A46CB64
                Function 016804E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                Download Yara Rule
                Strings
                • kLsE, xrefs: 01680540
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0168063D
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                • API String ID: 0-2547482624
                • Opcode ID: b8cefcd74a5993f7297aa1122860ac12d18e355c47ed6597bf4042a648f9d588
                • Instruction ID: a0940857fe15384391ae60843c85378047d554400f56982b5f2127c40c63133f
                • Opcode Fuzzy Hash: b8cefcd74a5993f7297aa1122860ac12d18e355c47ed6597bf4042a648f9d588
                • Instruction Fuzzy Hash: 7B51BF715007428FD724FF28C9406A3BBE4AF85304F148E3EFA9A87341E7709589CBA2
                Function 0168A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Enter, xrefs: 0168A2FB
                • RtlpResUltimateFallbackInfo Exit, xrefs: 0168A309
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: d40eeabcd95362425a3140d6f774d0e4645befd1384c63d1304aaf42f1701b20
                • Instruction ID: 64467a14e207f94084c9a4c2b60756a2225fa55914ea020f9079fb5eaa71e9c3
                • Opcode Fuzzy Hash: d40eeabcd95362425a3140d6f774d0e4645befd1384c63d1304aaf42f1701b20
                • Instruction Fuzzy Hash: 64419B31A01649CBDF219FA9CC54B6A7BFABF84304F1442AAED00EB391E375D901CB40
                Function 016BA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: f150f96f47fe86929f1769c6cc04c9925e25f860d073f711e9772659c96251d7
                • Instruction ID: 1e4d8b8d034143e7145971e8a56450bb986768e6f994ad30c898fd0fda2afd83
                • Opcode Fuzzy Hash: f150f96f47fe86929f1769c6cc04c9925e25f860d073f711e9772659c96251d7
                • Instruction Fuzzy Hash: C401D1B2240740AFE311DF54CD89B667BE8E794B25F00893DB649C7190E734E944CB4A
                Function 0168C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 24e9236648c2c9c07c97b710c32d9d561a88a2ae4ae6b77a6458aaf032130c8e
                • Instruction ID: 5d453c02fdb7414475701580eadec1bfec8efdd3e96529e0f034059ae8f3659d
                • Opcode Fuzzy Hash: 24e9236648c2c9c07c97b710c32d9d561a88a2ae4ae6b77a6458aaf032130c8e
                • Instruction Fuzzy Hash: EF824D75E002198BEB25EFADCC80BEDBBB1FF48310F148269D959AB391D7709941CB64
                Function 01706420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 5d7974f9349e4399b8ecec382f1f372b48efbffcbf013de582725b36d415b4f5
                • Instruction ID: 0eee2abefa64f5a8ae3227204b38fe2cd135c47d043010805b07a24d9417088f
                • Opcode Fuzzy Hash: 5d7974f9349e4399b8ecec382f1f372b48efbffcbf013de582725b36d415b4f5
                • Instruction Fuzzy Hash: AB917171900219EFEB22DB95CC95FAEBBF9EF14B50F500069F600AB290D675ED10CBA4
                Function 0172E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 23e05afcae044e62a29ebca4312114e67fec00cc383b002431df2e674bdb057a
                • Instruction ID: 855e9cba620fa2aa13322df2a27df2f0bf6b9015eefc6db16545969afe341464
                • Opcode Fuzzy Hash: 23e05afcae044e62a29ebca4312114e67fec00cc383b002431df2e674bdb057a
                • Instruction Fuzzy Hash: 6391AC32900659ABDF22EBA4DC94FEFFBBAEF45750F100029F505A7251EB749902CB94
                Function 016BA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: f0c520fb11b5e85e03a3b89aab1cc24efabd3312002ce67a4b94b2c7e65b94d8
                • Instruction ID: a7d1aacb3794e17cb9c9af5547baf4da153074f8efd81fc64130342fceef72a4
                • Opcode Fuzzy Hash: f0c520fb11b5e85e03a3b89aab1cc24efabd3312002ce67a4b94b2c7e65b94d8
                • Instruction Fuzzy Hash: 9E716EB5E0021A9FDF28CF9CD9916EDBBB2BF48710F14812EE606A7345E7319941CB64
                Function 01724978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: .mui
                • API String ID: 0-1199573805
                • Opcode ID: aef7a9867670601988e733e30855e4c5c16b3f9ffd27878bd619766566c3c2e8
                • Instruction ID: 3bfabc6e3936e27d2b815e541fa9af80459c4f71cd2a6d5a3653a35efec9f472
                • Opcode Fuzzy Hash: aef7a9867670601988e733e30855e4c5c16b3f9ffd27878bd619766566c3c2e8
                • Instruction Fuzzy Hash: A951A372D0023A9BDF10DF99D840AAEFBB5AF08B10F05416DE916BB200D3349D02CBE4
                Function 0169E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: fb3e3602a721c33fb81e6636e1e3c79e5465ee6e53618a0bc8fe952740755fee
                • Instruction ID: 35f3a14237148eea644d981e2f3bba39cce50cb23c779828dc785e9f7809ea1d
                • Opcode Fuzzy Hash: fb3e3602a721c33fb81e6636e1e3c79e5465ee6e53618a0bc8fe952740755fee
                • Instruction Fuzzy Hash: 59419E72508312ABDB10DA798C80B7FBBEDAF88614F440A2DF985DB240E775D904C797
                Function 016FC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 4213ab8b1b0f19d79773e332f1fba1a24df33dbf3ad741e0147938f5e5e151ba
                • Instruction ID: a0937670eafd850fc82ce22a47d7d62e1210008ec36d28a4ec3415fd357d6185
                • Opcode Fuzzy Hash: 4213ab8b1b0f19d79773e332f1fba1a24df33dbf3ad741e0147938f5e5e151ba
                • Instruction Fuzzy Hash: 0F4143B1D0052DAADB21DA54CC84FEEB77DAB45724F0145EDEB18AB140DB309E888B98
                Function 01716B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: 84873c602c8acc026ec0e2523f9f38ba808a3e6821c22a307fef2f828a14511c
                • Instruction ID: 430af664f9b81fc03ef2aabe7e5e170300a2e6f45030c1e0dc8733a720eed50d
                • Opcode Fuzzy Hash: 84873c602c8acc026ec0e2523f9f38ba808a3e6821c22a307fef2f828a14511c
                • Instruction Fuzzy Hash: 7B311231A007099BEB22DF6DCC50BAEBBB9EF14704F14406CF941AB286CBB5E805CB54
                Function 016FCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: dcbfa39299d99cea16dcf4c3a447875c662870b43330936006cfd51f865288d9
                • Instruction ID: 713de01a844610af49886c249a9e6d1dae1a13d163fe23c38ad45a07779c65b3
                • Opcode Fuzzy Hash: dcbfa39299d99cea16dcf4c3a447875c662870b43330936006cfd51f865288d9
                • Instruction Fuzzy Hash: C531DF3A90051EAFEB16DB59CC55EABBB78EB80720F01416DEA05A7250D730AE04DBE0
                Function 0170892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0170895E
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: e08abc4bdee4c9a7774410a4e39386d181f03ad392fd1bb024b2c6bbbc178025
                • Instruction ID: 3ea98e5090fdf294a60526650e370210ce610a44ecb9948401f9926539ada426
                • Opcode Fuzzy Hash: e08abc4bdee4c9a7774410a4e39386d181f03ad392fd1bb024b2c6bbbc178025
                • Instruction Fuzzy Hash: 9401F2B2724301DBEB267B599C84A5AFBE5EF85264F05012CF6811A192CF20AC40C797
                Function 01722000 Relevance: .8, Instructions: 757COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 201378603c025a9b60c62db281656ff1bf3e32d888f96b6ff9848b0a0eae116a
                • Instruction ID: bf965c11b2041bdf7fa87a7211c4f716356765e1e8443dbca5b0c5422e687f9c
                • Opcode Fuzzy Hash: 201378603c025a9b60c62db281656ff1bf3e32d888f96b6ff9848b0a0eae116a
                • Instruction Fuzzy Hash: A542D2326083519FE725CF68C890A6BFBE5FF88300F58492DFA8297252D771D946CB52
                Function 01718158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7162c981189c87a298fd56e82796c57fcf8c16cd29cc44d1ee528cc9aa52213
                • Instruction ID: faea15a0286b8511159d111211bb5cc0febcf189c065e8a3eb1bcd296bf727bf
                • Opcode Fuzzy Hash: e7162c981189c87a298fd56e82796c57fcf8c16cd29cc44d1ee528cc9aa52213
                • Instruction Fuzzy Hash: 13426C75E002198FEB25CF69C881BADFBF6BF48300F188199E949EB246D7349981CF51
                Function 01692840 Relevance: .6, Instructions: 605COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 194c95dc43bb04406f8d1d1e2c12c21d2379710424ca629377ad853f5e6aaaec
                • Instruction ID: 7e423949cc0d32d3b6e89e36e0453c565111402b17ec3e232f0b733370011334
                • Opcode Fuzzy Hash: 194c95dc43bb04406f8d1d1e2c12c21d2379710424ca629377ad853f5e6aaaec
                • Instruction Fuzzy Hash: 6432DC70A017559BEB24CF69CC587BEBBF6BFA4304F24821DD4869B385D735A842CB50
                Function 0172A118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d794c4db8577d788fcb1ab4ae8676c3a4cd14a4c9baf942f3a05f92c9879ec5b
                • Instruction ID: 9c3623ca19e3430180cd664eabe1a9a70320f364fb575953ddff5b8470b2e870
                • Opcode Fuzzy Hash: d794c4db8577d788fcb1ab4ae8676c3a4cd14a4c9baf942f3a05f92c9879ec5b
                • Instruction Fuzzy Hash: 0522BD706046718BEB25CF2DC094772FBF1AF45300F18849AEA868FA86E735E553DB64
                Function 01686A50 Relevance: .5, Instructions: 548COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8fe14f6ebffae65a58b5c8fba541e2c27fa46c02abfe05fd890c57f6739bc262
                • Instruction ID: 770b2b7743f9caa48ff221be9b8fe436c42f83d4a8e704983025be9cc1295c69
                • Opcode Fuzzy Hash: 8fe14f6ebffae65a58b5c8fba541e2c27fa46c02abfe05fd890c57f6739bc262
                • Instruction Fuzzy Hash: 8D32A071A05205CFDB25DF68C884BAEBBF1FF48314F148669E956AB391D734E841CB50
                Function 016A4A35 Relevance: .4, Instructions: 423COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction ID: a5acfed0a46eb76c2e0615f560057cc0b1f31d63778f50328448c9eada3c5f53
                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction Fuzzy Hash: F3F17F71E0121A9BDB15DF99CD84BAEBBF5AF44310F498169E905AB340EB74EC42CF50
                Function 0171892B Relevance: .4, Instructions: 386COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 07b23fb8ea2f9bfedac49025eeb79b03effabce1b3b1b5953149e2cac08d9fad
                • Instruction ID: f75310b2cd7362a8119eaadf8c39ef76a93bec8e9cd644467d168d50644aae75
                • Opcode Fuzzy Hash: 07b23fb8ea2f9bfedac49025eeb79b03effabce1b3b1b5953149e2cac08d9fad
                • Instruction Fuzzy Hash: A0D1E172E0060A8BDF15CF6CC841AFEF7F6BF88304F1881AAD955A7245D735EA058B61
                Function 016865D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee9df429e9d4f3c1ca86caa7c7a9c906e1ad19b03d599fc895d55f2a7b9da696
                • Instruction ID: fc590ba19f538b5972a660844080ddbbd0ab68cc5ee6b5ecdd05a89d9e18b8e8
                • Opcode Fuzzy Hash: ee9df429e9d4f3c1ca86caa7c7a9c906e1ad19b03d599fc895d55f2a7b9da696
                • Instruction Fuzzy Hash: 33E1C271509342CFC715EF28C890A6ABBE1FF89308F058A6DF59987351EB31E945CB92
                Function 01678397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b3993da260105dd6ab1670eca49f04b50d0cbff386c73667b6d94338130ffb8
                • Instruction ID: cb35749f79d8c6fde73ccf717da3f59f7bb8cf8ee635a05e7ee57f14faf8a04f
                • Opcode Fuzzy Hash: 4b3993da260105dd6ab1670eca49f04b50d0cbff386c73667b6d94338130ffb8
                • Instruction Fuzzy Hash: 20D1F171A002169BDB14DF28CC84EBEB7AAFF54304F05862DEA16DB284EB30ED51CB50
                Function 01708243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: 01434741cfa0d3d26364d850823702b2d6029b562c8e9a9141c7c990b932c3a9
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: A2B17D75E00705EFDB26DF98C940AABFBFAAF84304F10446DAA029B7D5DA34E905CB11
                Function 01690535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: 9a757c183ae43d078c27c9befe8af13e1a91377da0b33a7c5223ef966751aa1d
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: E9B1F631601646AFDF25DB68CD54BBEBBFEAF84204F244259E652DB381DB30D942CB90
                Function 016883C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b9ddcde1f051be3de3f43b47e2a45288296e32b65f5691c70845a99c012221b
                • Instruction ID: e4913cc07c94cbba3e05b63c087ee1a75982a237a562238fc0d633d408408da6
                • Opcode Fuzzy Hash: 5b9ddcde1f051be3de3f43b47e2a45288296e32b65f5691c70845a99c012221b
                • Instruction Fuzzy Hash: E6C15875208341CFD764DF18C884BAAB7E9BF88704F444A2DE98987391D774E909CFA2
                Function 0167C427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee16835c79877ef7e0ca64cd8e72d4ade692af215ddc334973bd95d3510acafb
                • Instruction ID: 4031c113fcbfcf6972f76cfefaa870915f9d9480ebb5c2214b8622095f7142de
                • Opcode Fuzzy Hash: ee16835c79877ef7e0ca64cd8e72d4ade692af215ddc334973bd95d3510acafb
                • Instruction Fuzzy Hash: BFB16170A002668BEB24DF68CC90BA9B7B6EF44704F1485E9D50AE7341EB71DD86CF24
                Function 016AE5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c65ac97e8fa8a7741957a540a6def4d1e0c55e76208b66efdb16aef3cca8278
                • Instruction ID: 126cbfbebccdfc33ddc98c08b098de43e87c41eb6cdbba3fffc7af1211eac06c
                • Opcode Fuzzy Hash: 2c65ac97e8fa8a7741957a540a6def4d1e0c55e76208b66efdb16aef3cca8278
                • Instruction Fuzzy Hash: 7CA11531E016259FEB21DB6CCC48BAEBBF5EB04B14F1502A9EA00AB3D1D7749D41CB91
                Function 016C0185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 642af12dfd179ca5ceab33830eb169967705f3ba542fd2cacc168187aff01548
                • Instruction ID: 6d7fa08407b5b224b2960923a32088e43aec8a07c9cb465363fecf4c44f15ffa
                • Opcode Fuzzy Hash: 642af12dfd179ca5ceab33830eb169967705f3ba542fd2cacc168187aff01548
                • Instruction Fuzzy Hash: A8A19074A01626DBEB25DF69CD90BBAB7A5FF54718F00802DFA0597381DB34E812CB90
                Function 01754500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5311196260526767c2a5efd725d5b5ae21be581c6b3df0d87882a82122d4a4dd
                • Instruction ID: 7b9af9aa9525de33f1feb1c87215f8daa2012496eac7b77e6002c9783f970aa9
                • Opcode Fuzzy Hash: 5311196260526767c2a5efd725d5b5ae21be581c6b3df0d87882a82122d4a4dd
                • Instruction Fuzzy Hash: B1A1EE72604602EFDB51DF28C980B6ABBE9FF48714F04492CF94ADB611E370E980CB95
                Function 01752B57 Relevance: .3, Instructions: 266COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction ID: c65473de691d48f361d676ef8d132d283dec0c728fa8365057d715452f01d37e
                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction Fuzzy Hash: FEB15771E0061ADFDF69CFA9C880AADFBB5FF48310F14816AE914A7352D770A941CB94
                Function 017060E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 21043f9849d7dc798cb347615df5b92fe93da862c9272e82f5e5fe57d72d8b9f
                • Instruction ID: 90136ceefe625408ea280af409e561ae2104ce53240091bf05f9ccf7a1968bc3
                • Opcode Fuzzy Hash: 21043f9849d7dc798cb347615df5b92fe93da862c9272e82f5e5fe57d72d8b9f
                • Instruction Fuzzy Hash: 8F91A071D00216EFDB16CF68D8A4BAEFBF6AF48710F154169F610AB281D734D9109BA4
                Function 0169E3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e316fc26367ecc7170c810a5be79cb5190a8142db23f0a65c86a0ac0f8cc5f0f
                • Instruction ID: d98a55e6d8a48be1cf325eb1071c3dfb7818f80a561ac26577fad014e7250e1d
                • Opcode Fuzzy Hash: e316fc26367ecc7170c810a5be79cb5190a8142db23f0a65c86a0ac0f8cc5f0f
                • Instruction Fuzzy Hash: F6911431A016169BEF24DB68CC44BBABBAAEF94B18F054169E9059B390E736D802C751
                Function 016D6ACC Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e25d0034af44397edaacc4a07eabd012deac35565a23b661fc21df045577d9d
                • Instruction ID: b654d1b454e90e6050c0a4a2dbd4b8d04719c4667e117e62d88514a4705667ae
                • Opcode Fuzzy Hash: 1e25d0034af44397edaacc4a07eabd012deac35565a23b661fc21df045577d9d
                • Instruction Fuzzy Hash: 0E818171E006169BDB24CFA9DD50ABEBBF9FB48700F04852EE845E7640E734D951CBA4
                Function 0174AB40 Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction ID: d670ae2c3058f0b96501f019ced44f4bf7cc1ffb42929abe6add5fee371e8097
                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction Fuzzy Hash: F4818171A4020A9FDF19CF98C890AAEFBB6FF88310F18856DD9169B345D734E941CB54
                Function 016BE284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 756830fe7721f6a80ddd29148eff58e5a5e76bd0d05d39ccf3e71c15571b396e
                • Instruction ID: d9cd0363129a195bfffc9cc73ccc9b476e2d8a5f7da03161a7b6df56924fdd80
                • Opcode Fuzzy Hash: 756830fe7721f6a80ddd29148eff58e5a5e76bd0d05d39ccf3e71c15571b396e
                • Instruction Fuzzy Hash: 85812D71A01609AFDB25CFA9C880BEEBBBAFF48354F14842DE555A7350DB31AC45CB60
                Function 0169C640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97376da482c6455151c6524b34bac8dd13e12ed8fa2eb71a246558809cec3cd4
                • Instruction ID: 8625765f03de55734fd58579d6ef962f8ef44433d1945416b47cd572e69ea926
                • Opcode Fuzzy Hash: 97376da482c6455151c6524b34bac8dd13e12ed8fa2eb71a246558809cec3cd4
                • Instruction Fuzzy Hash: 2971BD75D01669DBDB258F58DC907BEBBF9FF48710F14821AE942AB350E7319801CBA0
                Function 01718D6B Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da2e6aa1aa1ac1ebd3ecf26c4e7cdeb9e19887bc1b4b00b441f91f1a293a2ee1
                • Instruction ID: a0a1a542dfa97020c657c2bf293c61819ff2ab99142d0e516f8d78481a43ae2e
                • Opcode Fuzzy Hash: da2e6aa1aa1ac1ebd3ecf26c4e7cdeb9e19887bc1b4b00b441f91f1a293a2ee1
                • Instruction Fuzzy Hash: D571C1709042569FCB15CF5DC840AFAFBF6EF49300F048099E994DB206E335DA45CBA1
                Function 017347A0 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcc5cd15f63610fb428033ec175fd07dff9f11a873fe1eed5d4339dfa145715e
                • Instruction ID: 2b4ff8be2548d1dd12586a5de31f5937e90acd3f3d5464592acd4450490055e3
                • Opcode Fuzzy Hash: bcc5cd15f63610fb428033ec175fd07dff9f11a873fe1eed5d4339dfa145715e
                • Instruction Fuzzy Hash: 1F719FB0900605EFEB24CF59C944A9AFBF9EBD1710F1081AEE605AB25AC7319A85CB54
                Function 0170035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: 4155add3f8310521af3ebbf60721f456191b9bcdd8a48fd5f9b9e7a06197c33c
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: 7E715971A0060AEFDB11DFA9C984EAEBBF9FF48754F104569E505A7290DB30EA01CB94
                Function 017162A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 47f775675c48a14f0e5fdf6f31293f1e7889dc0f01836d74317d7676a0d8d724
                • Instruction ID: 826ccfb893011452360150727f0f84085516e43d3038ee3de10bdb9c86772632
                • Opcode Fuzzy Hash: 47f775675c48a14f0e5fdf6f31293f1e7889dc0f01836d74317d7676a0d8d724
                • Instruction Fuzzy Hash: 5371E032240A01AFEB229F1CC854F66FBA6EF44720F15481CFA56972A4DBB5EA44CB50
                Function 01688AA0 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 13e0da8dff43f3c65d1e99462339a46aafc4ef580345d7c0d76652985befbe7b
                • Instruction ID: a442a922a4a0498256f5442e4b96341b7c4ba34ec4b844546ee1a35787e62773
                • Opcode Fuzzy Hash: 13e0da8dff43f3c65d1e99462339a46aafc4ef580345d7c0d76652985befbe7b
                • Instruction Fuzzy Hash: F681A072A053058FDB24DF98D898B6DB7FABB88320F59822DD901AB381C7749D41CB94
                Function 0173A250 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b1892ce205d7b5710d23a7d95b5146d869804fd4573bc35c92f1fc440be0189
                • Instruction ID: 5296a0eb88cd68d6ff2b19cc3e59b464b696d252c2d45700df5b57384d8fb2cd
                • Opcode Fuzzy Hash: 9b1892ce205d7b5710d23a7d95b5146d869804fd4573bc35c92f1fc440be0189
                • Instruction Fuzzy Hash: AB51BE72504716AFD722DB68C845E6BFBE9EBC5B50F00092DBA80DB151E770ED04C7A2
                Function 01728350 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58ceccb44fdccdd95681bfcdfc936582ef37ccdead334c20666dc7956aace13
                • Instruction ID: 9c991f3a37d07b50254a4f3ec91578d0a0dce0912d64d7bfef1025951674bea8
                • Opcode Fuzzy Hash: c58ceccb44fdccdd95681bfcdfc936582ef37ccdead334c20666dc7956aace13
                • Instruction Fuzzy Hash: B951EF70900715DFD720CF6AC884AABFBF8FF94710F10461EE292976A1C7B1A582CB91
                Function 016BE443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f70e11451c7db01ff21e35f8abc00172d720e000d065c6178c62ba4b6d79b487
                • Instruction ID: c59d6f4cb0c5e6da2298cd0bb2a713172c95b9f95df3d56fd8433d8488ddfd76
                • Opcode Fuzzy Hash: f70e11451c7db01ff21e35f8abc00172d720e000d065c6178c62ba4b6d79b487
                • Instruction Fuzzy Hash: AB514771200A45DFCB22EF69CDC0EAAB3BAFB14794F40046EE64697260D735A985CB54
                Function 01724180 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d9748a87d522dbead712d6f9f30256fa5ec69bf490cb04a37e2312115ff961b0
                • Instruction ID: decfe8b67891dd85a4caf89aaf6f28c532a11309e2b8d3f0ade6b8adf840ec91
                • Opcode Fuzzy Hash: d9748a87d522dbead712d6f9f30256fa5ec69bf490cb04a37e2312115ff961b0
                • Instruction Fuzzy Hash: DA5167716083529FD750DF29C880A6BFBE5BFC8604F44492DF58AD7251EB30D906CB96
                Function 016A45B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: 3c9e730e46da2bd7a212569c2301a21f079be285468e7343dc4bccf7131e9f35
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: DA519B75E0025AABDF15DB98CC40BBEBBB9AF44350F58416AEA01AB340DB74DD44CFA4
                Function 0170E9E0 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction ID: 58fc238db09049a5e4c5460d8ed735b609caa71c4d1c91db4befa2c2170be35f
                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction Fuzzy Hash: BA518771D0071AEFEF229A94CC94FAEFBF5AB04724F154A69D912671D0DF709E4087A0
                Function 01748B28 Relevance: .2, Instructions: 152COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d168a774e5373551cc6c8f4036950b4212570102d1cdb44a775d1639fdbe5810
                • Instruction ID: e41950f11e68fc1364f857732224c065de6874f7a7b8afc4ef19ffd295d8d872
                • Opcode Fuzzy Hash: d168a774e5373551cc6c8f4036950b4212570102d1cdb44a775d1639fdbe5810
                • Instruction Fuzzy Hash: 5141F6707016199FEB29DBADC894B7BFB9AEF90220F088259F955C7384DB34D841C792
                Function 0170CBF0 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ac814d988a7f691731d00377b40aee70a6b1febf035ca8f5fe70db25e10e4188
                • Instruction ID: 5ca2c19a699c5979c16220bdcac95b58a70d4a0b120563c05793d6569f8c8842
                • Opcode Fuzzy Hash: ac814d988a7f691731d00377b40aee70a6b1febf035ca8f5fe70db25e10e4188
                • Instruction Fuzzy Hash: 15517C71900316DFDB22DFA9C9809AEFBF9FB48364B548699E506A3345D730AD41CF90
                Function 016BA430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f496a18403e1b01c02050b169745615b8bd24b2708c962ca75f863617bc72acb
                • Instruction ID: a96c7119bb0f5abcec73757f5c399c9949d38fa90b5637d6f15b498bd8439652
                • Opcode Fuzzy Hash: f496a18403e1b01c02050b169745615b8bd24b2708c962ca75f863617bc72acb
                • Instruction Fuzzy Hash: 8B413472646211ABDB25FFA8ECD1BAA3766EB14728F00402CEF029B311DB719C41C794
                Function 0174A9D3 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction ID: 2acc9907e17f775d5620a378866d846cb8f0cc99a9ae77ec7544490368ab3af4
                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction Fuzzy Hash: DF412A31B45706AFDB25CF68C884A6AF7A9FF80314B04866EE9138B241EB30ED04C7D0
                Function 016B01F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0c978227bcef80283d7e8823a6b512acb3fc77582b8a4038957e7bc17bfb0b9c
                • Instruction ID: ba7eb6f3ce5411a00e4c118f7d7785d7d6364c84c33eb4116d70a36aa6a11325
                • Opcode Fuzzy Hash: 0c978227bcef80283d7e8823a6b512acb3fc77582b8a4038957e7bc17bfb0b9c
                • Instruction Fuzzy Hash: F941AD36911216DBDB10DFA8C880AEEBBB5BF48710F14816EF915E7340D7359D85CBA8
                Function 016AEBFC Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 53c3b8cdbdca02f73f200101346a36e3fe0cdbc08e772fb42cfe5ff730886c1c
                • Instruction ID: 0602dcf990e0e5b2881f7968a70da13fa71094ce1363c5d917ebe48f308b3c8f
                • Opcode Fuzzy Hash: 53c3b8cdbdca02f73f200101346a36e3fe0cdbc08e772fb42cfe5ff730886c1c
                • Instruction Fuzzy Hash: 3B41B3722057019FDB21EF28CC84A1BBBEAFF84224F40496DE567C7311EB36E8458B95
                Function 016C2750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: 4d6da3f032702256f54b3d429130940b320524081b92780f4550cdbffbd2b259
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: BD515C76A01619CFCB15CF98C980AADF7B2FF84710F2481A9DA19E7351D770AE42CB90
                Function 01686154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 560a26232a783a74b7ac6fa5d24c45f65356a4464b280687f07ee50290365595
                • Instruction ID: 81d626743a9347befb4354d15667bd678cba5cf705f0992893f75873043b4a0b
                • Opcode Fuzzy Hash: 560a26232a783a74b7ac6fa5d24c45f65356a4464b280687f07ee50290365595
                • Instruction Fuzzy Hash: 59511770A05606DBEB25DB28CC24BE8BBB6EF15314F1483E9E529A73C1D7749981CF84
                Function 01680BCD Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b41e19395d94886874e0f95237832d3a1aab9080c7f5f0269893da8254341560
                • Instruction ID: 8a48cc049a94a76fa969494faf77c3b29501fd11436dd31f8262c24a1f6d3962
                • Opcode Fuzzy Hash: b41e19395d94886874e0f95237832d3a1aab9080c7f5f0269893da8254341560
                • Instruction Fuzzy Hash: 7641BF32E402289BDF21EF68CD40BEA77B9EF45740F0105A9E908AB341DB349E85CF95
                Function 01680D59 Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dc9fae6a97917d7e9c1ebb881247b7b42710dcbb749940d51845f030f7c55293
                • Instruction ID: 5ba98f0ec605b1ced5961920f81f20012acec77e1e7df9eda9a0e292e9bdd0ed
                • Opcode Fuzzy Hash: dc9fae6a97917d7e9c1ebb881247b7b42710dcbb749940d51845f030f7c55293
                • Instruction Fuzzy Hash: 0941E271A003189FEB31EF28CC84BAB77AAAB45710F00499EF8469B381D770ED45CB91
                Function 0174866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: 559b4d52635b92366d601528ab191710631aeb9aa0302d2668f650dc8c70bb13
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: 1C41A475B00109ABEB15DFD9CC94AAFFBBAAF95340F144069E900A7346D770DD418762
                Function 01680887 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bfeb30ded66c3a1bffc1de0060bcebc4df5b8688149d34fd3654f97349efccef
                • Instruction ID: 7101ede40bbf47188b4fed91dba82351636e99adc8e8bb2c68d0eaa3cb109df7
                • Opcode Fuzzy Hash: bfeb30ded66c3a1bffc1de0060bcebc4df5b8688149d34fd3654f97349efccef
                • Instruction Fuzzy Hash: 0C41B3B16107019FEB25EF28CC90A22B7F9FF48314B105B6DE55687651E730E84ACB94
                Function 016AA470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f6ef493b735e349cbec7b624ce6ca24f0926f3c96d7574e0ad79c220ee0ffbe6
                • Instruction ID: 652fe691f55b1f55d8a8a7ec11f3a43cb128b9a17442cd125a34e9c38c50dcac
                • Opcode Fuzzy Hash: f6ef493b735e349cbec7b624ce6ca24f0926f3c96d7574e0ad79c220ee0ffbe6
                • Instruction Fuzzy Hash: A6419A32941205CFDB25DFA8CC94BE97BB1FB18224F48425AD412AB395DB359D41CFA8
                Function 01688BF0 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8963d368664e915a94cd3cc2fea4c6bfe664c4ca62210deb1a7f3cd5a67ad2be
                • Instruction ID: 0f0dc1f2ab711630dd25093d60dbffe54570e1de836659d30894f1a1f7f33b0a
                • Opcode Fuzzy Hash: 8963d368664e915a94cd3cc2fea4c6bfe664c4ca62210deb1a7f3cd5a67ad2be
                • Instruction Fuzzy Hash: DE412772901202CBDB24EF48CC84A5ABBBAFF94714F59C22ED9029B759C775D842CF90
                Function 01678918 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 54f8784482c98843fb70644a3966d07bb1e46db32ef0ab58fc1ac23f446f2e1b
                • Instruction ID: 946d00382b4b10f9cced1c48ea964a0076bac82a5bfc5dbfb6e4d77f38c89116
                • Opcode Fuzzy Hash: 54f8784482c98843fb70644a3966d07bb1e46db32ef0ab58fc1ac23f446f2e1b
                • Instruction Fuzzy Hash: E94147319087469FD312DF69CC80A6BB6E9EF88B54F41092EF984D7250E730DE058BA7
                Function 0167A020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: df0375ad0b6f6ce8d83f7ccf9dc4c1cb20e6c41e84707aa2b66deac459ea1f27
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: 24416E31E00211DBDF12DE9D8C407BEBB72EB91759F1A84AAE9458B344D7338D41CB90
                Function 016809AD Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b941ec51612bdad551453260715ce0a36b574329cbab18b794ffa3b8d950b66
                • Instruction ID: ce0f474617f1beb10d72c25c3eae7134014d48db50467ad0d8cad386cf9e3092
                • Opcode Fuzzy Hash: 0b941ec51612bdad551453260715ce0a36b574329cbab18b794ffa3b8d950b66
                • Instruction Fuzzy Hash: F4416971A01601EFD721EF18C840B26BBF9FF54314F208A2EE8598B352E771E946CB94
                Function 016B0710 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction ID: 88c9db89748feb8b98a3a7ec5edfdd17a3ea3fc48c6b4c2022e79e64e0398ee8
                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction Fuzzy Hash: 98412575A00605EFDB24CF98C9D0AAABBF9FF18700B10496DE556DB290D730EA85CF90
                Function 0168262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d3b88495cf223f1be0a0ab3845d5d9804c3055ca6dc72622609a47e95d0ccd7a
                • Instruction ID: 44223b002a27320da883eed29d6a6f44f9e60e1372b3475a0ceb008457f27f02
                • Opcode Fuzzy Hash: d3b88495cf223f1be0a0ab3845d5d9804c3055ca6dc72622609a47e95d0ccd7a
                • Instruction Fuzzy Hash: FE41AEB0901701DFDB21FF29CD60A69B7B2FF54724F1082AED4169B3A1EB309981CB51
                Function 016BC8F9 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 996878727695ac0a248614a9c38b848a54396ea6336e2792c95a5b01529d0173
                • Instruction ID: 16061a39759676e96fb6e8c9d4d8db9a5de77710154d3e725bc5f666fcd8dc20
                • Opcode Fuzzy Hash: 996878727695ac0a248614a9c38b848a54396ea6336e2792c95a5b01529d0173
                • Instruction Fuzzy Hash: 413199B1A01305DFEB12DF58C840799BBF5FB09724F2081AED519EB351D3329A42CB94
                Function 017007C3 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4d380e1ec67a9f2e1a73c9275261a23e4e6cbe813cd7893ae80214e99ee3cd8
                • Instruction ID: 67c238f8f157a46a3fc0e1b1c9ec8599de245d1c9e2e3c2f9101d6dfdcf03343
                • Opcode Fuzzy Hash: c4d380e1ec67a9f2e1a73c9275261a23e4e6cbe813cd7893ae80214e99ee3cd8
                • Instruction Fuzzy Hash: EC418C725083019FD361DF29C845B9BFBE8FF88664F008A2EF998C7291D7709904CB92
                Function 017005A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49127396ff0b8360e24b27af8e882b413b02d9a1457f36d0566ddfad9c2422e5
                • Instruction ID: 4796bae5af9777f12cdbe4ad2e1d95076686584754ee9f81b780939611e5b0b4
                • Opcode Fuzzy Hash: 49127396ff0b8360e24b27af8e882b413b02d9a1457f36d0566ddfad9c2422e5
                • Instruction Fuzzy Hash: F2419D72604746DBC321DF68CC40BAAB7EAEF88750F14462DF99497680E730E914C7AA
                Function 01684859 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 03a0fbe554e9b177b6b0e0cc81d615c6b94ca9d0cfe072a3c6c3fa5b5a0771ec
                • Instruction ID: 0f614cbca04b73cf6ee549c52b8b964cdb353f9f2f6ecbeccdeab89f0b109a06
                • Opcode Fuzzy Hash: 03a0fbe554e9b177b6b0e0cc81d615c6b94ca9d0cfe072a3c6c3fa5b5a0771ec
                • Instruction Fuzzy Hash: 3E41C0702043028BDB35EF2CDC94B2ABBEAEF80364F15462DE6558B391DB34D851CB91
                Function 016902E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: de0e6cde3fb8391eedd2869d647cd0921dee23f6cc3cdb11c2cef3900b1c2e61
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: 43312531A05245AFDF129B78CC44B9FBBEDAF14750F0442A9F815D7352C7749884CBA4
                Function 0172E3DB Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 18c352475712c5233980cf43e486536ee4b4946f6018eb8e471114cb397757b9
                • Instruction ID: 86250f7de2b671c003e1e50e9c0439a3c5d41ffbbdc24b0357f6aae5bd2cda4a
                • Opcode Fuzzy Hash: 18c352475712c5233980cf43e486536ee4b4946f6018eb8e471114cb397757b9
                • Instruction Fuzzy Hash: 6A31B931740756ABDB229F658C81FAFBAB9EB59B50F00002CF604AB391DEA4DC01D7E4
                Function 01734B4B Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d37b793494ecda90ac251e1621a16bf6f65c8d19a3e1d5afc05845978e47aea
                • Instruction ID: c5d34624ceadd26e461dc3c9f3305a44898fe0e6b920c0e256db9a10540c0dd9
                • Opcode Fuzzy Hash: 7d37b793494ecda90ac251e1621a16bf6f65c8d19a3e1d5afc05845978e47aea
                • Instruction Fuzzy Hash: 5231D0322056119FD729DF1DD880E26B7E6FBC1360F0A846EF99A8B256D730E844CB95
                Function 01684260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 38525b74f35befae5bac22a3a6e40af8b65ae49f6a37469d0cb404809263daca
                • Instruction ID: 690ace7d9a401545d7669f1de3e3f5a4eb00e6d19324aa5042005826deffeccc
                • Opcode Fuzzy Hash: 38525b74f35befae5bac22a3a6e40af8b65ae49f6a37469d0cb404809263daca
                • Instruction Fuzzy Hash: 5C41A031201B46DFD722DF28CC84BD67BE9AB55714F04862DFA5A8B350CB74E804CB50
                Function 01734BB0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b3bfbdaef22643eb0ebafeb37d03e1d86aac8a4987cca2965b5de799e01c37f
                • Instruction ID: a6ca50b9ca58d237bdab93ecad09fd8c01f99dd89999407d9d39addcea4e989d
                • Opcode Fuzzy Hash: 0b3bfbdaef22643eb0ebafeb37d03e1d86aac8a4987cca2965b5de799e01c37f
                • Instruction Fuzzy Hash: F431AD716042019FD728DF29C890A2AB7E5FBC5720F09456DF99A9B296E730EC04CB91
                Function 016FEB1D Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 11d25e79ccf0a2b91bf9a1a77ae555aa7d6b8c72803d50e9a6c04abd4e476944
                • Instruction ID: 70f64659805351caec0be8b922fe8bbdde240e7df58f6da3bd050a4a2eb668fb
                • Opcode Fuzzy Hash: 11d25e79ccf0a2b91bf9a1a77ae555aa7d6b8c72803d50e9a6c04abd4e476944
                • Instruction Fuzzy Hash: 4F31E6322017CA9BF722576CCE58F15BFD9BB41740F1E00A8AB459B7F1DB29D841C264
                Function 017461C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1010c0054abf12ac615387c796203ce255f84577e314bb990d67a3fb03fc5558
                • Instruction ID: 404c38a847a737de6dca034f2bf276b29a6ff7e8d706e62b96400315b7c7ed98
                • Opcode Fuzzy Hash: 1010c0054abf12ac615387c796203ce255f84577e314bb990d67a3fb03fc5558
                • Instruction Fuzzy Hash: F131B075A0025AFBDB15DF98CC40BAEF7BAEB49B40F454169F900EB244D770AD40CBA4
                Function 0172483A Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1dc529221ffa9bfbeca84b9d82982c331b46d99594e8def3f9e67eb2496349b
                • Instruction ID: 7e694f94933871c0d3e137fb41fb4dee316f4e2c4353243d3eb2e12ff8bd5334
                • Opcode Fuzzy Hash: d1dc529221ffa9bfbeca84b9d82982c331b46d99594e8def3f9e67eb2496349b
                • Instruction Fuzzy Hash: 04317676A4012DABCF21DF54DC88BDEBBFAEB98710F1101A5E509A7250CA30DE91CF90
                Function 016AEB20 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b58e99534fc7cc711e9e7c8de76e7f10e7c0fd62b738be1ef39a8e22fb91316
                • Instruction ID: 9924e5c587ad92ac5af7169b3d3b8c3193fb9ccca34088ccee41eee98a376708
                • Opcode Fuzzy Hash: 7b58e99534fc7cc711e9e7c8de76e7f10e7c0fd62b738be1ef39a8e22fb91316
                • Instruction Fuzzy Hash: 4E31E432E01215EFDB21DFA9CD44AAEBBF9EF04750F518569E516E7250D3719E008FA0
                Function 017460B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9ad0f49ea6633cac71b5bbd05644a0708c2f30ded7d9abc002f16f2c63668d8e
                • Instruction ID: 94cc4564a6766c4423896fbf710c12979150d09677a0cdba815f2f89d6079ef0
                • Opcode Fuzzy Hash: 9ad0f49ea6633cac71b5bbd05644a0708c2f30ded7d9abc002f16f2c63668d8e
                • Instruction Fuzzy Hash: 1F31C371A00616EFDB229FA9CC50B6AFBBAAF45754F00406DF506EB352DB70DD008B90
                Function 016807AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f4d064215f0874b202bc8208bc5692a86683f8ca2fb8e34237481dee00ab50b8
                • Instruction ID: 18c895c3392967f0c2e07f9d2f08fd4731fd70e91872fa2679a179dddea8aac8
                • Opcode Fuzzy Hash: f4d064215f0874b202bc8208bc5692a86683f8ca2fb8e34237481dee00ab50b8
                • Instruction Fuzzy Hash: 3231E8B2A14652DFCB12FF248C8096BBBA6AF94250F024A2DFD5697310DB30DC4987E5
                Function 01688550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a00cfafd1c15b05a84234f76b9652832f29fd14298496c6387579ac5dc9f8c57
                • Instruction ID: 64d79740c55eb15b5a950e0f2d41a6adefc27d30b715b85a1c109c009e3fae48
                • Opcode Fuzzy Hash: a00cfafd1c15b05a84234f76b9652832f29fd14298496c6387579ac5dc9f8c57
                • Instruction Fuzzy Hash: 723180726053018FE760DF19CC44B1ABBEAFF98700F454A6DE98497391D771E844CBA2
                Function 016BA6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: b0dc5210fd79c9dedc8e93e51a5a9cb0a91741a2886aa7d3b4080edd173d9b59
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: 7A312CB6B04701AFD761CFADCD80BA7BBF8AB08A50F04053DA59AC3751E730E9408B64
                Function 0172EBD0 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 724f72ffd44bdf9ab40f93201541d498ac8632e7a8162f76a28de9b4415206a1
                • Instruction ID: 8d84941021448a208559f0a48835043698d7ef298585a5ca2c03b2d2b4127322
                • Opcode Fuzzy Hash: 724f72ffd44bdf9ab40f93201541d498ac8632e7a8162f76a28de9b4415206a1
                • Instruction Fuzzy Hash: FB31A9B150A3119FCB11DF1AC54081AFBF6FF89624F0449AEE4889B211D730D986CF92
                Function 016A438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a379d2cf276372e3f8b1690361580e3c93d6211e1f8e62c12bcc2ee822c30df
                • Instruction ID: 00a026141e5ba23987a86aa4bca4aac623f4e70f3b67eae9dec591570644bacb
                • Opcode Fuzzy Hash: 1a379d2cf276372e3f8b1690361580e3c93d6211e1f8e62c12bcc2ee822c30df
                • Instruction Fuzzy Hash: 2331DF72B016069FDB24EFA8CD80A6ABBFAEB80304F54852AD146D3254DB70ED41CF90
                Function 0167CB7E Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction ID: d5afcd2eaed58d851fa4a7ec37193904be65a28d1ead01ce275cb4668368031f
                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction Fuzzy Hash: 0C210436E0465BABDB109BF9CC00BAFBBB6AF14740F068075AE15E7340E770D90187A0
                Function 0167C156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8f9ffeb3abe81100910c84b6e2811b8e262944cf9b02d4197dccbe4dbd3e6649
                • Instruction ID: cb4286cdaa095b631aa5df1e22294d37d9638ad6f161718f37e4f7ea3415e76a
                • Opcode Fuzzy Hash: 8f9ffeb3abe81100910c84b6e2811b8e262944cf9b02d4197dccbe4dbd3e6649
                • Instruction Fuzzy Hash: F23147719002519BDB31BF68CC40B797BB9AF50314F5481ADE9469B386DB349982CB94
                Function 0173C3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: 103c659da769951410ad655ea78df688e974a5d7a046f568cce9379d91d80462
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: 59212B36600652A6CF26ABE99C04ABAFFB5EFC0710F40841FFAD597692E634D940C760
                Function 0167E420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9aa33dc4b6ef2c5ddca983ebf963a3e06c600d8e1d92d90ee441d01834213283
                • Instruction ID: c3a278f8da2079a3fc7f91284c4d961d8d0494960d618eedd8bf59bffbebef75
                • Opcode Fuzzy Hash: 9aa33dc4b6ef2c5ddca983ebf963a3e06c600d8e1d92d90ee441d01834213283
                • Instruction Fuzzy Hash: A331D431A0152C9BEB31DF28CC41FEE77BAEB15750F0101E5E645AB290D7759E898F90
                Function 016B4588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: c0a6a054a509c3ae0e951882c139a123386028b6a32d4cac8efaaa0bddbee303
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: 05214475A00619EBCB15CF58C9C0ADEBBB5FF48714F108069EE169B242EA71DE45CB50
                Function 016B44B0 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d3c5bd969649401abe6ff392c449d2dfcc51ed68ffd591dcb0f091e9c52d9ef
                • Instruction ID: 71743abae90c83eee5af1a1efcfbd27d794dd0acfad48edf4c5c361510e3125d
                • Opcode Fuzzy Hash: 0d3c5bd969649401abe6ff392c449d2dfcc51ed68ffd591dcb0f091e9c52d9ef
                • Instruction Fuzzy Hash: F9218072608B459BCB21DE58CC80BAB77E5FB88760F01451DF9569B742DB30E941CBA2
                Function 0167E388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: 7f9cc7201afd4a8af776858c0220f8015430fdc738bc7090d0a5a42459b25415
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: 65319A31A00604EFEB21DFA8CD84F6AB7B9EF85354F1045A9E5128B384E731EE06CB50
                Function 016FE609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e4dfb773fedd4c7dd3459213fefcbce33573d22928c95425fa9997b29905d8c2
                • Instruction ID: 199dd09ae48e218fa8d81bcde93e0971389895c67d722249715c2965ee991323
                • Opcode Fuzzy Hash: e4dfb773fedd4c7dd3459213fefcbce33573d22928c95425fa9997b29905d8c2
                • Instruction Fuzzy Hash: 1F318B75A0021A9FCB14CF1CC8849AEBBB6EF84304B16445DF9099B3A1E732AA40CB94
                Function 01688D59 Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                • Instruction ID: 0324070c295ac0784cb1c8e768c50f480381ccbf222db5bc13b9f5c026c4afd9
                • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                • Instruction Fuzzy Hash: 3421D632603681DBE726AB2CDD3DB2577FEAF50750F0906A8DD42977D2E7649C428250
                Function 017006F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f349d0fe1b591471f8d870361a51d6954e6794107305a52610bacd206b7397e
                • Instruction ID: 40d5373c01ba31ca77dbb6b2fedf601ea7e22a056191c3bcc1a8f93448c34ed3
                • Opcode Fuzzy Hash: 1f349d0fe1b591471f8d870361a51d6954e6794107305a52610bacd206b7397e
                • Instruction Fuzzy Hash: FB216B71900629DBCF21DF59C881ABEB7F9FF48750B50406AF941AB250D738AD42CBA5
                Function 0170019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c8bb1644cd49b368b9ed8797bb813bd73b4e25d172bc20cdc8f072645cb8fcf2
                • Instruction ID: 4e7b2340fe8f5f681028a23a63f64d983ed9d194e7d203cb37afd6c92f93ebd6
                • Opcode Fuzzy Hash: c8bb1644cd49b368b9ed8797bb813bd73b4e25d172bc20cdc8f072645cb8fcf2
                • Instruction Fuzzy Hash: 68219772600645EBDB16DB68C980B6AB7A8FF48790F14006AF904DB7A0D634ED40CBA8
                Function 01700283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c7fef43cf601bedec7fa4b276074cbdcbceb35ded843b1c21ac55d3769f316a
                • Instruction ID: a5fee741b5f57273d69b57a388895d2429e930d1161596f21780e0f2a89e25c9
                • Opcode Fuzzy Hash: 9c7fef43cf601bedec7fa4b276074cbdcbceb35ded843b1c21ac55d3769f316a
                • Instruction Fuzzy Hash: CF21A172504346DFD712EF69C944B6BFBDCAF912A0F08446ABD80C7291D734DA09C6A1
                Function 016A2835 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 35454ed99b4fbd1e9237ceacc954cecc7a816839b06101e02dd694054f2d7fa5
                • Instruction ID: 469a94b125002524b67e2b9466d8e338dc89abf881ae43a058768b902b0e2086
                • Opcode Fuzzy Hash: 35454ed99b4fbd1e9237ceacc954cecc7a816839b06101e02dd694054f2d7fa5
                • Instruction Fuzzy Hash: 2B213B327466819BE722576C8D28B247BD5AF41770F2A03A8FA209B7D2D769CC068644
                Function 016BA30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 039886e5a47f5a1f34ccdb9cf578f5b91fd4b70e944798b80908d9e2efbcc749
                • Instruction ID: 8b49aeae88bf0a2b6b4f5256e50e0bb51db2550ceea8063f0e08bf8bb4d968a5
                • Opcode Fuzzy Hash: 039886e5a47f5a1f34ccdb9cf578f5b91fd4b70e944798b80908d9e2efbcc749
                • Instruction Fuzzy Hash: A7219875241A419BCB29DF69CC40B56B7F6AF08B04F24846CA50ACBB61E331E842CB98
                Function 0173A49A Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e8e6613992e16898d0ee74f38a18f22c50c1be60f96d751eade09a6e9c13d46
                • Instruction ID: 33ff447fe39abbfcbff3fe9c7b9a6f4b274f38766331bf14ecd8c9f99f9a2322
                • Opcode Fuzzy Hash: 2e8e6613992e16898d0ee74f38a18f22c50c1be60f96d751eade09a6e9c13d46
                • Instruction Fuzzy Hash: AC110672380B11BFE72256599C02F27F69ADBD4B60F210028BB98DB2C2EB61DC018795
                Function 01700946 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3980abd91b54360fedf21302f3f7a671cf764d322390d66860aabd4d630e5b73
                • Instruction ID: 62c7a43b0ecea8557927817846e9ea9c860b74e4cef912e0aa6340a1b3758307
                • Opcode Fuzzy Hash: 3980abd91b54360fedf21302f3f7a671cf764d322390d66860aabd4d630e5b73
                • Instruction Fuzzy Hash: FF21E5B1E10309AFDB20DFAAD990AAEFBF9FF98710F10412FE405A7254DA709941CB54
                Function 017180A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: a7d1505f678cdb32e622f7617cade068327dbf27ecb0fcbc36cc02b084635dec
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: 5F218C72A00209EFDF129F98CC40BAEBBBAEF88320F244459F905A7251E734DD50DB50
                Function 016B0124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: ced88d0ac3f8f634d4732ae847951f80e7f5e63b5baeb1c2baf7eae45abd5a63
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: AF119D73601605AFEB269E98CC81FABBBB9EB80755F104029F6059F290D671ED84CB64
                Function 01688770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b7a10e1479082199a358dccee90a449058e45837fc7dd6b330cc81848a7e428b
                • Instruction ID: 6b9056bc50e514248b94dd87e3fcd535307621679061e29910cb24a468660d81
                • Opcode Fuzzy Hash: b7a10e1479082199a358dccee90a449058e45837fc7dd6b330cc81848a7e428b
                • Instruction Fuzzy Hash: A711B6717016119BEB11EF4DC88096ABBFDAF46B10B95416DED089F305D7B1D9018790
                Function 016BAAEE Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction ID: 0661dd0f98651dac6cd906d420b3ebf0c35d9ce8835790e144a27a3c91da06a2
                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction Fuzzy Hash: 19218E71600641DFDB318F89C990AA6FBE6FB94B10F14883EE65A87710C730EC81CB40
                Function 016880E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ec421c55a203fff97cb4ed34e208033ae439c70462379584b3ec8d3b10339405
                • Instruction ID: 96ee5dc182bb4272c41a794f3f4d40708d8dae1bd21977340b0e26150219caed
                • Opcode Fuzzy Hash: ec421c55a203fff97cb4ed34e208033ae439c70462379584b3ec8d3b10339405
                • Instruction Fuzzy Hash: D7218175A40206DFCB14DF58C981A6EBBF9FB88319F64426DD145A7311CB71AD06CBD0
                Function 016B674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 842a7ae43c8949a5c30c583b5dcb33b29af0615eacedb15d1f916b8ef128a2ab
                • Instruction ID: b042d6462d5f33dce620ff655f68a7589ab5d450e86aa5f48b93f139b2c2e1f2
                • Opcode Fuzzy Hash: 842a7ae43c8949a5c30c583b5dcb33b29af0615eacedb15d1f916b8ef128a2ab
                • Instruction Fuzzy Hash: E5218C71600A01EFDB208F69CC80BB6B7E9FF44250F40882DE5AAC7250DB30E880CB64
                Function 01716870 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ab28a4643ffdf0e6708c1c87c33840e98586abde0dcc38fe58eabeaaa95df7e
                • Instruction ID: 4b834871ff19b59bede669c4cc0efb992918e554dac8a49f0a9148cfd06b81d5
                • Opcode Fuzzy Hash: 6ab28a4643ffdf0e6708c1c87c33840e98586abde0dcc38fe58eabeaaa95df7e
                • Instruction Fuzzy Hash: F711A332240514EFD722DB5DCD40F9AB7AEEF55760F114069F605DB265DAB0ED01CB90
                Function 016AE8C0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0dcf0873d1ea782d79366f89a2e6b2934a8af78ea65633a0594a6367159bc115
                • Instruction ID: 7ab3b2a31679bcca917faf89f0db899384300b4a984ae356878c3daa7c6c348a
                • Opcode Fuzzy Hash: 0dcf0873d1ea782d79366f89a2e6b2934a8af78ea65633a0594a6367159bc115
                • Instruction Fuzzy Hash: E01125332051109BCF19CA28CC85A6BB29BEBD56B0B244578E9228B380EA318C12C690
                Function 016B66B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d29bbb9942def98664213ea2c502ae365b0b0c0af1aa271413dc0af8c8958b5
                • Instruction ID: ad410bbdeddb2259706a969aba70a712fecbf59686964b2a4d2daacdd39107c9
                • Opcode Fuzzy Hash: 4d29bbb9942def98664213ea2c502ae365b0b0c0af1aa271413dc0af8c8958b5
                • Instruction Fuzzy Hash: F811BC76A02255EBCB25CF5AC9C0AAABBE9AB94650F01807EE9059B315E730DD41CB90
                Function 0174A8E4 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction ID: b28a0f640ec471fa6238f1edd5b3fcc7d1c971dc9365eb12ce903eea5e72f270
                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction Fuzzy Hash: 8F110436A00909AFDB19CB58CC05B9EFBB5EF88210F058269E84697344E731AE11CBC0
                Function 01680AD0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction ID: dfeb1bf0df1935e8bf49ab8684ba1ed3b17b93e4063d45fb5f7cf730949aabee
                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction Fuzzy Hash: 812106B5A00B059FD3A0CF29C840B52BBF4FB48B10F10492EE98AC7B40E371E814CB94
                Function 0170E7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: 44ec6b8120ab55aa2c4e030cd4bfff642c869bd2e7d811ebdf3fad071a3eb28a
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: E5119132640701EFEB229F48C844B56FBE6EB45754F05986DE9499B1D0DF31DE40D790
                Function 016A27ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5bf37ab0438ca46377f785194310a3588848d17b1bff493c01f44b6479626226
                • Instruction ID: 7efe0d8afbebbd19c2028b115d059a1d3aa2453e7f60c8b1be76ab524d2a85f7
                • Opcode Fuzzy Hash: 5bf37ab0438ca46377f785194310a3588848d17b1bff493c01f44b6479626226
                • Instruction Fuzzy Hash: 7E012672246645ABE326A2ADDCA8F277BCEEF41794F4600B8F9008B340DA25DC05C7B1
                Function 01684690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6af4c3b882fe5351f9b4a73c1a05c094451bf3379db201de5a2df9a5eac32499
                • Instruction ID: bf4cb598f7008459d0088243efd97595368113fe05e6d5e4dda2371e44702318
                • Opcode Fuzzy Hash: 6af4c3b882fe5351f9b4a73c1a05c094451bf3379db201de5a2df9a5eac32499
                • Instruction Fuzzy Hash: 9F11E136200656AFDB25FF59DC40F667BA9EB8AB64F00422AF9058B350CB71EC40CF60
                Function 01754B00 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e6953d9876f0f9683bb5684f402e5f61ca5c7706ae0f79d8aa74a3be76f1c90
                • Instruction ID: d8f0ab2af76a2a73c6181ebfa377fd23b9290c3bcd50c93b04336fae12eee3b0
                • Opcode Fuzzy Hash: 2e6953d9876f0f9683bb5684f402e5f61ca5c7706ae0f79d8aa74a3be76f1c90
                • Instruction Fuzzy Hash: DB11C2362006119FDB629B6DDC44F66F7A6FFC4721F194529EE4387690EA70A842CB90
                Function 016B6620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3385b291246cb3885ffb67c3dcde7d61094e67a0837a3dc02281ebff267bfd41
                • Instruction ID: a782533b7efbf94f9bedd78c133f6cd2caaf071f556d3d5dc362c8b69e947ce4
                • Opcode Fuzzy Hash: 3385b291246cb3885ffb67c3dcde7d61094e67a0837a3dc02281ebff267bfd41
                • Instruction Fuzzy Hash: DB11C672900625ABDB21DF59CDC0B9EFBB9EF44750F500068DA05A7301E730AD418B55
                Function 016AEA2E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbd226496e5c4ba33eb56c41de932b407ff859965af779e7da318707fb233081
                • Instruction ID: b8b86354fb62770d950ddf922a8acffe7e2096090e9394d104c6459d4be4e30e
                • Opcode Fuzzy Hash: dbd226496e5c4ba33eb56c41de932b407ff859965af779e7da318707fb233081
                • Instruction Fuzzy Hash: 73019E7150014A9FD725DB19D848F26BBFAEB95324F61826EE1098B360C771EC82CF94
                Function 016AE53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: 5f3bc72be417fd216bb33718ceed12723a716c04fc1924046e3717d26a9a6727
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: 8A11A5722026C2DBEB23972CDD58B257BD8AB41754F1901E0DE818B752F72ACC43C650
                Function 0170E75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: 127557b40110277a1d9e0bf00c02a29bd89250fe8add2f381c659b02496e9bc1
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: 27019632600305EFE7239F58CC04F66FAE9EB85760F059979EA059B1A0DB71DD80C790
                Function 0167A250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: 32cda9085bfc271ccef345ae2c31748564ee26e1605fd7f569846ed4fd448bb8
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: 4E0126314057219BCB318F59DC40A7A7BA9EF55B60708CA2DFCA58B281D331D801CB60
                Function 01754940 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b6dd3b54d3faf48b180b8d14b9a004ac28f9866553b6835aa6643f0a943a981
                • Instruction ID: bde02cf3fc0479f674ef172e49ae819914286c0c667926d367790e4734139fcc
                • Opcode Fuzzy Hash: 4b6dd3b54d3faf48b180b8d14b9a004ac28f9866553b6835aa6643f0a943a981
                • Instruction Fuzzy Hash: 420104724415019BC7629F1CCC01E52F7B8EB91770B154259EDAA9B196E770D881C780
                Function 016FE1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4f8137e816fb311897a39edacc385891a98276b145f8e0e771d65f0b1b270b87
                • Instruction ID: cb79174669b0a35f17f8af5bde6759b7b7edde6131ced3f67e0c408ac59d5405
                • Opcode Fuzzy Hash: 4f8137e816fb311897a39edacc385891a98276b145f8e0e771d65f0b1b270b87
                • Instruction Fuzzy Hash: D111ED36241640EFDB15EF19CC80F16BBB9FF58B44F2000A9FA059B261C332ED01CA94
                Function 01686259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2726c78deb0de1e5133417c098beba700f99a9f6df80b5a6c8a870ca6cc7568d
                • Instruction ID: 8139f87db096327225f95dd14c62b8e5f0c4279d2c883418da2a0ccbe0c1ee17
                • Opcode Fuzzy Hash: 2726c78deb0de1e5133417c098beba700f99a9f6df80b5a6c8a870ca6cc7568d
                • Instruction Fuzzy Hash: B2115E71641229ABDB25AB64CC52FE97275EF04714F5081DCA718E61E0DB709E81CF88
                Function 01706050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24ecbc2c5b077f0d4407a9fa66c01e4ba9518e9598f020d0cfb2650335255720
                • Instruction ID: e5b327dc991a126865c726f2e63f7936c73e4fb798de70f1c47bd7924619f6da
                • Opcode Fuzzy Hash: 24ecbc2c5b077f0d4407a9fa66c01e4ba9518e9598f020d0cfb2650335255720
                • Instruction Fuzzy Hash: 0A111772900119EBCB12DB94CC80EEFBBBDEF48254F044166A906A7211EA34AA55CBA0
                Function 0168208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: c57d7eae4af2dff9dcdc476918ab25cb0c3660f5b778b3dc10d0a5f7f849f9a7
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: 4601B5326001119BDF15AA6DDC90A52776BBFC4600F5946A9ED068F346EB719C83C790
                Function 01716500 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d48131a2fc14c757789563c42da73386394096305f16d589b31312acafd9a26
                • Instruction ID: c67382838d40db06f132fc7de7e3bca49d089244c850de7cecaf6babe3d2318f
                • Opcode Fuzzy Hash: 0d48131a2fc14c757789563c42da73386394096305f16d589b31312acafd9a26
                • Instruction Fuzzy Hash: 9C11E1726001469FD701CF1CC800BA2FBB9FB5A314F188159F8488B31AD772EC80CBA0
                Function 0170C810 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 399777bb5711d1ff29d2a6f3456f4f5f77b501d84a05a847469cb291416adb3c
                • Instruction ID: d24034ffd07a3169eb3c0d2e341433e7d03857946f199a173939961378ec036f
                • Opcode Fuzzy Hash: 399777bb5711d1ff29d2a6f3456f4f5f77b501d84a05a847469cb291416adb3c
                • Instruction Fuzzy Hash: 87111CB1A00209DBCB00DFA9D541AAEB7F8FF58250F10806AB905E7351D674EA01CBA4
                Function 0172EA60 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46429457e620e8d71ac736d07389728d0495eeaff2841e8cdcf0e1eec9e949ac
                • Instruction ID: 63f8ff4372998f17852f21b5f8e114b3ec2118825015e5dcd755260af5e3c0f6
                • Opcode Fuzzy Hash: 46429457e620e8d71ac736d07389728d0495eeaff2841e8cdcf0e1eec9e949ac
                • Instruction Fuzzy Hash: 4C01D431141221ABCF32AB2AC850D36FBBAFF52660F04446EE1555B211CF30DD82CBD1
                Function 0167C020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: e0fdd189285e08981a55d9891e8ace2270da3b3a302f31619fa710c23abe94bb
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: 33012832100706AFEB23A6A9DC00EA777EEFFC5210F44841DE9468B680EB71E442CB90
                Function 016C20F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 77d3ce685e58ca9219414145aa32aa62d884f070f4bbdc110fb71e7735228f58
                • Instruction ID: 37b29d451a8b7f6b7d07c376901633d39540145333dfa46728ee4eb1f8d1db51
                • Opcode Fuzzy Hash: 77d3ce685e58ca9219414145aa32aa62d884f070f4bbdc110fb71e7735228f58
                • Instruction Fuzzy Hash: 80116D35A0020DAFDB05DFA4CC60BAE7BB6EB84644F00405DEE059B390DA35AE11CB90
                Function 016BE5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5eaad34747c9f39d190fcfc97cda62b266a4191d7fae5ab0e2b79d9788372cf7
                • Instruction ID: 9d4089078c8301463749a5d83ba79f74a83056111c1f81d1d598d2b61390ef49
                • Opcode Fuzzy Hash: 5eaad34747c9f39d190fcfc97cda62b266a4191d7fae5ab0e2b79d9788372cf7
                • Instruction Fuzzy Hash: A601A771252A41BFDB11BB79CD80E57B7ADFF54764B00052DB20983651DB24EC51CAE4
                Function 017169C0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 69af4ed4f9feb790bedbbc0e3ee24d5d9fbed38bcecd434a72ccc508b397f599
                • Instruction ID: 3922f3a67a517e1869183513065efe95653ee15af89ee10a07f485c01c06dd5d
                • Opcode Fuzzy Hash: 69af4ed4f9feb790bedbbc0e3ee24d5d9fbed38bcecd434a72ccc508b397f599
                • Instruction Fuzzy Hash: 1401FC332146029BC320DF7DC8889A7FBA9FF54660F11452DF95987284E7309A05C7D1
                Function 0170C460 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a875a5d06f7d97ea1e3c01d88446118ca8191b2d9db3805eb5a2f7342cb24e1f
                • Instruction ID: 3719027b4c227969d8b5278db5216f8c94d3a2711cf746a66209621fad7368ad
                • Opcode Fuzzy Hash: a875a5d06f7d97ea1e3c01d88446118ca8191b2d9db3805eb5a2f7342cb24e1f
                • Instruction Fuzzy Hash: 94115B71A00209EBDB16EFA8C854EAEBBB6FB48650F004199FD0197394DA34E911CB90
                Function 0170C97C Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dafcdbd6e01743cf223ebe0359b1d4a399fcd3ad16e8a247a542f3eb89553792
                • Instruction ID: dc297133900fabae76bd766d0c47c1fda730f0ebb17537c65f1ee35f36530c07
                • Opcode Fuzzy Hash: dafcdbd6e01743cf223ebe0359b1d4a399fcd3ad16e8a247a542f3eb89553792
                • Instruction Fuzzy Hash: 751139B26183099FC700DF69D841A9BBBE8EF99710F00855EB998D7391E630E901CB96
                Function 0170CA11 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b9954ccce7934f821027d4b889055be6821bf71c12f8f5578428ac8b3ad9f739
                • Instruction ID: 6c023d5f45ca0ed6b9b2e3f2e6812a8df2a2c1ef45b49a3507704caa2f980c81
                • Opcode Fuzzy Hash: b9954ccce7934f821027d4b889055be6821bf71c12f8f5578428ac8b3ad9f739
                • Instruction Fuzzy Hash: 5C117CB16043049FC700DF69C84195BBBE4FF99750F00865EB958D73A0E630E900CB96
                Function 01754A80 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction ID: f2d4b33df69f1902cde0f3e3f3b2b5a71737df7a3dd36e5c2c3ca52237a7d633
                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction Fuzzy Hash: 5801D836200641AFDBA19B6DD844F56F7EAFBC5210F044459EA438B650EAF0F981C794
                Function 0169E016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: b86525e20139f2a8e58f1689372bfc39ff08868ecd24913bbcafac83504fffa8
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: 73017C32604680DFE726C61DCD48F367BDCEB55794F0A04A2F905CB791EB29DC51C661
                Function 0167826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 358b336948fbc681c59ab6fd3f626e349173928b1c5d7c185cbb87ddfcc1fbb0
                • Instruction ID: 5c90fc5aba1af659614cd42f72c75e6081651528d4b3c94564537fca308a92ba
                • Opcode Fuzzy Hash: 358b336948fbc681c59ab6fd3f626e349173928b1c5d7c185cbb87ddfcc1fbb0
                • Instruction Fuzzy Hash: 0F01A231700605DBD714EB6ADC489AFBBFDFF81620F5580299911A7784EE20DD02C6D1
                Function 0172EB50 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: a2fb02d3e6ede7db4544c7c815e21f43960043f629841c246413a54077a0ee1a
                • Instruction ID: 7193eba54744d14b6303752fe2350e8a88dac9a57b163376098d5d41b6d11fa4
                • Opcode Fuzzy Hash: a2fb02d3e6ede7db4544c7c815e21f43960043f629841c246413a54077a0ee1a
                • Instruction Fuzzy Hash: C701F271244711AFD7315B19DC51F02FAA9EF54B60F00442EF2068F390CAB098818B98
                Function 01682582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 557ca7abe8015326cdaebaaabe4ac8c2552926bea09f1ef972c75831d5c1c716
                • Instruction ID: bb8faa23b7fc39b9f33a4beb52ce083d0a8af57419d6ee590789f21e0411802d
                • Opcode Fuzzy Hash: 557ca7abe8015326cdaebaaabe4ac8c2552926bea09f1ef972c75831d5c1c716
                • Instruction Fuzzy Hash: E1F0F933641A10B7C7319B568C50F07BAAEEB84F90F00412DA60697700C630DD01CAB0
                Function 016AC073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: c0eaebbe59c6f300267e64ca3a532387dd7588e8c3ccd0c5f4fa090a62ba6077
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: 34F0AFB2600A11ABD324CF4D9C40E67FBEADBD1A80F04812DA545C7320EA31ED04CB90
                Function 0167C310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: 0fddd8f5dc1dd11b241e8b5f17076159b8f64fa032a3186d74416d55530f8377
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: 2DF02B33204A339BD7321ABD5C40B3BAA9A8FD1B74F1A0039F6099B300CA658E0297D0
                Function 016BCA6F Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction ID: 2d4526375e919722ed52a60c3a2b2052848125dfea7cceaf4f94d74d286e3777
                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction Fuzzy Hash: DE01D1322016859BE722972DCD49F99BB9DEF41750F0840A9FF048B7A2D7B9C941C354
                Function 017561E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c6ac7e257a04dc6821287766f3b4f39a4bc73d822dc188c33b0352165b6bba1
                • Instruction ID: 054e585b947974acde5c1e81794180483bed3fc725d56c57f38005a136903f73
                • Opcode Fuzzy Hash: 4c6ac7e257a04dc6821287766f3b4f39a4bc73d822dc188c33b0352165b6bba1
                • Instruction Fuzzy Hash: FF017C71A002499BCB00DFA9D851AEEBBB8EF58710F14405EF900AB380D774AA01CB98
                Function 017063C0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction ID: d302bb561dae73df9013d35dd036000677d275daf0eb01f8330c2c453ae86145
                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction Fuzzy Hash: AEF0127210011DFFEF029F94DD80DAFBBBEEB55298B114125FA1196160D631DD21ABA0
                Function 0170A4B0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 400203884fa90fd87298b568ca5322baf76002d2b29951e21245dc71da056688
                • Instruction ID: 866bd3682a005b8a663aa447c2f21f4a0b1c2eb4e97c516e306f9ebf95bb8f59
                • Opcode Fuzzy Hash: 400203884fa90fd87298b568ca5322baf76002d2b29951e21245dc71da056688
                • Instruction Fuzzy Hash: F0018536100209EBCF129F88D840EDA7FA6FB4C664F068111FE18A6260C336D970EB81
                Function 0167C0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 54db0a9ffff2625879fceb6c51603d4494a1d59f92f72021d9d6f491a5f9d5ad
                • Instruction ID: 33fe7a6e8c001920c9f1825d31438ffca331a94a06066b79779f5a50f3c2563c
                • Opcode Fuzzy Hash: 54db0a9ffff2625879fceb6c51603d4494a1d59f92f72021d9d6f491a5f9d5ad
                • Instruction Fuzzy Hash: 59F024723042425BF3509A1DAC11B23379AE7D0656F65803AEB058B3C1FE70DC01C3A4
                Function 016B656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d8c7837443208afdc28d31b5fe115211cca5e51643573fd9f72954fa41bb938
                • Instruction ID: 910ec746106ef030221ed161074fda6214aa1a62f1af8aed7d92fd60649b06e3
                • Opcode Fuzzy Hash: 4d8c7837443208afdc28d31b5fe115211cca5e51643573fd9f72954fa41bb938
                • Instruction Fuzzy Hash: 6F01A4722016819BF722973CCD98F6637A8FB40B54F484198BA018BBE6EB28D4928314
                Function 0172437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: 16226dafcd1050f93b02e25771a562feb05665b8b261f407e160fa224334d106
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: 5FF0AE36341D3347EB76AA2DD820B2EE656AFD0E50B05052DD657EB651DF60DC03C790
                Function 0170E872 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction ID: 8c7aa0c8bca63adf52e234d3452ccfe28b7f2450eff55029298ba749d560de58
                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction Fuzzy Hash: ACF0B432780751DBE7228A4DCC80F12F7E9AFD5A60F190468A6049B2E0CB60ED4187D0
                Function 0170C89D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c9a5971649e360dedea119816a9ba9273e15096bf754748714e3f3bfd2215fc3
                • Instruction ID: 90606a161fad2701aa94775321b3031491baee426139cd19900421f8c843e7e4
                • Opcode Fuzzy Hash: c9a5971649e360dedea119816a9ba9273e15096bf754748714e3f3bfd2215fc3
                • Instruction Fuzzy Hash: 36F0AF716057049FC310EF28C941A2AB7E4FF98714F40865EB898DB3D0EA34EA01C79A
                Function 016B0854 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction ID: 977e8fba432a068375a9c7f0830b1efe960b1f50f2011758949f60253593ce98
                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction Fuzzy Hash: E5F02472600204AFEB14DB21CC00F87BAFAEF98300F258078A545C72A0FAB0DE41C754
                Function 0040AA86 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1991534884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14e7f06b814caee567c152a8af13d6254212ff5d26f3838a7bba3a4efd16b11c
                • Instruction ID: fc16cbaa5a542503e1a7dd2e9938927c6a2fd267ce64b47daeb517aea2116c85
                • Opcode Fuzzy Hash: 14e7f06b814caee567c152a8af13d6254212ff5d26f3838a7bba3a4efd16b11c
                • Instruction Fuzzy Hash: FCF0596392D65683EF11C93899E86D16F519BA372432C0F69C8C0A32C6D2219565CA5A
                Function 0170C912 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fdc72be9ce64c90a6c9fe148bf18f0811aeb3644de6937ac2067fb2d60a226ec
                • Instruction ID: 167d3bf70b705656631c8c1a00c1802a5cfd2068dac9fcfbdce515f5a9b41165
                • Opcode Fuzzy Hash: fdc72be9ce64c90a6c9fe148bf18f0811aeb3644de6937ac2067fb2d60a226ec
                • Instruction Fuzzy Hash: 5AF0C270A00209DFCB04EF69C911AAEB7F4FF18300F008159B905EB385DA34EA01CB94
                Function 016847FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f31d3db14a88a66fc956652f3db074f585a2924f00275c75e4f891c952cdf606
                • Instruction ID: 7ad6987e38d1a997cc10f33551e340890c4a813f7614bd604a5036579ac89d4c
                • Opcode Fuzzy Hash: f31d3db14a88a66fc956652f3db074f585a2924f00275c75e4f891c952cdf606
                • Instruction Fuzzy Hash: 97F0B4B19366D39FE732EB5CCC44B21BBD89B01678F0B4B6AD94A87702CF64D880C650
                Function 01740115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 010fb70f526d97b34da0f20689810ae027121be1c94cba2e132a00ac8d890125
                • Instruction ID: a0f078e96ba32201955a6ae2424d4b16282cbdee530848375e6ded922104c45e
                • Opcode Fuzzy Hash: 010fb70f526d97b34da0f20689810ae027121be1c94cba2e132a00ac8d890125
                • Instruction Fuzzy Hash: 69F05C6641ABC14BDF326B3C745C3D9FF55A781124F091449F5A25720EC7748883CB21
                Function 016BC5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 75ba853c0010a70ef404cb258d4add0725e166b8c4a30f3f342ee3b7e0a0d358
                • Instruction ID: 966b6a648390475e8bf9c61518b7c48c2d1bab175e1eaca58961d8d786a41caf
                • Opcode Fuzzy Hash: 75ba853c0010a70ef404cb258d4add0725e166b8c4a30f3f342ee3b7e0a0d358
                • Instruction Fuzzy Hash: 59F052716012B19FE3328B1CC8C8F91BBD89F817B0F08A425C802C7302E360EAC1CB40
                Function 016C2619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: 950e7597be0e638cd1f0f92c0ba8f58932e5b2fa3d6ae2967661d3790a434db2
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: E7E09232300A016BE7129E5A8CD4F57776EDF92B10F04007DB9045E252CAE29C0982A8
                Function 01716030 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction ID: b4aae718d2001f28e377ebc0650267d18ad87e0a6ac804c070d0373c492be486
                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction Fuzzy Hash: 50F01C721046049FE7218F49D944F62B7B9EB05364F46C06AE6099B561D3BAEC40CBA4
                Function 01680710 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction ID: d54680a5fc6335eef0e916832ad01b9ac5e7b897ca517ff65eb5950a439dd409
                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction Fuzzy Hash: FFF02B3A204741DFEB16EF19C850AA57BE8FB45350F010594FC468F301D732E986CB94
                Function 016B49D0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction ID: bf9026e61beb12c38787980f9992a273d039761c3fa579eeb5b47ce3d9a08c0e
                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction Fuzzy Hash: 0BE0D832344145ABD7222A598C40BA677AADBD07A0F150429EA028B35ADF70DCC1C7DC
                Function 01754164 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 768aa979cbd9036c53ff93595846783773c5f9318d2a2f5ea480b1909d2e04b0
                • Instruction ID: ec51c11a0e6bd0ad5a6c0e6640106f25938c1339cc77e5f625e0c8a62686f4b1
                • Opcode Fuzzy Hash: 768aa979cbd9036c53ff93595846783773c5f9318d2a2f5ea480b1909d2e04b0
                • Instruction Fuzzy Hash: 31F06531A255918FE7F2D72CD944B56B7E5AB15630F1A0554DC0687912E7B4DCC0C650
                Function 0172678E Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction ID: ce79cfaa41ad339fc7ddf8ba77111229260cac6e03e83a80e1134420d8b57122
                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction Fuzzy Hash: D8E04F72A40124BBDF2297999D05F9ABEADDB94EA0F15406AFA01E7190E570DE00D690
                Function 017508C0 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction ID: 85ab77813df1089a0d688949775c2b02b407b9bfbeaf5e474d7be65039a21339
                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction Fuzzy Hash: 8EE09B316803548FCB658A1DC140F53F7E8DFB5761F1580A9ED0947612C2B1F843C6D0
                Function 016825E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af9922ad8a53db8c3bcc6235fcf031193c5b5fb6965f07073754504e49db39c5
                • Instruction ID: d40b8e94b7c59061cf016a1a5205d8cea430a6039313a5bc54748e83b642711b
                • Opcode Fuzzy Hash: af9922ad8a53db8c3bcc6235fcf031193c5b5fb6965f07073754504e49db39c5
                • Instruction Fuzzy Hash: 98E092721009949BC721BB29DD11F9A7B9BEB64774F01461DB11597190CB30A950C788
                Function 0173A456 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction ID: a7d88aab855f4b302380780bbdeed9835d0c4b3695dd0021ea8d011b63222f9a
                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction Fuzzy Hash: EBE09231010A51DFE7366F2ACD58B52BAE6FF90711F148C2CA1DA424B1C77598C0CA44
                Function 01704000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: 578ce202b15d968c69a9a335a4d290b290ea2d19291163561eb07f5998bfd323
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: 6CE0AE34300306CBE716CF19C140B62BBB6BFD5A10F28C0A8AA498F245EB32A8428A40
                Function 016BCA38 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 192c2510035fac9f118ae33455aa8033865bb11784341ae429fec2ecdc4ee03b
                • Instruction ID: 817ab596c92d4f0595a3d94bf6449d50e7b032708a4e2f39a68b30f6a28cbd17
                • Opcode Fuzzy Hash: 192c2510035fac9f118ae33455aa8033865bb11784341ae429fec2ecdc4ee03b
                • Instruction Fuzzy Hash: 41D02B324C50206ACF36F1187C44FD33A5E9B40330F018871FA0892021D515CDC187D8
                Function 0167823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: a55db0d249cd2d1f2481804f2d59d825a61c8c2de3c3778ba6327f7afe5fb51c
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: EAE02731500910DFDB312F15DC14F5176AAFF94F11F11C82DF0450756487705C82CB88
                Function 01682050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c4f765cc5a807ac0cb390f58ef3bccd4a7f0f3e89e37639b00573708a8a566a
                • Instruction ID: 3c05fb36fbc8350d83ea254137a13e3f30872094960662a51eb01117499f2d8b
                • Opcode Fuzzy Hash: 5c4f765cc5a807ac0cb390f58ef3bccd4a7f0f3e89e37639b00573708a8a566a
                • Instruction Fuzzy Hash: 21E0C2321008A0ABC721FB6DDD10F4A779FEFA4370F004229F15487294CA60AD40C798
                Function 016B8A90 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction ID: f66665f6e05d8578c266af057431bdd577526a4ddf141696d15be05ba32dc817
                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction Fuzzy Hash: 12E08633115A1887C728EE18D951BB277ACEF45720F09463EAA1347781C634E544CB94
                Function 016D6AA4 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction ID: 689ab50bf0ccc6d670a0208a01ceadac582ee6cc9652804559c5af72578f732c
                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction Fuzzy Hash: 64D05B36511A50DFC7315F1BDD00C13BBF9FBD4A10705052EE54583A14C770A805CB90
                Function 016BE59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: e6a6d048ef1b7b63d39c1a59ff787858fc1a47a05c4e707c05d4e5b6305fd2f4
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: 11D0A932214A60ABDB32AA2CFC00FC333E9BB88720F06045DB008C7251C360AC81CA88
                Function 016FE908 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction ID: 1311def20cf1e16146222dc79835bb4758662c2b9e6a42c6c185bcfde912121a
                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction Fuzzy Hash: 01E0EC759506849FDF12EF59CA40F5EBBB9BB95B40F160058A1085B770C725A900CB50
                Function 0167A0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: adc87c5c3e4fd98e69dd94ee736a3feb2eb4418f04fcbdb195807d908dec5e36
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: 9DD0223222307093DF2956A56C00F6B690AAB80AA4F0E002C340AD3A00C1048C43C6E0
                Function 016BA830 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction ID: cbc7a26503993a1905c971c488fcf67aa527e17b252e07629e785a31cd0c32f5
                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction Fuzzy Hash: AAD012371D054DFBCB119F66DC01F957BA9E764BA0F444020B508C75A0C63AE950D584
                Function 016BCA24 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e11070fceb1aeee7fb07d7f2d648e961455b41f42119bf05cfe95327da3aa124
                • Instruction ID: 312deed647be3baf918ebed00393f69b1111ca23c3d0d9465ee01a39d4f17afb
                • Opcode Fuzzy Hash: e11070fceb1aeee7fb07d7f2d648e961455b41f42119bf05cfe95327da3aa124
                • Instruction Fuzzy Hash: 1AD0A730502801CBDF27CF18CD50D6E3A78FB50740F4000ACEB0092220D324DD11C700
                Function 016902A0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction ID: b853920ed73ac2cd5df13688740454ca09f7f763d1b94c34f020dd3675db2ede
                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction Fuzzy Hash: A0D09235212A80CFDB1A8B1CC9A4B1533A8BB44F44F9144D0E402CBB62D728D980CA00
                Function 016BC700 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction ID: 482564185d0dc41124870cd1344323ecc6f9f2eb4f235091e31e1ffecc5b908a
                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction Fuzzy Hash: EFC01232150644AFC7119A95CD01F0177A9E798B50F000021F20487670C531E810D644
                Function 016A0310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: 61e4413cfb41c92c4f56dac0e56e026042ea386d2740bccb75d93bb37b266c97
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: D6D01236100249EFCB01DF41C890D9AB72BFBD8710F508019FD19076108A31ED62DA50
                Function 01680750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: 1d82ecae591e8ee33def42b22c743cf835a8e06d03b355504c9ec19b0b297b43
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: 50C04C757019418FCF15DB29D794F4577E4F754740F151890E805CB721E724E805CA10
                Function 016C4340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 98a9f425321447e33a3f971566fe5e9bbd2dd230cde1535772010b565e23447f
                • Instruction ID: 6e4c3773fef12b39e45e510d4c07408236e5d4ea5eaec7a037ff84f2aabfe1fd
                • Opcode Fuzzy Hash: 98a9f425321447e33a3f971566fe5e9bbd2dd230cde1535772010b565e23447f
                • Instruction Fuzzy Hash: 18900235A0581012914075584C885474019A7E0301B59C011E4424654DCA148A565362
                Function 016C4650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0663b6a397fb64cd56a3ef95c7d7f1081e81e7e65dd31b8afa32042e1cc2c8e1
                • Instruction ID: 5ab811dafd2c8cbb880ec701c23b6ad51043a280e8d5312710df1b7c2327ae27
                • Opcode Fuzzy Hash: 0663b6a397fb64cd56a3ef95c7d7f1081e81e7e65dd31b8afa32042e1cc2c8e1
                • Instruction Fuzzy Hash: 49900265A0151042414075584C084076019A7E1301399C115E4554660DC6188955936A
                Function 016C2B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a8648af34528afa1994952888f7f9739c02d55df0ee4a285f7a0af7d72e79478
                • Instruction ID: 2741baa3853f43f51cb3c537543f58189e255c69b47333f7dffc7d9f913a0660
                • Opcode Fuzzy Hash: a8648af34528afa1994952888f7f9739c02d55df0ee4a285f7a0af7d72e79478
                • Instruction Fuzzy Hash: E390026560241003410575584818617401E97E0201B59C021E5014690EC52589916226
                Function 016C2BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f94f6a7204b75d0c92ea13e38bd8293706bbc5e22abe95f8bf7806e47ec6f65a
                • Instruction ID: d4d493aa35c14555449bd544a7ee16f9bf3245d1b007bf9b598c450e34939654
                • Opcode Fuzzy Hash: f94f6a7204b75d0c92ea13e38bd8293706bbc5e22abe95f8bf7806e47ec6f65a
                • Instruction Fuzzy Hash: 4E90023560545842D14075584808A47002997D0305F59C011E4064794ED6258E55B762
                Function 016C2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7bdf8cc890d034923518589b8120f46805d0cb3ebb9039ac6e8e923deb534bd2
                • Instruction ID: 6029fe7e56e7bff36ce3157941381447b30ce0c3257357f81fcbf6b4a7da8c8d
                • Opcode Fuzzy Hash: 7bdf8cc890d034923518589b8120f46805d0cb3ebb9039ac6e8e923deb534bd2
                • Instruction Fuzzy Hash: 7B90023560141802D1807558480864B001997D1301F99C015E4025754ECA158B5977A2
                Function 016C2BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3f6bcdbb91e4a473ea768a1af2d8b8b7a22323268d0e768f858acb561d85eaa
                • Instruction ID: cbdb9e67692fb7bb71cf94c9e416c3cf1a1b053f4b15d57e496fdfbcf84bffdf
                • Opcode Fuzzy Hash: b3f6bcdbb91e4a473ea768a1af2d8b8b7a22323268d0e768f858acb561d85eaa
                • Instruction Fuzzy Hash: AD900235A0541802D15075584818747001997D0301F59C011E4024754EC7558B5577A2
                Function 016C2B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9179111c830bb7ea0ae09c4ca94b9976bc070ea5c055fe2e06eb0490d8727d41
                • Instruction ID: 162e410864407557af889f01b0a38661a925f422244f20ba30da44a183cea2ab
                • Opcode Fuzzy Hash: 9179111c830bb7ea0ae09c4ca94b9976bc070ea5c055fe2e06eb0490d8727d41
                • Instruction Fuzzy Hash: 8990023560141802D10475584C08687001997D0301F59C011EA024755FD66589917232
                Function 016C2AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a741ba543d1183efe0aaf56da94ef3d358c7a8e6be2e091b1452b33889159da0
                • Instruction ID: 3c5b5128de19444ee5a40c94b5a2bc986fda059e120316959c22d4aa576ebe42
                • Opcode Fuzzy Hash: a741ba543d1183efe0aaf56da94ef3d358c7a8e6be2e091b1452b33889159da0
                • Instruction Fuzzy Hash: 4D900229621410020145B9580A0850B0459A7D6351399C015F5416690DC62189655322
                Function 016C2AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb63944ccabcf2f1f8bb717bc289640d5f8a128f52b8f151cdf06c0dee253356
                • Instruction ID: f7d730bd8817ce930623766cbe648da4463728f3b6613eacc0c991642b5953af
                • Opcode Fuzzy Hash: bb63944ccabcf2f1f8bb717bc289640d5f8a128f52b8f151cdf06c0dee253356
                • Instruction Fuzzy Hash: 7A900229611410030105B9580B08507005A97D5351359C021F5015650DD62189615222
                Function 016C2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 064aca03c11ecd3f267fb1f86e7fa31117a075af9cf552ed05c2e9d91104e893
                • Instruction ID: d88d89a82510e8a50045eaee0b02309e9ba56c04396efb6a685f54a44fad03f4
                • Opcode Fuzzy Hash: 064aca03c11ecd3f267fb1f86e7fa31117a075af9cf552ed05c2e9d91104e893
                • Instruction Fuzzy Hash: 4D9002A5601550924500B6588808B0B451997E0201B59C016E5054660DC52589519236
                Function 016C2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7bea0c5144985ca12fec40853675ffbdbb7ce00b4d1918c123692133673db47f
                • Instruction ID: 38ea99d12f78fce1ab44a8f21bcbd8a15858145a0c301b3a2bcafb27a147080b
                • Opcode Fuzzy Hash: 7bea0c5144985ca12fec40853675ffbdbb7ce00b4d1918c123692133673db47f
                • Instruction Fuzzy Hash: 2F90022570141003D1407558581C6074019E7E1301F59D011E4414654DD91589565323
                Function 016C2D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c872037b4a31191546bbdd01e1cd6eb460b12c5dd5cac04d498760660e540f8c
                • Instruction ID: 50e1da825d58c8cc185b9a80a1354a5c550438c1b2bb0528c4b0e65c3e5a47c2
                • Opcode Fuzzy Hash: c872037b4a31191546bbdd01e1cd6eb460b12c5dd5cac04d498760660e540f8c
                • Instruction Fuzzy Hash: 1190022560545442D1007958580CA07001997D0205F59D011E5064695EC6358951A232
                Function 016C2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 647323f4669a566e1dbc293e3414daa8b1a84f612212c087c6178732ecd80804
                • Instruction ID: fe553706e18642ca69c4168e5d9f9c3b49c924052d13b34287cd4750f1a2fe33
                • Opcode Fuzzy Hash: 647323f4669a566e1dbc293e3414daa8b1a84f612212c087c6178732ecd80804
                • Instruction Fuzzy Hash: 4790022D61341002D1807558580C60B001997D1202F99D415E4015658DC91589695322
                Function 016C2DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37b2688cd51dbea1fafa61393f0ff0055bf1800a1abd9e6474b8cff7933d704b
                • Instruction ID: ffadc0093aeaa73391f7562ed10caa313ecd45cae1b76f77cec634232aea1334
                • Opcode Fuzzy Hash: 37b2688cd51dbea1fafa61393f0ff0055bf1800a1abd9e6474b8cff7933d704b
                • Instruction Fuzzy Hash: 0B900225642451525545B5584808507401AA7E0241799C012E5414A50DC5269956D722
                Function 016C2DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a0d28fc0df8137b9348703cd10333139306e1c8348bdc91bff8cf44c30f50d4
                • Instruction ID: ac095688456818025efdfcbdff9a7fbba9799c0a6ec49a3120654fac030e2bc2
                • Opcode Fuzzy Hash: 2a0d28fc0df8137b9348703cd10333139306e1c8348bdc91bff8cf44c30f50d4
                • Instruction Fuzzy Hash: E790023564141402D14175584808607001DA7D0241F99C012E4424654FC6558B56AB62
                Function 016C2C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b5311e625444ccbcdea0d46b27463ac635dad1ac58aa6913488fceb0996dbe4b
                • Instruction ID: 5a6fbf8920fc3b8870d5554bb16ad571ae639fd650e2a7bdd20d64e932d13ec8
                • Opcode Fuzzy Hash: b5311e625444ccbcdea0d46b27463ac635dad1ac58aa6913488fceb0996dbe4b
                • Instruction Fuzzy Hash: 3190023560141842D10075584808B47001997E0301F59C016E4124754EC615C9517622
                Function 016C2CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad41b8a177c6c7c340b021e5860436a56c41d744ba387c7bcd57aabb82fa1a21
                • Instruction ID: 14d42a714178baf721a5610293a338fc25873877fb6dcf1cdf9afdab4074ec85
                • Opcode Fuzzy Hash: ad41b8a177c6c7c340b021e5860436a56c41d744ba387c7bcd57aabb82fa1a21
                • Instruction Fuzzy Hash: 3990023560141403D1007558590C707001997D0201F59D411E4424658ED65689516222
                Function 016C2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 294cefdc6931d41e6de01ccebd2e38d0138cc441bd6d7b6101d90d6e42bba007
                • Instruction ID: 53e7f5d4b1196880b5178bb72a84a009a1e160fd3668154880955815bdd3fd7e
                • Opcode Fuzzy Hash: 294cefdc6931d41e6de01ccebd2e38d0138cc441bd6d7b6101d90d6e42bba007
                • Instruction Fuzzy Hash: E6900225A0541402D1407558581C707002997D0201F59D011E4024654EC6598B5567A2
                Function 016C2CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6cc6c15a9f1b48381ef87af8a031649bacd6b1b2b5857e3c9b1a8365678d4873
                • Instruction ID: 9d7d362fe94a9001ccedb895e857c583bdd7327bfa7ba554501e9532a7570521
                • Opcode Fuzzy Hash: 6cc6c15a9f1b48381ef87af8a031649bacd6b1b2b5857e3c9b1a8365678d4873
                • Instruction Fuzzy Hash: A390023560141402D1007998580C647001997E0301F59D011E9024655FC66589916232
                Function 016C2F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 58d3444697e1fcbbc844c4aa85be0b70ee95f262e9c2e36574ffa6edc964850c
                • Instruction ID: f544970128845fcc3668aed05f3caacb5dc2ae418b3f20c3fb0c67faf2736e62
                • Opcode Fuzzy Hash: 58d3444697e1fcbbc844c4aa85be0b70ee95f262e9c2e36574ffa6edc964850c
                • Instruction Fuzzy Hash: 8490026561141042D10475584808707005997E1201F59C012E6154654DC5298D615226
                Function 016C2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e39a39e896be15bbacaa376838913438e2ba4e0dd49b628d9a715f30f09ca33b
                • Instruction ID: 9844a2d74a209a52a6268cc2ff70488cee5901353365ee99b271f012545e0d6c
                • Opcode Fuzzy Hash: e39a39e896be15bbacaa376838913438e2ba4e0dd49b628d9a715f30f09ca33b
                • Instruction Fuzzy Hash: 3990026574141442D10075584818B070019D7E1301F59C015E5064654EC619CD526227
                Function 016C2FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e01b7f8205086436c23d493886be486bc3821d0f06e76f2192f63f40f18f5a6d
                • Instruction ID: 1963810e1617dbd0e9b1a825fdab679fdf4dfc75cff5b6fbec0001a74d3e13f4
                • Opcode Fuzzy Hash: e01b7f8205086436c23d493886be486bc3821d0f06e76f2192f63f40f18f5a6d
                • Instruction Fuzzy Hash: E1900225611C1042D20079684C18B07001997D0303F59C115E4154654DC91589615622
                Function 016C2FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b11377ae9d7263e735dfded78bf8cfe5e86a414940bbdad3f7656a53484a898
                • Instruction ID: 670a5ff83d971841d2b6f2d07c23eb55d1c2425bff052914cb592a6eb7974461
                • Opcode Fuzzy Hash: 0b11377ae9d7263e735dfded78bf8cfe5e86a414940bbdad3f7656a53484a898
                • Instruction Fuzzy Hash: 7E90023560181402D10075584C0C747001997D0302F59C011E9164655FC665C9916632
                Function 016C2FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16eeecd48ed7cda540d39718709e243bf47ab5c15b163e2be40012d6435537f3
                • Instruction ID: ef91a040af4f76e59625056861670c6006988dc48e8e5d2db64bdd6c70e77235
                • Opcode Fuzzy Hash: 16eeecd48ed7cda540d39718709e243bf47ab5c15b163e2be40012d6435537f3
                • Instruction Fuzzy Hash: 22900225A0141042414075688C489074019BBE1211759C121E4998650EC55989655766
                Function 016C2F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 81e193000119bdd8f1b170c51efef99f766a898396408f18262f8ec68750f499
                • Instruction ID: 966b04102e5c138f488eac677c2c865904ff7e81acbd798695b3475800c03664
                • Opcode Fuzzy Hash: 81e193000119bdd8f1b170c51efef99f766a898396408f18262f8ec68750f499
                • Instruction Fuzzy Hash: BF90023560181402D10075584C1870B001997D0302F59C011E5164655EC62589516672
                Function 016C2E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 90896d7f732e55d15329baf7b2ecf62314ed79a0fe60c449df29df6c230bb77a
                • Instruction ID: 40020b13805ef79671012a4eb0fd13aed0113356a74058298f4fe47c2dd1f501
                • Opcode Fuzzy Hash: 90896d7f732e55d15329baf7b2ecf62314ed79a0fe60c449df29df6c230bb77a
                • Instruction Fuzzy Hash: 4490022570141402D10275584818607001DD7D1345F99C012E5424655EC6258A53A233
                Function 016C2EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba0fb05e272b3e89fe0d530e723d32e8846e809b576fd05363a9ba514886cde2
                • Instruction ID: f2b2d0449a5618b4aa11de84ba621b2e8937baa6127af0bfcf323e2859a4adfd
                • Opcode Fuzzy Hash: ba0fb05e272b3e89fe0d530e723d32e8846e809b576fd05363a9ba514886cde2
                • Instruction Fuzzy Hash: 8490026560181403D14079584C08607001997D0302F59C011E6064655FCA298D516236
                Function 016C2EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3788839a0d49eb220256a0cc7ac1d6e3cad16fc7df819b8893fe0527f575eefb
                • Instruction ID: 70714f19df944928ec63070c1b68fa011acb5848576d3fd71e0546caa565c87f
                • Opcode Fuzzy Hash: 3788839a0d49eb220256a0cc7ac1d6e3cad16fc7df819b8893fe0527f575eefb
                • Instruction Fuzzy Hash: A190027560141402D14075584808747001997D0301F59C011E9064654FC6598ED56766
                Function 016C2E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e775ad15ae6ab70e64aa1fb0683ff76d8165e19a4218298668a788838a577e5b
                • Instruction ID: d389b342d0fde9291ebe6c3c5e67c36538bfb35c175a9b5dc7271e02e993d37e
                • Opcode Fuzzy Hash: e775ad15ae6ab70e64aa1fb0683ff76d8165e19a4218298668a788838a577e5b
                • Instruction Fuzzy Hash: B5900225A0141502D10175584808617001E97D0241F99C022E5024655FCA258A92A232
                Function 016C3010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5fde6f16d8ccfd26069b6ba43d7e63763f34f637a3dbdd76709ddf2df7b4ed98
                • Instruction ID: ae8b6b35a287f1e5aa301ec1bfb013ab054d77df3e3524743e7ce3d80291eb58
                • Opcode Fuzzy Hash: 5fde6f16d8ccfd26069b6ba43d7e63763f34f637a3dbdd76709ddf2df7b4ed98
                • Instruction Fuzzy Hash: 5490022560185442D14076584C08B0F411997E1202F99C019E8156654DC91589555722
                Function 016C3090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d4adc572e5bb6593470614e03412ab660a952bfb4d0956f5790b7110ef1da5a
                • Instruction ID: 37d86a8ca2413e7495be1d03925a655bd61a0317393bf281b926de5f3cefd648
                • Opcode Fuzzy Hash: 7d4adc572e5bb6593470614e03412ab660a952bfb4d0956f5790b7110ef1da5a
                • Instruction Fuzzy Hash: C090022564141802D14075588818707001AD7D0601F59C011E4024654EC6168A6567B2
                Function 016C39B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b893768c1f51a9139b757fb952d4272758bb3e150cb1ca82665f1266ce53cef1
                • Instruction ID: f746d6ea45f11989162d6235416dd9de43687da8a077cfc340235b4bb3702bf0
                • Opcode Fuzzy Hash: b893768c1f51a9139b757fb952d4272758bb3e150cb1ca82665f1266ce53cef1
                • Instruction Fuzzy Hash: C990022564546102D150755C48086174019B7E0201F59C021E4814694EC55589556322
                Function 016C3D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9452c6f1d204b4e4319f432187e3411ae603c421316b5d8cab540c1055a4b363
                • Instruction ID: a3fbd391ffa7ccef4c3921a061b00f11c6365f7f560eea09951236b6a8835cd8
                • Opcode Fuzzy Hash: 9452c6f1d204b4e4319f432187e3411ae603c421316b5d8cab540c1055a4b363
                • Instruction Fuzzy Hash: 3790023960141402D51075585C08647005A97D0301F59D411E4424658EC65489A1A222
                Function 016C3D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 241fb279f270369eed70683a26d34245299d8133cc53c93a0f7cdaf6600b8f0a
                • Instruction ID: 7eb6b983668c892c453a7ccad95124e2ce8ee630aec1c17a2a18faec7703b96f
                • Opcode Fuzzy Hash: 241fb279f270369eed70683a26d34245299d8133cc53c93a0f7cdaf6600b8f0a
                • Instruction Fuzzy Hash: 3190023560241142954076585C08A4F411997E1302B99D415E4015654DC91489615322
                Function 016C2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: fb68d4ae9efe15eb130d1090fa557ab0a34a55b52c4337ded982de97b3009f75
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 016C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: b87a50c96dbe8e637d8cf4e09d8c0bc4413d9b1bfe8870a2869b0d9447211d88
                • Instruction ID: dc8fde867306fa2be086028ee279614ed52d5b10cd9e78b0ff0c1ab8f11b9ecf
                • Opcode Fuzzy Hash: b87a50c96dbe8e637d8cf4e09d8c0bc4413d9b1bfe8870a2869b0d9447211d88
                • Instruction Fuzzy Hash: E851C3B6A00116BEDB11DB9D8CA497EFBB8FB08640B14822DE9A9D7741D734DE4487A0
                Function 01732410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: a4bb9dae692d197d04dd7037ef0d32af1c226fb50c39f9379b0759eb8b65ca93
                • Instruction ID: 7c835799bd8c6a4ca8bb362ea2d86c15df932c051141fa628fe1a9385bb1546b
                • Opcode Fuzzy Hash: a4bb9dae692d197d04dd7037ef0d32af1c226fb50c39f9379b0759eb8b65ca93
                • Instruction Fuzzy Hash: 9251F471A00646AECB30DF9CCD9097FFBF9EF84200B548499E596D7683EA74EE408760
                Function 016B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 016F4725
                • ExecuteOptions, xrefs: 016F46A0
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 016F4787
                • Execute=1, xrefs: 016F4713
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 016F4742
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016F46FC
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 016F4655
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 3479d827e4f5ddc8279667be5b40c8f2124e1a92728b15b39ee387197cc564ab
                • Instruction ID: a5f28c3f1c22c1746ce20fa10071e1e68bef5d985662648d381d5521b7dbc8d9
                • Opcode Fuzzy Hash: 3479d827e4f5ddc8279667be5b40c8f2124e1a92728b15b39ee387197cc564ab
                • Instruction Fuzzy Hash: 13512B31600219AAEF21ABA8DCC5FFE77B9EF95700F0400ADD605A72C1EB719A818F54
                Function 016CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: a824080a16226ade9ee99fd2a4434079ef3e320f3bd283674e8a6b5d695b1252
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: A381BF70E062598EEF258E6DCC527BEBBB2EF45BA0F18411ED861A7391C73488418B65
                Function 017320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: 6ff7240cc1223a50a9cab36103323a9caadcd0fa221caaf5f4d29b91bdf5223e
                • Instruction ID: de1a724f5b57b2db76be8bb47ccef09aca0ab815b634c1324cf67d876f615106
                • Opcode Fuzzy Hash: 6ff7240cc1223a50a9cab36103323a9caadcd0fa221caaf5f4d29b91bdf5223e
                • Instruction Fuzzy Hash: A221537AE00119ABDB20DE6DCD40AFEBBF9EF94650F14011AE905D3202E730D9018BA1
                Function 016AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016F02E7
                • RTL: Re-Waiting, xrefs: 016F031E
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016F02BD
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 33565607ac5bbb8a88b124601891d1fa60a7761a4dee18e6e9756babcaf09818
                • Instruction ID: ab7558141779c86843a4c8071d8a1b95223fda60f01e4fd2f005d76c7f72069e
                • Opcode Fuzzy Hash: 33565607ac5bbb8a88b124601891d1fa60a7761a4dee18e6e9756babcaf09818
                • Instruction Fuzzy Hash: A4E1AD316087429FE725CF28CC84B2ABBE1EB84314F544AADF6A58B3D2D774D845CB52
                Function 016BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Resource at %p, xrefs: 016F7B8E
                • RTL: Re-Waiting, xrefs: 016F7BAC
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 016F7B7F
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: 3298c83a6f631523603400718c32472c4eca88457f5ddd16205717993bea0bc6
                • Instruction ID: 76765f9d6d103228e323b95a1128c340b2e27bf551b08d459296c8955735d559
                • Opcode Fuzzy Hash: 3298c83a6f631523603400718c32472c4eca88457f5ddd16205717993bea0bc6
                • Instruction Fuzzy Hash: D741E2317047069FD721DE2DCC80BAAB7E9EF89710F000A2DEA5A97380DB31E8458B91
                Function 016BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016F728C
                Strings
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 016F7294
                • RTL: Resource at %p, xrefs: 016F72A3
                • RTL: Re-Waiting, xrefs: 016F72C1
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 8f90e378d05c2e66687c162200a850f8968155c01e2f1c2d7c3e5b10332bd768
                • Instruction ID: 9290aa7092a8af274dc02f43ee77152b18bf1c6d3bb04b9c63fe6392b8ad73da
                • Opcode Fuzzy Hash: 8f90e378d05c2e66687c162200a850f8968155c01e2f1c2d7c3e5b10332bd768
                • Instruction Fuzzy Hash: AD410036705206ABD721DE29CC81FAAB7A5FF94710F10461DFA55AB380DB20F8428BD1
                Function 01732300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: 3020056aea9040e893ced90536fc9a3200905225a784bada30e9f20a8d61d179
                • Instruction ID: b1c40bb7c600818d1fa9678b45942ff7ab47e007367c0592c978b4f23c258f2c
                • Opcode Fuzzy Hash: 3020056aea9040e893ced90536fc9a3200905225a784bada30e9f20a8d61d179
                • Instruction Fuzzy Hash: CB317872A00219AFDB20DF2DDC40BEEB7F8EF54610F554559E949E3242EB30AA448BA0
                Function 016C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: c58f90bc2d02061d303cb954408c76850aa48bbbd2d289ffa9641836e1a27ebc
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: 25917D71E0021A9AEB24DF6DCC81ABEBBA5EF44B20F14451EE965A73C0E7309941CF65
                Function 01689126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.1992934707.0000000001650000.00000040.00001000.00020000.00000000.sdmp, Offset: 01650000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1650000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: 5baba4ec20098900f72ca4320f63edccf18982a2e60b3837fac28af542079ea3
                • Instruction ID: a8eab1c85567088ceb5092bf40b198867f945f68771464e6a60992dcf9629eea
                • Opcode Fuzzy Hash: 5baba4ec20098900f72ca4320f63edccf18982a2e60b3837fac28af542079ea3
                • Instruction Fuzzy Hash: E0813B71D012699BDB31DB54CC58BEEB7B9AB48714F0042EAEA09B7240D7709E85CFA4