Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wN7EPNiHSM.exe

Overview

General Information

Sample name:wN7EPNiHSM.exe
renamed because original name is a hash value
Original sample name:fcebb7294aba738107afce200d17aa674b8bfe835351750ca6ad01ba55174f00.exe
Analysis ID:1587724
MD5:4e8944d70c0b6ade6eafea2d95434873
SHA1:97b3b6c541a8685a3d4df1f2e7462eb6be42b0b2
SHA256:fcebb7294aba738107afce200d17aa674b8bfe835351750ca6ad01ba55174f00
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • wN7EPNiHSM.exe (PID: 7696 cmdline: "C:\Users\user\Desktop\wN7EPNiHSM.exe" MD5: 4E8944D70C0B6ADE6EAFEA2D95434873)
    • wN7EPNiHSM.exe (PID: 1020 cmdline: "C:\Users\user\Desktop\wN7EPNiHSM.exe" MD5: 4E8944D70C0B6ADE6EAFEA2D95434873)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2303020793.0000000001400000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Process Memory Space: wN7EPNiHSM.exe PID: 7696JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.wN7EPNiHSM.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.wN7EPNiHSM.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: wN7EPNiHSM.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: wN7EPNiHSM.exeReversingLabs: Detection: 84%
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.wN7EPNiHSM.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.wN7EPNiHSM.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.2303020793.0000000001400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: wN7EPNiHSM.exeJoe Sandbox ML: detected
            Source: wN7EPNiHSM.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: wN7EPNiHSM.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: wN7EPNiHSM.exe, 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: wN7EPNiHSM.exe, wN7EPNiHSM.exe, 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.wN7EPNiHSM.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.wN7EPNiHSM.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.2303020793.0000000001400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_0042C8E3 NtClose,4_2_0042C8E3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_0040AA86 NtDelayExecution,4_2_0040AA86
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12B60 NtClose,LdrInitializeThunk,4_2_01A12B60
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01A12DF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01A12C70
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A135C0 NtCreateMutant,LdrInitializeThunk,4_2_01A135C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A14340 NtSetContextThread,4_2_01A14340
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A14650 NtSuspendThread,4_2_01A14650
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12BA0 NtEnumerateValueKey,4_2_01A12BA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12B80 NtQueryInformationFile,4_2_01A12B80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12BE0 NtQueryValueKey,4_2_01A12BE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12BF0 NtAllocateVirtualMemory,4_2_01A12BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12AB0 NtWaitForSingleObject,4_2_01A12AB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12AF0 NtWriteFile,4_2_01A12AF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12AD0 NtReadFile,4_2_01A12AD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12DB0 NtEnumerateKey,4_2_01A12DB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12DD0 NtDelayExecution,4_2_01A12DD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12D30 NtUnmapViewOfSection,4_2_01A12D30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12D00 NtSetInformationFile,4_2_01A12D00
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12D10 NtMapViewOfSection,4_2_01A12D10
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12CA0 NtQueryInformationToken,4_2_01A12CA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12CF0 NtOpenProcess,4_2_01A12CF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12CC0 NtQueryVirtualMemory,4_2_01A12CC0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12C00 NtQueryInformationProcess,4_2_01A12C00
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12C60 NtCreateKey,4_2_01A12C60
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12FA0 NtQuerySection,4_2_01A12FA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12FB0 NtResumeThread,4_2_01A12FB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12F90 NtProtectVirtualMemory,4_2_01A12F90
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12FE0 NtCreateFile,4_2_01A12FE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12F30 NtCreateSection,4_2_01A12F30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12F60 NtCreateProcessEx,4_2_01A12F60
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12EA0 NtAdjustPrivilegesToken,4_2_01A12EA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12E80 NtReadVirtualMemory,4_2_01A12E80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12EE0 NtQueueApcThread,4_2_01A12EE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12E30 NtWriteVirtualMemory,4_2_01A12E30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A13090 NtSetValueKey,4_2_01A13090
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A13010 NtOpenDirectoryObject,4_2_01A13010
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A139B0 NtGetContextThread,4_2_01A139B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A13D10 NtOpenProcessToken,4_2_01A13D10
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A13D70 NtOpenThread,4_2_01A13D70
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_05791DE80_2_05791DE8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_05790C100_2_05790C10
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 0_2_057949480_2_05794948
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004030004_2_00403000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004100134_2_00410013
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004169DF4_2_004169DF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004169E34_2_004169E3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_0040E2134_2_0040E213
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004102334_2_00410233
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004012804_2_00401280
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_0040E3584_2_0040E358
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_0040E3634_2_0040E363
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004023104_2_00402310
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004024FE4_2_004024FE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004025004_2_00402500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_0042EEF34_2_0042EEF3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA01AA4_2_01AA01AA
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A941A24_2_01A941A2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A981CC4_2_01A981CC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D01004_2_019D0100
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7A1184_2_01A7A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A681584_2_01A68158
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A720004_2_01A72000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA03E64_2_01AA03E6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EE3F04_2_019EE3F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9A3524_2_01A9A352
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A602C04_2_01A602C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A802744_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA05914_2_01AA0591
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E05354_2_019E0535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8E4F64_2_01A8E4F6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A844204_2_01A84420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A924464_2_01A92446
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DC7C04_2_019DC7C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E07704_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A047504_2_01A04750
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FC6E04_2_019FC6E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AAA9A64_2_01AAA9A6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A04_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F69624_2_019F6962
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019C68B84_2_019C68B8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E8F04_2_01A0E8F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EA8404_2_019EA840
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E28404_2_019E2840
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A96BD74_2_01A96BD7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9AB404_2_01A9AB40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA804_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F8DBF4_2_019F8DBF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DADE04_2_019DADE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EAD004_2_019EAD00
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7CD1F4_2_01A7CD1F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80CB54_2_01A80CB5
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D0CF24_2_019D0CF2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0C004_2_019E0C00
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5EFA04_2_01A5EFA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D2FC84_2_019D2FC8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019ECFE04_2_019ECFE0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A22F284_2_01A22F28
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A00F304_2_01A00F30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A82F304_2_01A82F30
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A54F404_2_01A54F40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F2E904_2_019F2E90
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9CE934_2_01A9CE93
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9EEDB4_2_01A9EEDB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9EE264_2_01A9EE26
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0E594_2_019E0E59
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EB1B04_2_019EB1B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AAB16B4_2_01AAB16B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A1516C4_2_01A1516C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CF1724_2_019CF172
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A970E94_2_01A970E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9F0E04_2_01A9F0E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E70C04_2_019E70C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8F0CC4_2_01A8F0CC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A2739A4_2_01A2739A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9132D4_2_01A9132D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CD34C4_2_019CD34C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E52A04_2_019E52A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A812ED4_2_01A812ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FB2C04_2_019FB2C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7D5B04_2_01A7D5B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A975714_2_01A97571
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9F43F4_2_01A9F43F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D14604_2_019D1460
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9F7B04_2_01A9F7B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D17EC4_2_019D17EC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A916CC4_2_01A916CC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A256304_2_01A25630
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A759104_2_01A75910
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E99504_2_019E9950
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FB9504_2_019FB950
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E38E04_2_019E38E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4D8004_2_01A4D800
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FFB804_2_019FFB80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A55BF04_2_01A55BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A1DBF94_2_01A1DBF9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9FB764_2_01A9FB76
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A25AA04_2_01A25AA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7DAAC4_2_01A7DAAC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A81AA34_2_01A81AA3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8DAC64_2_01A8DAC6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A53A6C4_2_01A53A6C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9FA494_2_01A9FA49
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A97A464_2_01A97A46
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FFDC04_2_019FFDC0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A97D734_2_01A97D73
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E3D404_2_019E3D40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A91D5A4_2_01A91D5A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9FCF24_2_01A9FCF2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A59C324_2_01A59C32
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E1F924_2_019E1F92
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9FFB14_2_01A9FFB1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019A3FD24_2_019A3FD2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019A3FD54_2_019A3FD5
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9FF094_2_01A9FF09
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E9EB04_2_019E9EB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 01A15130 appears 58 times
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 01A5F290 appears 105 times
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 01A4EA12 appears 86 times
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 01A27E54 appears 101 times
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: String function: 019CB970 appears 283 times
            Source: wN7EPNiHSM.exe, 00000000.00000002.1503024248.0000000003C79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000000.1344286949.0000000000952000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTdjI.exe" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1502329921.0000000002CB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1519811917.0000000005740000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1503024248.0000000003CC8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1520658142.00000000071E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000000.00000002.1501505737.000000000100E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exe, 00000004.00000002.2303321047.0000000001ACD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exeBinary or memory string: OriginalFilenameTdjI.exe" vs wN7EPNiHSM.exe
            Source: wN7EPNiHSM.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: wN7EPNiHSM.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal80.troj.evad.winEXE@3/1@0/0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wN7EPNiHSM.exe.logJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMutant created: NULL
            Source: wN7EPNiHSM.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: wN7EPNiHSM.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: wN7EPNiHSM.exeReversingLabs: Detection: 84%
            Source: unknownProcess created: C:\Users\user\Desktop\wN7EPNiHSM.exe "C:\Users\user\Desktop\wN7EPNiHSM.exe"
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess created: C:\Users\user\Desktop\wN7EPNiHSM.exe "C:\Users\user\Desktop\wN7EPNiHSM.exe"
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess created: C:\Users\user\Desktop\wN7EPNiHSM.exe "C:\Users\user\Desktop\wN7EPNiHSM.exe"Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: wN7EPNiHSM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: wN7EPNiHSM.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: wN7EPNiHSM.exe, 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: wN7EPNiHSM.exe, wN7EPNiHSM.exe, 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_004050EB push eax; ret 4_2_004050F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_00403270 push eax; ret 4_2_00403272
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_0041F2E5 push ds; iretd 4_2_0041F320
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_0041737C push FFFFFFD1h; iretd 4_2_0041739D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_00415C43 push esi; iretd 4_2_00415C4E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_00414447 push ebp; retf 4_2_00414448
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_00414561 push edx; ret 4_2_00414568
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_00413523 push es; retf 4_2_00413605
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_00404E88 push 87AF7CBCh; retf 4_2_00404E96
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_00404F63 push edi; retf 4_2_00404F64
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_00416782 push ds; iretd 4_2_00416785
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_0040179F push edi; retf 4_2_004017A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019A225F pushad ; ret 4_2_019A27F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019A27FA pushad ; ret 4_2_019A27F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D09AD push ecx; mov dword ptr [esp], ecx4_2_019D09B6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019A283D push eax; iretd 4_2_019A2858
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019A1368 push eax; iretd 4_2_019A1369
            Source: wN7EPNiHSM.exeStatic PE information: section name: .text entropy: 7.555536758399242
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: wN7EPNiHSM.exe PID: 7696, type: MEMORYSTR
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 2B00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 2C70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 4C70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 9090000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: 7930000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: A090000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: B090000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A1096E rdtsc 4_2_01A1096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeAPI coverage: 0.7 %
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exe TID: 7768Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exe TID: 7456Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A1096E rdtsc 4_2_01A1096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_00417973 LdrLoadDll,4_2_00417973
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CA197 mov eax, dword ptr fs:[00000030h]4_2_019CA197
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CA197 mov eax, dword ptr fs:[00000030h]4_2_019CA197
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CA197 mov eax, dword ptr fs:[00000030h]4_2_019CA197
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8C188 mov eax, dword ptr fs:[00000030h]4_2_01A8C188
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8C188 mov eax, dword ptr fs:[00000030h]4_2_01A8C188
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A10185 mov eax, dword ptr fs:[00000030h]4_2_01A10185
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A74180 mov eax, dword ptr fs:[00000030h]4_2_01A74180
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A74180 mov eax, dword ptr fs:[00000030h]4_2_01A74180
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5019F mov eax, dword ptr fs:[00000030h]4_2_01A5019F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5019F mov eax, dword ptr fs:[00000030h]4_2_01A5019F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5019F mov eax, dword ptr fs:[00000030h]4_2_01A5019F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5019F mov eax, dword ptr fs:[00000030h]4_2_01A5019F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA61E5 mov eax, dword ptr fs:[00000030h]4_2_01AA61E5
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A001F8 mov eax, dword ptr fs:[00000030h]4_2_01A001F8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A961C3 mov eax, dword ptr fs:[00000030h]4_2_01A961C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A961C3 mov eax, dword ptr fs:[00000030h]4_2_01A961C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E1D0 mov eax, dword ptr fs:[00000030h]4_2_01A4E1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E1D0 mov eax, dword ptr fs:[00000030h]4_2_01A4E1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E1D0 mov ecx, dword ptr fs:[00000030h]4_2_01A4E1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E1D0 mov eax, dword ptr fs:[00000030h]4_2_01A4E1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E1D0 mov eax, dword ptr fs:[00000030h]4_2_01A4E1D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A00124 mov eax, dword ptr fs:[00000030h]4_2_01A00124
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov eax, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov ecx, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov eax, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov eax, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov ecx, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov eax, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov eax, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov ecx, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov eax, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E10E mov ecx, dword ptr fs:[00000030h]4_2_01A7E10E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A90115 mov eax, dword ptr fs:[00000030h]4_2_01A90115
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7A118 mov ecx, dword ptr fs:[00000030h]4_2_01A7A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7A118 mov eax, dword ptr fs:[00000030h]4_2_01A7A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7A118 mov eax, dword ptr fs:[00000030h]4_2_01A7A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7A118 mov eax, dword ptr fs:[00000030h]4_2_01A7A118
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6154 mov eax, dword ptr fs:[00000030h]4_2_019D6154
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6154 mov eax, dword ptr fs:[00000030h]4_2_019D6154
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CC156 mov eax, dword ptr fs:[00000030h]4_2_019CC156
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A64144 mov eax, dword ptr fs:[00000030h]4_2_01A64144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A64144 mov eax, dword ptr fs:[00000030h]4_2_01A64144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A64144 mov ecx, dword ptr fs:[00000030h]4_2_01A64144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A64144 mov eax, dword ptr fs:[00000030h]4_2_01A64144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A64144 mov eax, dword ptr fs:[00000030h]4_2_01A64144
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A68158 mov eax, dword ptr fs:[00000030h]4_2_01A68158
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A680A8 mov eax, dword ptr fs:[00000030h]4_2_01A680A8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A960B8 mov eax, dword ptr fs:[00000030h]4_2_01A960B8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A960B8 mov ecx, dword ptr fs:[00000030h]4_2_01A960B8
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D208A mov eax, dword ptr fs:[00000030h]4_2_019D208A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A560E0 mov eax, dword ptr fs:[00000030h]4_2_01A560E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A120F0 mov ecx, dword ptr fs:[00000030h]4_2_01A120F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CC0F0 mov eax, dword ptr fs:[00000030h]4_2_019CC0F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D80E9 mov eax, dword ptr fs:[00000030h]4_2_019D80E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A520DE mov eax, dword ptr fs:[00000030h]4_2_01A520DE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CA0E3 mov ecx, dword ptr fs:[00000030h]4_2_019CA0E3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EE016 mov eax, dword ptr fs:[00000030h]4_2_019EE016
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EE016 mov eax, dword ptr fs:[00000030h]4_2_019EE016
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EE016 mov eax, dword ptr fs:[00000030h]4_2_019EE016
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EE016 mov eax, dword ptr fs:[00000030h]4_2_019EE016
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A66030 mov eax, dword ptr fs:[00000030h]4_2_01A66030
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A54000 mov ecx, dword ptr fs:[00000030h]4_2_01A54000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A72000 mov eax, dword ptr fs:[00000030h]4_2_01A72000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A72000 mov eax, dword ptr fs:[00000030h]4_2_01A72000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A72000 mov eax, dword ptr fs:[00000030h]4_2_01A72000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A72000 mov eax, dword ptr fs:[00000030h]4_2_01A72000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A72000 mov eax, dword ptr fs:[00000030h]4_2_01A72000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A72000 mov eax, dword ptr fs:[00000030h]4_2_01A72000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A72000 mov eax, dword ptr fs:[00000030h]4_2_01A72000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A72000 mov eax, dword ptr fs:[00000030h]4_2_01A72000
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CA020 mov eax, dword ptr fs:[00000030h]4_2_019CA020
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CC020 mov eax, dword ptr fs:[00000030h]4_2_019CC020
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D2050 mov eax, dword ptr fs:[00000030h]4_2_019D2050
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FC073 mov eax, dword ptr fs:[00000030h]4_2_019FC073
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A56050 mov eax, dword ptr fs:[00000030h]4_2_01A56050
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019C8397 mov eax, dword ptr fs:[00000030h]4_2_019C8397
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019C8397 mov eax, dword ptr fs:[00000030h]4_2_019C8397
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019C8397 mov eax, dword ptr fs:[00000030h]4_2_019C8397
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F438F mov eax, dword ptr fs:[00000030h]4_2_019F438F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F438F mov eax, dword ptr fs:[00000030h]4_2_019F438F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CE388 mov eax, dword ptr fs:[00000030h]4_2_019CE388
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CE388 mov eax, dword ptr fs:[00000030h]4_2_019CE388
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CE388 mov eax, dword ptr fs:[00000030h]4_2_019CE388
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA3C0 mov eax, dword ptr fs:[00000030h]4_2_019DA3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA3C0 mov eax, dword ptr fs:[00000030h]4_2_019DA3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA3C0 mov eax, dword ptr fs:[00000030h]4_2_019DA3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA3C0 mov eax, dword ptr fs:[00000030h]4_2_019DA3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA3C0 mov eax, dword ptr fs:[00000030h]4_2_019DA3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA3C0 mov eax, dword ptr fs:[00000030h]4_2_019DA3C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D83C0 mov eax, dword ptr fs:[00000030h]4_2_019D83C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D83C0 mov eax, dword ptr fs:[00000030h]4_2_019D83C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D83C0 mov eax, dword ptr fs:[00000030h]4_2_019D83C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D83C0 mov eax, dword ptr fs:[00000030h]4_2_019D83C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A063FF mov eax, dword ptr fs:[00000030h]4_2_01A063FF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8C3CD mov eax, dword ptr fs:[00000030h]4_2_01A8C3CD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EE3F0 mov eax, dword ptr fs:[00000030h]4_2_019EE3F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EE3F0 mov eax, dword ptr fs:[00000030h]4_2_019EE3F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EE3F0 mov eax, dword ptr fs:[00000030h]4_2_019EE3F0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A743D4 mov eax, dword ptr fs:[00000030h]4_2_01A743D4
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A743D4 mov eax, dword ptr fs:[00000030h]4_2_01A743D4
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E03E9 mov eax, dword ptr fs:[00000030h]4_2_019E03E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E03E9 mov eax, dword ptr fs:[00000030h]4_2_019E03E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E03E9 mov eax, dword ptr fs:[00000030h]4_2_019E03E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E03E9 mov eax, dword ptr fs:[00000030h]4_2_019E03E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E03E9 mov eax, dword ptr fs:[00000030h]4_2_019E03E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E03E9 mov eax, dword ptr fs:[00000030h]4_2_019E03E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E03E9 mov eax, dword ptr fs:[00000030h]4_2_019E03E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E03E9 mov eax, dword ptr fs:[00000030h]4_2_019E03E9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E3DB mov eax, dword ptr fs:[00000030h]4_2_01A7E3DB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E3DB mov eax, dword ptr fs:[00000030h]4_2_01A7E3DB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E3DB mov ecx, dword ptr fs:[00000030h]4_2_01A7E3DB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7E3DB mov eax, dword ptr fs:[00000030h]4_2_01A7E3DB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CC310 mov ecx, dword ptr fs:[00000030h]4_2_019CC310
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F0310 mov ecx, dword ptr fs:[00000030h]4_2_019F0310
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A30B mov eax, dword ptr fs:[00000030h]4_2_01A0A30B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A30B mov eax, dword ptr fs:[00000030h]4_2_01A0A30B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A30B mov eax, dword ptr fs:[00000030h]4_2_01A0A30B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7437C mov eax, dword ptr fs:[00000030h]4_2_01A7437C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A52349 mov eax, dword ptr fs:[00000030h]4_2_01A52349
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A78350 mov ecx, dword ptr fs:[00000030h]4_2_01A78350
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5035C mov eax, dword ptr fs:[00000030h]4_2_01A5035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5035C mov eax, dword ptr fs:[00000030h]4_2_01A5035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5035C mov eax, dword ptr fs:[00000030h]4_2_01A5035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5035C mov ecx, dword ptr fs:[00000030h]4_2_01A5035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5035C mov eax, dword ptr fs:[00000030h]4_2_01A5035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5035C mov eax, dword ptr fs:[00000030h]4_2_01A5035C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9A352 mov eax, dword ptr fs:[00000030h]4_2_01A9A352
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A662A0 mov eax, dword ptr fs:[00000030h]4_2_01A662A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A662A0 mov ecx, dword ptr fs:[00000030h]4_2_01A662A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A662A0 mov eax, dword ptr fs:[00000030h]4_2_01A662A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A662A0 mov eax, dword ptr fs:[00000030h]4_2_01A662A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A662A0 mov eax, dword ptr fs:[00000030h]4_2_01A662A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A662A0 mov eax, dword ptr fs:[00000030h]4_2_01A662A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E284 mov eax, dword ptr fs:[00000030h]4_2_01A0E284
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E284 mov eax, dword ptr fs:[00000030h]4_2_01A0E284
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A50283 mov eax, dword ptr fs:[00000030h]4_2_01A50283
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A50283 mov eax, dword ptr fs:[00000030h]4_2_01A50283
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A50283 mov eax, dword ptr fs:[00000030h]4_2_01A50283
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E02A0 mov eax, dword ptr fs:[00000030h]4_2_019E02A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E02A0 mov eax, dword ptr fs:[00000030h]4_2_019E02A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA2C3 mov eax, dword ptr fs:[00000030h]4_2_019DA2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA2C3 mov eax, dword ptr fs:[00000030h]4_2_019DA2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA2C3 mov eax, dword ptr fs:[00000030h]4_2_019DA2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA2C3 mov eax, dword ptr fs:[00000030h]4_2_019DA2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA2C3 mov eax, dword ptr fs:[00000030h]4_2_019DA2C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E02E1 mov eax, dword ptr fs:[00000030h]4_2_019E02E1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E02E1 mov eax, dword ptr fs:[00000030h]4_2_019E02E1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E02E1 mov eax, dword ptr fs:[00000030h]4_2_019E02E1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019C823B mov eax, dword ptr fs:[00000030h]4_2_019C823B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6259 mov eax, dword ptr fs:[00000030h]4_2_019D6259
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CA250 mov eax, dword ptr fs:[00000030h]4_2_019CA250
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A80274 mov eax, dword ptr fs:[00000030h]4_2_01A80274
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A58243 mov eax, dword ptr fs:[00000030h]4_2_01A58243
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A58243 mov ecx, dword ptr fs:[00000030h]4_2_01A58243
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019C826B mov eax, dword ptr fs:[00000030h]4_2_019C826B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8A250 mov eax, dword ptr fs:[00000030h]4_2_01A8A250
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8A250 mov eax, dword ptr fs:[00000030h]4_2_01A8A250
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D4260 mov eax, dword ptr fs:[00000030h]4_2_019D4260
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D4260 mov eax, dword ptr fs:[00000030h]4_2_019D4260
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D4260 mov eax, dword ptr fs:[00000030h]4_2_019D4260
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A505A7 mov eax, dword ptr fs:[00000030h]4_2_01A505A7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A505A7 mov eax, dword ptr fs:[00000030h]4_2_01A505A7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A505A7 mov eax, dword ptr fs:[00000030h]4_2_01A505A7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D2582 mov eax, dword ptr fs:[00000030h]4_2_019D2582
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D2582 mov ecx, dword ptr fs:[00000030h]4_2_019D2582
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A04588 mov eax, dword ptr fs:[00000030h]4_2_01A04588
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F45B1 mov eax, dword ptr fs:[00000030h]4_2_019F45B1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F45B1 mov eax, dword ptr fs:[00000030h]4_2_019F45B1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E59C mov eax, dword ptr fs:[00000030h]4_2_01A0E59C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D65D0 mov eax, dword ptr fs:[00000030h]4_2_019D65D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0C5ED mov eax, dword ptr fs:[00000030h]4_2_01A0C5ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0C5ED mov eax, dword ptr fs:[00000030h]4_2_01A0C5ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E5CF mov eax, dword ptr fs:[00000030h]4_2_01A0E5CF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E5CF mov eax, dword ptr fs:[00000030h]4_2_01A0E5CF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A5D0 mov eax, dword ptr fs:[00000030h]4_2_01A0A5D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A5D0 mov eax, dword ptr fs:[00000030h]4_2_01A0A5D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE5E7 mov eax, dword ptr fs:[00000030h]4_2_019FE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE5E7 mov eax, dword ptr fs:[00000030h]4_2_019FE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE5E7 mov eax, dword ptr fs:[00000030h]4_2_019FE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE5E7 mov eax, dword ptr fs:[00000030h]4_2_019FE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE5E7 mov eax, dword ptr fs:[00000030h]4_2_019FE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE5E7 mov eax, dword ptr fs:[00000030h]4_2_019FE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE5E7 mov eax, dword ptr fs:[00000030h]4_2_019FE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE5E7 mov eax, dword ptr fs:[00000030h]4_2_019FE5E7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D25E0 mov eax, dword ptr fs:[00000030h]4_2_019D25E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE53E mov eax, dword ptr fs:[00000030h]4_2_019FE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE53E mov eax, dword ptr fs:[00000030h]4_2_019FE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE53E mov eax, dword ptr fs:[00000030h]4_2_019FE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE53E mov eax, dword ptr fs:[00000030h]4_2_019FE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE53E mov eax, dword ptr fs:[00000030h]4_2_019FE53E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A66500 mov eax, dword ptr fs:[00000030h]4_2_01A66500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA4500 mov eax, dword ptr fs:[00000030h]4_2_01AA4500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA4500 mov eax, dword ptr fs:[00000030h]4_2_01AA4500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA4500 mov eax, dword ptr fs:[00000030h]4_2_01AA4500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA4500 mov eax, dword ptr fs:[00000030h]4_2_01AA4500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA4500 mov eax, dword ptr fs:[00000030h]4_2_01AA4500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA4500 mov eax, dword ptr fs:[00000030h]4_2_01AA4500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA4500 mov eax, dword ptr fs:[00000030h]4_2_01AA4500
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0535 mov eax, dword ptr fs:[00000030h]4_2_019E0535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0535 mov eax, dword ptr fs:[00000030h]4_2_019E0535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0535 mov eax, dword ptr fs:[00000030h]4_2_019E0535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0535 mov eax, dword ptr fs:[00000030h]4_2_019E0535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0535 mov eax, dword ptr fs:[00000030h]4_2_019E0535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0535 mov eax, dword ptr fs:[00000030h]4_2_019E0535
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0656A mov eax, dword ptr fs:[00000030h]4_2_01A0656A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0656A mov eax, dword ptr fs:[00000030h]4_2_01A0656A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0656A mov eax, dword ptr fs:[00000030h]4_2_01A0656A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D8550 mov eax, dword ptr fs:[00000030h]4_2_019D8550
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D8550 mov eax, dword ptr fs:[00000030h]4_2_019D8550
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A044B0 mov ecx, dword ptr fs:[00000030h]4_2_01A044B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5A4B0 mov eax, dword ptr fs:[00000030h]4_2_01A5A4B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8A49A mov eax, dword ptr fs:[00000030h]4_2_01A8A49A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D64AB mov eax, dword ptr fs:[00000030h]4_2_019D64AB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D04E5 mov ecx, dword ptr fs:[00000030h]4_2_019D04E5
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A56420 mov eax, dword ptr fs:[00000030h]4_2_01A56420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A56420 mov eax, dword ptr fs:[00000030h]4_2_01A56420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A56420 mov eax, dword ptr fs:[00000030h]4_2_01A56420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A56420 mov eax, dword ptr fs:[00000030h]4_2_01A56420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A56420 mov eax, dword ptr fs:[00000030h]4_2_01A56420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A56420 mov eax, dword ptr fs:[00000030h]4_2_01A56420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A56420 mov eax, dword ptr fs:[00000030h]4_2_01A56420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A430 mov eax, dword ptr fs:[00000030h]4_2_01A0A430
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A08402 mov eax, dword ptr fs:[00000030h]4_2_01A08402
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A08402 mov eax, dword ptr fs:[00000030h]4_2_01A08402
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A08402 mov eax, dword ptr fs:[00000030h]4_2_01A08402
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CC427 mov eax, dword ptr fs:[00000030h]4_2_019CC427
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CE420 mov eax, dword ptr fs:[00000030h]4_2_019CE420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CE420 mov eax, dword ptr fs:[00000030h]4_2_019CE420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CE420 mov eax, dword ptr fs:[00000030h]4_2_019CE420
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019C645D mov eax, dword ptr fs:[00000030h]4_2_019C645D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F245A mov eax, dword ptr fs:[00000030h]4_2_019F245A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5C460 mov ecx, dword ptr fs:[00000030h]4_2_01A5C460
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E443 mov eax, dword ptr fs:[00000030h]4_2_01A0E443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E443 mov eax, dword ptr fs:[00000030h]4_2_01A0E443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E443 mov eax, dword ptr fs:[00000030h]4_2_01A0E443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E443 mov eax, dword ptr fs:[00000030h]4_2_01A0E443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E443 mov eax, dword ptr fs:[00000030h]4_2_01A0E443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E443 mov eax, dword ptr fs:[00000030h]4_2_01A0E443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E443 mov eax, dword ptr fs:[00000030h]4_2_01A0E443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0E443 mov eax, dword ptr fs:[00000030h]4_2_01A0E443
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FA470 mov eax, dword ptr fs:[00000030h]4_2_019FA470
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FA470 mov eax, dword ptr fs:[00000030h]4_2_019FA470
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FA470 mov eax, dword ptr fs:[00000030h]4_2_019FA470
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A8A456 mov eax, dword ptr fs:[00000030h]4_2_01A8A456
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A847A0 mov eax, dword ptr fs:[00000030h]4_2_01A847A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7678E mov eax, dword ptr fs:[00000030h]4_2_01A7678E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D07AF mov eax, dword ptr fs:[00000030h]4_2_019D07AF
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5E7E1 mov eax, dword ptr fs:[00000030h]4_2_01A5E7E1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DC7C0 mov eax, dword ptr fs:[00000030h]4_2_019DC7C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A507C3 mov eax, dword ptr fs:[00000030h]4_2_01A507C3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D47FB mov eax, dword ptr fs:[00000030h]4_2_019D47FB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D47FB mov eax, dword ptr fs:[00000030h]4_2_019D47FB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F27ED mov eax, dword ptr fs:[00000030h]4_2_019F27ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F27ED mov eax, dword ptr fs:[00000030h]4_2_019F27ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F27ED mov eax, dword ptr fs:[00000030h]4_2_019F27ED
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0C720 mov eax, dword ptr fs:[00000030h]4_2_01A0C720
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0C720 mov eax, dword ptr fs:[00000030h]4_2_01A0C720
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D0710 mov eax, dword ptr fs:[00000030h]4_2_019D0710
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4C730 mov eax, dword ptr fs:[00000030h]4_2_01A4C730
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0273C mov eax, dword ptr fs:[00000030h]4_2_01A0273C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0273C mov ecx, dword ptr fs:[00000030h]4_2_01A0273C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0273C mov eax, dword ptr fs:[00000030h]4_2_01A0273C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0C700 mov eax, dword ptr fs:[00000030h]4_2_01A0C700
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A00710 mov eax, dword ptr fs:[00000030h]4_2_01A00710
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D0750 mov eax, dword ptr fs:[00000030h]4_2_019D0750
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0674D mov esi, dword ptr fs:[00000030h]4_2_01A0674D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0674D mov eax, dword ptr fs:[00000030h]4_2_01A0674D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0674D mov eax, dword ptr fs:[00000030h]4_2_01A0674D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D8770 mov eax, dword ptr fs:[00000030h]4_2_019D8770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0770 mov eax, dword ptr fs:[00000030h]4_2_019E0770
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A54755 mov eax, dword ptr fs:[00000030h]4_2_01A54755
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12750 mov eax, dword ptr fs:[00000030h]4_2_01A12750
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12750 mov eax, dword ptr fs:[00000030h]4_2_01A12750
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5E75D mov eax, dword ptr fs:[00000030h]4_2_01A5E75D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0C6A6 mov eax, dword ptr fs:[00000030h]4_2_01A0C6A6
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D4690 mov eax, dword ptr fs:[00000030h]4_2_019D4690
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D4690 mov eax, dword ptr fs:[00000030h]4_2_019D4690
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A066B0 mov eax, dword ptr fs:[00000030h]4_2_01A066B0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A506F1 mov eax, dword ptr fs:[00000030h]4_2_01A506F1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A506F1 mov eax, dword ptr fs:[00000030h]4_2_01A506F1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E6F2 mov eax, dword ptr fs:[00000030h]4_2_01A4E6F2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E6F2 mov eax, dword ptr fs:[00000030h]4_2_01A4E6F2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E6F2 mov eax, dword ptr fs:[00000030h]4_2_01A4E6F2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E6F2 mov eax, dword ptr fs:[00000030h]4_2_01A4E6F2
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A6C7 mov ebx, dword ptr fs:[00000030h]4_2_01A0A6C7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A6C7 mov eax, dword ptr fs:[00000030h]4_2_01A0A6C7
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A06620 mov eax, dword ptr fs:[00000030h]4_2_01A06620
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A08620 mov eax, dword ptr fs:[00000030h]4_2_01A08620
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E260B mov eax, dword ptr fs:[00000030h]4_2_019E260B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E260B mov eax, dword ptr fs:[00000030h]4_2_019E260B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E260B mov eax, dword ptr fs:[00000030h]4_2_019E260B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E260B mov eax, dword ptr fs:[00000030h]4_2_019E260B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E260B mov eax, dword ptr fs:[00000030h]4_2_019E260B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E260B mov eax, dword ptr fs:[00000030h]4_2_019E260B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E260B mov eax, dword ptr fs:[00000030h]4_2_019E260B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E609 mov eax, dword ptr fs:[00000030h]4_2_01A4E609
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D262C mov eax, dword ptr fs:[00000030h]4_2_019D262C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A12619 mov eax, dword ptr fs:[00000030h]4_2_01A12619
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EE627 mov eax, dword ptr fs:[00000030h]4_2_019EE627
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A660 mov eax, dword ptr fs:[00000030h]4_2_01A0A660
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A660 mov eax, dword ptr fs:[00000030h]4_2_01A0A660
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9866E mov eax, dword ptr fs:[00000030h]4_2_01A9866E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9866E mov eax, dword ptr fs:[00000030h]4_2_01A9866E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A02674 mov eax, dword ptr fs:[00000030h]4_2_01A02674
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019EC640 mov eax, dword ptr fs:[00000030h]4_2_019EC640
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A589B3 mov esi, dword ptr fs:[00000030h]4_2_01A589B3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A589B3 mov eax, dword ptr fs:[00000030h]4_2_01A589B3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A589B3 mov eax, dword ptr fs:[00000030h]4_2_01A589B3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D09AD mov eax, dword ptr fs:[00000030h]4_2_019D09AD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D09AD mov eax, dword ptr fs:[00000030h]4_2_019D09AD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E29A0 mov eax, dword ptr fs:[00000030h]4_2_019E29A0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5E9E0 mov eax, dword ptr fs:[00000030h]4_2_01A5E9E0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA9D0 mov eax, dword ptr fs:[00000030h]4_2_019DA9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA9D0 mov eax, dword ptr fs:[00000030h]4_2_019DA9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA9D0 mov eax, dword ptr fs:[00000030h]4_2_019DA9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA9D0 mov eax, dword ptr fs:[00000030h]4_2_019DA9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA9D0 mov eax, dword ptr fs:[00000030h]4_2_019DA9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DA9D0 mov eax, dword ptr fs:[00000030h]4_2_019DA9D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A029F9 mov eax, dword ptr fs:[00000030h]4_2_01A029F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A029F9 mov eax, dword ptr fs:[00000030h]4_2_01A029F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A669C0 mov eax, dword ptr fs:[00000030h]4_2_01A669C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A049D0 mov eax, dword ptr fs:[00000030h]4_2_01A049D0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9A9D3 mov eax, dword ptr fs:[00000030h]4_2_01A9A9D3
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019C8918 mov eax, dword ptr fs:[00000030h]4_2_019C8918
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019C8918 mov eax, dword ptr fs:[00000030h]4_2_019C8918
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A6892B mov eax, dword ptr fs:[00000030h]4_2_01A6892B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5892A mov eax, dword ptr fs:[00000030h]4_2_01A5892A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E908 mov eax, dword ptr fs:[00000030h]4_2_01A4E908
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4E908 mov eax, dword ptr fs:[00000030h]4_2_01A4E908
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5C912 mov eax, dword ptr fs:[00000030h]4_2_01A5C912
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A1096E mov eax, dword ptr fs:[00000030h]4_2_01A1096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A1096E mov edx, dword ptr fs:[00000030h]4_2_01A1096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A1096E mov eax, dword ptr fs:[00000030h]4_2_01A1096E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5C97C mov eax, dword ptr fs:[00000030h]4_2_01A5C97C
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A74978 mov eax, dword ptr fs:[00000030h]4_2_01A74978
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A74978 mov eax, dword ptr fs:[00000030h]4_2_01A74978
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A50946 mov eax, dword ptr fs:[00000030h]4_2_01A50946
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F6962 mov eax, dword ptr fs:[00000030h]4_2_019F6962
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F6962 mov eax, dword ptr fs:[00000030h]4_2_019F6962
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F6962 mov eax, dword ptr fs:[00000030h]4_2_019F6962
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D0887 mov eax, dword ptr fs:[00000030h]4_2_019D0887
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5C89D mov eax, dword ptr fs:[00000030h]4_2_01A5C89D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9A8E4 mov eax, dword ptr fs:[00000030h]4_2_01A9A8E4
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0C8F9 mov eax, dword ptr fs:[00000030h]4_2_01A0C8F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0C8F9 mov eax, dword ptr fs:[00000030h]4_2_01A0C8F9
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FE8C0 mov eax, dword ptr fs:[00000030h]4_2_019FE8C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA08C0 mov eax, dword ptr fs:[00000030h]4_2_01AA08C0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0A830 mov eax, dword ptr fs:[00000030h]4_2_01A0A830
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7483A mov eax, dword ptr fs:[00000030h]4_2_01A7483A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7483A mov eax, dword ptr fs:[00000030h]4_2_01A7483A
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F2835 mov eax, dword ptr fs:[00000030h]4_2_019F2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F2835 mov eax, dword ptr fs:[00000030h]4_2_019F2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F2835 mov eax, dword ptr fs:[00000030h]4_2_019F2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F2835 mov ecx, dword ptr fs:[00000030h]4_2_019F2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F2835 mov eax, dword ptr fs:[00000030h]4_2_019F2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F2835 mov eax, dword ptr fs:[00000030h]4_2_019F2835
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5C810 mov eax, dword ptr fs:[00000030h]4_2_01A5C810
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D4859 mov eax, dword ptr fs:[00000030h]4_2_019D4859
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D4859 mov eax, dword ptr fs:[00000030h]4_2_019D4859
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A66870 mov eax, dword ptr fs:[00000030h]4_2_01A66870
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A66870 mov eax, dword ptr fs:[00000030h]4_2_01A66870
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5E872 mov eax, dword ptr fs:[00000030h]4_2_01A5E872
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5E872 mov eax, dword ptr fs:[00000030h]4_2_01A5E872
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E2840 mov ecx, dword ptr fs:[00000030h]4_2_019E2840
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A00854 mov eax, dword ptr fs:[00000030h]4_2_01A00854
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A84BB0 mov eax, dword ptr fs:[00000030h]4_2_01A84BB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A84BB0 mov eax, dword ptr fs:[00000030h]4_2_01A84BB0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0BBE mov eax, dword ptr fs:[00000030h]4_2_019E0BBE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0BBE mov eax, dword ptr fs:[00000030h]4_2_019E0BBE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D0BCD mov eax, dword ptr fs:[00000030h]4_2_019D0BCD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D0BCD mov eax, dword ptr fs:[00000030h]4_2_019D0BCD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D0BCD mov eax, dword ptr fs:[00000030h]4_2_019D0BCD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F0BCB mov eax, dword ptr fs:[00000030h]4_2_019F0BCB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F0BCB mov eax, dword ptr fs:[00000030h]4_2_019F0BCB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F0BCB mov eax, dword ptr fs:[00000030h]4_2_019F0BCB
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5CBF0 mov eax, dword ptr fs:[00000030h]4_2_01A5CBF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FEBFC mov eax, dword ptr fs:[00000030h]4_2_019FEBFC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D8BF0 mov eax, dword ptr fs:[00000030h]4_2_019D8BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D8BF0 mov eax, dword ptr fs:[00000030h]4_2_019D8BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D8BF0 mov eax, dword ptr fs:[00000030h]4_2_019D8BF0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7EBD0 mov eax, dword ptr fs:[00000030h]4_2_01A7EBD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A98B28 mov eax, dword ptr fs:[00000030h]4_2_01A98B28
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A98B28 mov eax, dword ptr fs:[00000030h]4_2_01A98B28
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4EB1D mov eax, dword ptr fs:[00000030h]4_2_01A4EB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4EB1D mov eax, dword ptr fs:[00000030h]4_2_01A4EB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4EB1D mov eax, dword ptr fs:[00000030h]4_2_01A4EB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4EB1D mov eax, dword ptr fs:[00000030h]4_2_01A4EB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4EB1D mov eax, dword ptr fs:[00000030h]4_2_01A4EB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4EB1D mov eax, dword ptr fs:[00000030h]4_2_01A4EB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4EB1D mov eax, dword ptr fs:[00000030h]4_2_01A4EB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4EB1D mov eax, dword ptr fs:[00000030h]4_2_01A4EB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4EB1D mov eax, dword ptr fs:[00000030h]4_2_01A4EB1D
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FEB20 mov eax, dword ptr fs:[00000030h]4_2_019FEB20
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FEB20 mov eax, dword ptr fs:[00000030h]4_2_019FEB20
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019CCB7E mov eax, dword ptr fs:[00000030h]4_2_019CCB7E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A84B4B mov eax, dword ptr fs:[00000030h]4_2_01A84B4B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A84B4B mov eax, dword ptr fs:[00000030h]4_2_01A84B4B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A78B42 mov eax, dword ptr fs:[00000030h]4_2_01A78B42
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A66B40 mov eax, dword ptr fs:[00000030h]4_2_01A66B40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A66B40 mov eax, dword ptr fs:[00000030h]4_2_01A66B40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A9AB40 mov eax, dword ptr fs:[00000030h]4_2_01A9AB40
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7EB50 mov eax, dword ptr fs:[00000030h]4_2_01A7EB50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A26AA4 mov eax, dword ptr fs:[00000030h]4_2_01A26AA4
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA80 mov eax, dword ptr fs:[00000030h]4_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA80 mov eax, dword ptr fs:[00000030h]4_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA80 mov eax, dword ptr fs:[00000030h]4_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA80 mov eax, dword ptr fs:[00000030h]4_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA80 mov eax, dword ptr fs:[00000030h]4_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA80 mov eax, dword ptr fs:[00000030h]4_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA80 mov eax, dword ptr fs:[00000030h]4_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA80 mov eax, dword ptr fs:[00000030h]4_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019DEA80 mov eax, dword ptr fs:[00000030h]4_2_019DEA80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA4A80 mov eax, dword ptr fs:[00000030h]4_2_01AA4A80
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A08A90 mov edx, dword ptr fs:[00000030h]4_2_01A08A90
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D8AA0 mov eax, dword ptr fs:[00000030h]4_2_019D8AA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D8AA0 mov eax, dword ptr fs:[00000030h]4_2_019D8AA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D0AD0 mov eax, dword ptr fs:[00000030h]4_2_019D0AD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0AAEE mov eax, dword ptr fs:[00000030h]4_2_01A0AAEE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0AAEE mov eax, dword ptr fs:[00000030h]4_2_01A0AAEE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A26ACC mov eax, dword ptr fs:[00000030h]4_2_01A26ACC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A26ACC mov eax, dword ptr fs:[00000030h]4_2_01A26ACC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A26ACC mov eax, dword ptr fs:[00000030h]4_2_01A26ACC
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A04AD0 mov eax, dword ptr fs:[00000030h]4_2_01A04AD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A04AD0 mov eax, dword ptr fs:[00000030h]4_2_01A04AD0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0CA24 mov eax, dword ptr fs:[00000030h]4_2_01A0CA24
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0CA38 mov eax, dword ptr fs:[00000030h]4_2_01A0CA38
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F4A35 mov eax, dword ptr fs:[00000030h]4_2_019F4A35
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019F4A35 mov eax, dword ptr fs:[00000030h]4_2_019F4A35
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019FEA2E mov eax, dword ptr fs:[00000030h]4_2_019FEA2E
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A5CA11 mov eax, dword ptr fs:[00000030h]4_2_01A5CA11
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0A5B mov eax, dword ptr fs:[00000030h]4_2_019E0A5B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019E0A5B mov eax, dword ptr fs:[00000030h]4_2_019E0A5B
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A7EA60 mov eax, dword ptr fs:[00000030h]4_2_01A7EA60
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6A50 mov eax, dword ptr fs:[00000030h]4_2_019D6A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6A50 mov eax, dword ptr fs:[00000030h]4_2_019D6A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6A50 mov eax, dword ptr fs:[00000030h]4_2_019D6A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6A50 mov eax, dword ptr fs:[00000030h]4_2_019D6A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6A50 mov eax, dword ptr fs:[00000030h]4_2_019D6A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6A50 mov eax, dword ptr fs:[00000030h]4_2_019D6A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_019D6A50 mov eax, dword ptr fs:[00000030h]4_2_019D6A50
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0CA6F mov eax, dword ptr fs:[00000030h]4_2_01A0CA6F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0CA6F mov eax, dword ptr fs:[00000030h]4_2_01A0CA6F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0CA6F mov eax, dword ptr fs:[00000030h]4_2_01A0CA6F
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4CA72 mov eax, dword ptr fs:[00000030h]4_2_01A4CA72
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A4CA72 mov eax, dword ptr fs:[00000030h]4_2_01A4CA72
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A06DA0 mov eax, dword ptr fs:[00000030h]4_2_01A06DA0
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01AA4DAD mov eax, dword ptr fs:[00000030h]4_2_01AA4DAD
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A98DAE mov eax, dword ptr fs:[00000030h]4_2_01A98DAE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A98DAE mov eax, dword ptr fs:[00000030h]4_2_01A98DAE
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0CDB1 mov ecx, dword ptr fs:[00000030h]4_2_01A0CDB1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0CDB1 mov eax, dword ptr fs:[00000030h]4_2_01A0CDB1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeCode function: 4_2_01A0CDB1 mov eax, dword ptr fs:[00000030h]4_2_01A0CDB1
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeProcess created: C:\Users\user\Desktop\wN7EPNiHSM.exe "C:\Users\user\Desktop\wN7EPNiHSM.exe"Jump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Users\user\Desktop\wN7EPNiHSM.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\wN7EPNiHSM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.wN7EPNiHSM.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.wN7EPNiHSM.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.2303020793.0000000001400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.wN7EPNiHSM.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.wN7EPNiHSM.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.2303020793.0000000001400000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		11
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            wN7EPNiHSM.exe84%ReversingLabsWin32.Trojan.Jalapeno
            wN7EPNiHSM.exe100%AviraHEUR/AGEN.1363068
            wN7EPNiHSM.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            s-part-0017.t-0009.t-msedge.net
            		13.107.246.45
            		truefalse
              		high

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1587724
              Start date and time:2025-01-10 17:30:58 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 7m 3s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Run name:Run with higher sleep bypass
              Number of analysed new started processes analysed:8
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:wN7EPNiHSM.exe
              renamed because original name is a hash value
              Original Sample Name:fcebb7294aba738107afce200d17aa674b8bfe835351750ca6ad01ba55174f00.exe
              Detection:MAL
              Classification:mal80.troj.evad.winEXE@3/1@0/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 94%
              • Number of executed functions: 27
              • Number of non-executed functions: 263
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 184.28.90.27, 20.109.210.53
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: wN7EPNiHSM.exe

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              s-part-0017.t-0009.t-msedge.net334130052300215064.jsGet hashmaliciousStrela DownloaderBrowse
              • 13.107.246.45
              http://infarmbureau.comGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              489131343024428850.jsGet hashmaliciousStrela DownloaderBrowse
              • 13.107.246.45
              zAK7HHniGW.exeGet hashmaliciousSnake KeyloggerBrowse
              • 13.107.246.45
              8nkdC8daWi.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
              • 13.107.246.45
              lExtvSjBgq.exeGet hashmaliciousFormBookBrowse
              • 13.107.246.45
              Axvn7Hegxc.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              tx4pkcHL9o.exeGet hashmaliciousMassLogger RATBrowse
              • 13.107.246.45
              raq4ttncJF.exeGet hashmaliciousFormBookBrowse
              • 13.107.246.45
              WF2DL1l7E8.exeGet hashmaliciousFormBookBrowse
              • 13.107.246.45

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wN7EPNiHSM.exe.log

              Download File
              Process:C:\Users\user\Desktop\wN7EPNiHSM.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1216
              Entropy (8bit):5.34331486778365
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
              MD5:1330C80CAAC9A0FB172F202485E9B1E8
              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
              Malicious:true
              Reputation:high, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.5504484053447385
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:wN7EPNiHSM.exe
              File size:861'696 bytes
              MD5:4e8944d70c0b6ade6eafea2d95434873
              SHA1:97b3b6c541a8685a3d4df1f2e7462eb6be42b0b2
              SHA256:fcebb7294aba738107afce200d17aa674b8bfe835351750ca6ad01ba55174f00
              SHA512:8304633df914456f308004d7e45ed311528b06b7e685a331cb8a5ab7340bf744141473b6f463b3404e77510ccef8fc970080c07310fabb22e9cc9f1925b543a3
              SSDEEP:12288:QDkX1pKPhri+0uT6xakSev7R6fdT1P2RJNK8azs1EEUwhHmXVQv81:QAXaU+58SevUZ92oN2EjIGFQv81
              TLSH:DD0501B855B9C01EC4696B7586F2F2B912246FDD6B01E3CF5BC97EEBB823A0548443C1
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....hg..............0..............:... ...@....@.. ....................................@................................

              File Icon

              Icon Hash:90cececece8e8eb0

              Static PE Info

              General

              Entrypoint:0x4d3aee
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x6768B014 [Mon Dec 23 00:34:28 2024 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add dword ptr [eax], eax
              add byte ptr [eax], al
              add al, byte ptr [eax]
              add byte ptr [eax], al
              add al, 00h
              add byte ptr [eax], al
              or byte ptr [eax], al
              add byte ptr [eax], al
              adc byte ptr [eax], al
              add byte ptr [eax], al
              and byte ptr [eax], al
              add byte ptr [eax], al
              inc eax
              add byte ptr [eax], al
              add byte ptr [eax+00000000h], al
              add dword ptr [eax], eax
              add byte ptr [eax], al
              add al, byte ptr [eax]
              add byte ptr [eax], al
              add al, 00h
              add byte ptr [eax], al
              or byte ptr [eax], al
              add byte ptr [eax], al
              adc byte ptr [eax], al
              add byte ptr [eax], al
              and byte ptr [eax], al
              add byte ptr [eax], al
              inc eax
              add byte ptr [eax], al
              add byte ptr [eax+00530000h], al
              jns 00007F87147EB062h
              jnc 00007F87147EB062h
              je 00007F87147EB062h
              add byte ptr [ebp+00h], ch
              add byte ptr [edx+00h], dl
              add byte ptr [esi+00h], ah
              insb
              add byte ptr [ebp+00h], ah
              arpl word ptr [eax], ax
              je 00007F87147EB062h
              imul eax, dword ptr [eax], 006E006Fh
              add byte ptr [ecx+00h], al
              jnc 00007F87147EB062h
              jnc 00007F87147EB062h
              add byte ptr [ebp+00h], ch
              bound eax, dword ptr [eax]
              insb
              add byte ptr [ecx+00h], bh
              add byte ptr [eax], al
              add byte ptr [eax], al
              dec esp
              add byte ptr [edi+00h], ch
              popad
              add byte ptr [eax+eax+00h], ah
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xd3a9c0x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x59c.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xd60000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xd1b740xd1c00b0cec5f2b39e3baee8675b46efc92d4dFalse0.8182383231525626data7.555536758399242IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xd40000x59c0x6003157639e86f1fcc9ef115b4fbdbebbf4False0.4153645833333333data4.09928229529802IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xd60000xc0x2006dc8ce20d2e41fecd48b24f259e4e5b0False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xd40900x30cdata0.42435897435897435
              RT_MANIFEST0xd43ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jan 10, 2025 17:31:52.628927946 CET1.1.1.1192.168.2.100xe682No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Jan 10, 2025 17:31:52.628927946 CET1.1.1.1192.168.2.100xe682No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:11:31:56
              Start date:10/01/2025
              Path:C:\Users\user\Desktop\wN7EPNiHSM.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\wN7EPNiHSM.exe"
              Imagebase:0x930000
              File size:861'696 bytes
              MD5 hash:4E8944D70C0B6ADE6EAFEA2D95434873
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:4
              Start time:11:32:11
              Start date:10/01/2025
              Path:C:\Users\user\Desktop\wN7EPNiHSM.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\wN7EPNiHSM.exe"
              Imagebase:0xe70000
              File size:861'696 bytes
              MD5 hash:4E8944D70C0B6ADE6EAFEA2D95434873
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2303020793.0000000001400000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:4.6%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:46
                Total number of Limit Nodes:7
                execution_graph 28823 2b0ecd8 28827 2b0edd0 28823->28827 28837 2b0edc3 28823->28837 28824 2b0ece7 28828 2b0ede1 28827->28828 28832 2b0ee04 28827->28832 28847 2b0e794 28828->28847 28831 2b0edfc 28831->28832 28833 2b0f008 GetModuleHandleW 28831->28833 28832->28824 28834 2b0f035 28833->28834 28834->28824 28838 2b0ede1 28837->28838 28841 2b0ee04 28837->28841 28839 2b0e794 GetModuleHandleW 28838->28839 28840 2b0edec 28839->28840 28840->28841 28845 2b0f068 GetModuleHandleW 28840->28845 28846 2b0f058 GetModuleHandleW 28840->28846 28841->28824 28842 2b0edfc 28842->28841 28843 2b0f008 GetModuleHandleW 28842->28843 28844 2b0f035 28843->28844 28844->28824 28845->28842 28846->28842 28848 2b0efc0 GetModuleHandleW 28847->28848 28850 2b0edec 28848->28850 28850->28832 28851 2b0f068 28850->28851 28854 2b0f058 28850->28854 28852 2b0e794 GetModuleHandleW 28851->28852 28853 2b0f07c 28852->28853 28853->28831 28855 2b0f068 28854->28855 28856 2b0e794 GetModuleHandleW 28855->28856 28857 2b0f07c 28856->28857 28857->28831 28858 57971e1 28859 57971e4 CloseHandle 28858->28859 28861 579724f 28859->28861 28862 2b04668 28863 2b0467a 28862->28863 28864 2b04686 28863->28864 28866 2b04779 28863->28866 28867 2b0479d 28866->28867 28871 2b04888 28867->28871 28875 2b04879 28867->28875 28872 2b048af 28871->28872 28873 2b0498c 28872->28873 28879 2b044c4 28872->28879 28876 2b04888 28875->28876 28877 2b0498c 28876->28877 28878 2b044c4 CreateActCtxA 28876->28878 28878->28877 28880 2b05918 CreateActCtxA 28879->28880 28882 2b059cf 28880->28882

                Executed Functions

                Function 02B0EDD0 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1480 2b0edd0-2b0eddf 1481 2b0ede1-2b0edee call 2b0e794 1480->1481 1482 2b0ee0b-2b0ee0f 1480->1482 1488 2b0edf0 1481->1488 1489 2b0ee04 1481->1489 1484 2b0ee11-2b0ee1b 1482->1484 1485 2b0ee23-2b0ee64 1482->1485 1484->1485 1491 2b0ee71-2b0ee7f 1485->1491 1492 2b0ee66-2b0ee6e 1485->1492 1535 2b0edf6 call 2b0f068 1488->1535 1536 2b0edf6 call 2b0f058 1488->1536 1489->1482 1493 2b0ee81-2b0ee86 1491->1493 1494 2b0eea3-2b0eea5 1491->1494 1492->1491 1496 2b0ee91 1493->1496 1497 2b0ee88-2b0ee8f call 2b0e7a0 1493->1497 1499 2b0eea8-2b0eeaf 1494->1499 1495 2b0edfc-2b0edfe 1495->1489 1498 2b0ef40-2b0f000 1495->1498 1501 2b0ee93-2b0eea1 1496->1501 1497->1501 1530 2b0f002-2b0f005 1498->1530 1531 2b0f008-2b0f033 GetModuleHandleW 1498->1531 1502 2b0eeb1-2b0eeb9 1499->1502 1503 2b0eebc-2b0eec3 1499->1503 1501->1499 1502->1503 1506 2b0eed0-2b0eed9 call 2b0e7b0 1503->1506 1507 2b0eec5-2b0eecd 1503->1507 1511 2b0eee6-2b0eeeb 1506->1511 1512 2b0eedb-2b0eee3 1506->1512 1507->1506 1513 2b0ef09-2b0ef16 1511->1513 1514 2b0eeed-2b0eef4 1511->1514 1512->1511 1521 2b0ef18-2b0ef36 1513->1521 1522 2b0ef39-2b0ef3f 1513->1522 1514->1513 1516 2b0eef6-2b0ef06 call 2b0e7c0 call 2b0e7d0 1514->1516 1516->1513 1521->1522 1530->1531 1532 2b0f035-2b0f03b 1531->1532 1533 2b0f03c-2b0f050 1531->1533 1532->1533 1535->1495 1536->1495
                Memory Dump Source
                • Source File: 00000000.00000002.1502210165.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2b00000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: d290d35df5dca1a2bd7afecefde5194b0828c85826fd1bbedcb222b7421023c3
                • Instruction ID: afbaeee3d2c4bfaa8bca3c67dee89ea8ec8af210ba82f07bb528a00f89216fcb
                • Opcode Fuzzy Hash: d290d35df5dca1a2bd7afecefde5194b0828c85826fd1bbedcb222b7421023c3
                • Instruction Fuzzy Hash: E5714570A00B058FEB65DF29D08575ABBF2FF88204F10896ED48AD7A80DB74E845CF91
                Function 02B044C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1537 2b044c4-2b059d9 CreateActCtxA 1540 2b059e2-2b05a3c 1537->1540 1541 2b059db-2b059e1 1537->1541 1548 2b05a4b-2b05a4f 1540->1548 1549 2b05a3e-2b05a41 1540->1549 1541->1540 1550 2b05a60-2b05a90 1548->1550 1551 2b05a51-2b05a5d 1548->1551 1549->1548 1555 2b05a42-2b05a4a 1550->1555 1556 2b05a92-2b05b14 1550->1556 1551->1550 1555->1548 1559 2b059cf-2b059d9 1555->1559 1559->1540 1559->1541
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 02B059C9
                Memory Dump Source
                • Source File: 00000000.00000002.1502210165.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2b00000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 9770d99b735d4ea14537e5172bc9dcd33bc125af54739f26560f05072bec4bd3
                • Instruction ID: cb4af98b3a0774d81789e8bf85cff93cade103fff8ef230dd185eadb7c951da3
                • Opcode Fuzzy Hash: 9770d99b735d4ea14537e5172bc9dcd33bc125af54739f26560f05072bec4bd3
                • Instruction Fuzzy Hash: 9641F271C0071DCBEB24CFAAC884B9DBBB5BF49304F60806AD409AB255DBB16945CF90
                Function 02B0590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1560 2b0590c-2b05912 1561 2b05918-2b059d9 CreateActCtxA 1560->1561 1563 2b059e2-2b05a3c 1561->1563 1564 2b059db-2b059e1 1561->1564 1571 2b05a4b-2b05a4f 1563->1571 1572 2b05a3e-2b05a41 1563->1572 1564->1563 1573 2b05a60-2b05a90 1571->1573 1574 2b05a51-2b05a5d 1571->1574 1572->1571 1578 2b05a42-2b05a4a 1573->1578 1579 2b05a92-2b05b14 1573->1579 1574->1573 1578->1571 1582 2b059cf-2b059d9 1578->1582 1582->1563 1582->1564
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 02B059C9
                Memory Dump Source
                • Source File: 00000000.00000002.1502210165.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2b00000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 2e1a727102495b8e2e4d4ea7ef6eb991e75d92fb04cdc88b03aa631b4fe3cc6b
                • Instruction ID: a65a9e938b41f78bbbd2729359ace5992b0c0a2c3469cfbff89a5ee84842a70f
                • Opcode Fuzzy Hash: 2e1a727102495b8e2e4d4ea7ef6eb991e75d92fb04cdc88b03aa631b4fe3cc6b
                • Instruction Fuzzy Hash: B141D371C00719DFEB24CFA9C884B9DBBB5BF49304F60805AD409AB255DBB56985CF50
                Function 02B0E794 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1583 2b0e794-2b0f000 1585 2b0f002-2b0f005 1583->1585 1586 2b0f008-2b0f033 GetModuleHandleW 1583->1586 1585->1586 1587 2b0f035-2b0f03b 1586->1587 1588 2b0f03c-2b0f050 1586->1588 1587->1588
                APIs
                • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,02B0EDEC), ref: 02B0F026
                Memory Dump Source
                • Source File: 00000000.00000002.1502210165.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2b00000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: c78a7a6c46af161cf0207fa815b4c1ac573961e47cef7f3d2659b1f1196892ca
                • Instruction ID: cc54fc34f9231daba6382eabc93fb8a7be757fe592edba108ac0d77d051d6092
                • Opcode Fuzzy Hash: c78a7a6c46af161cf0207fa815b4c1ac573961e47cef7f3d2659b1f1196892ca
                • Instruction Fuzzy Hash: DE1132B6D003498FDB24CF9AD484BEEFBF4EB88214F10846AD819B7640D375A545CFA4
                Function 057968D8 Relevance: 1.3, APIs: 1, Instructions: 56COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1632 57968d8-57968e2 1634 57968e9-579724d CloseHandle 1632->1634 1635 57968e4 1632->1635 1639 579724f-5797255 1634->1639 1640 5797256-579727e 1634->1640 1635->1634 1639->1640
                APIs
                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,05797099,?,?), ref: 05797240
                Memory Dump Source
                • Source File: 00000000.00000002.1520063632.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: 40cf6a0e0ba9c476570aa8af4998d489a70427723e32f519d05cba85be594814
                • Instruction ID: fc9a90bd62bb19b1ffb7a00526e70e903e744cfcac7b6468262621c1a73aefcb
                • Opcode Fuzzy Hash: 40cf6a0e0ba9c476570aa8af4998d489a70427723e32f519d05cba85be594814
                • Instruction Fuzzy Hash: 191179B68143498FDB14DF9AD445BEEBBF4EF49320F10841AE955A7240C378A944CFA5
                Function 057971E1 Relevance: 1.3, APIs: 1, Instructions: 52COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1643 57971e1-57971e2 1644 57971e9-57971ec 1643->1644 1645 57971e4-57971e6 1643->1645 1647 57971ed-579724d CloseHandle 1644->1647 1646 57971e8 1645->1646 1645->1647 1646->1644 1648 579724f-5797255 1647->1648 1649 5797256-579727e 1647->1649 1648->1649
                APIs
                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,05797099,?,?), ref: 05797240
                Memory Dump Source
                • Source File: 00000000.00000002.1520063632.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: 3c93c29f5174580b0de39b138d76b5604af9b541312300fcd39d214f3ff612bb
                • Instruction ID: 0d3ae3009811be3e57a82e1b825e24a7be714c3bdc28dd750c077e7eb9eac447
                • Opcode Fuzzy Hash: 3c93c29f5174580b0de39b138d76b5604af9b541312300fcd39d214f3ff612bb
                • Instruction Fuzzy Hash: EA1146B18103498FDB28CF9AD445BDEFBF4EB48220F108419E959A7240C338A544CFA5
                Function 057968E4 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,05797099,?,?), ref: 05797240
                Memory Dump Source
                • Source File: 00000000.00000002.1520063632.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: cd972997353e6d6190c20b81f4c919e58d1cef1d5e9a92beb5b7bb1afe06e078
                • Instruction ID: f2ce6e8339ead0b56cd72d257b8f7656f370b760c0b03fd46fa2e54d89d4dcfc
                • Opcode Fuzzy Hash: cd972997353e6d6190c20b81f4c919e58d1cef1d5e9a92beb5b7bb1afe06e078
                • Instruction Fuzzy Hash: F91128B68103498FDB24DF9AD445BDEBBF4EF48320F10842AE959A7240D378A944CFA5
                Function 02AAD4C4 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501931182.0000000002AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2aad000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f6c3c70e25be060ad73fafbb2ecf761e42c97e31b4230eaa54553402d86e9f04
                • Instruction ID: 9145d2a5d2dfe83d5430ac562ad156a0d3c99d933db72a5756b6868e4ead4843
                • Opcode Fuzzy Hash: f6c3c70e25be060ad73fafbb2ecf761e42c97e31b4230eaa54553402d86e9f04
                • Instruction Fuzzy Hash: A12145B2500641DFDB05DF10C9C0B26BF61FF88318F24C56DE88A0BA56C736D446CBA2
                Function 02AAD3D8 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501931182.0000000002AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2aad000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42207a5331f66c761fe4d169bb60607ec25993156ebe4848884b0db7d2aa83b6
                • Instruction ID: bf8a1f93c088c3fdc806bf91e3c3cdd0985fd631770acb4c73b2415d19166b5b
                • Opcode Fuzzy Hash: 42207a5331f66c761fe4d169bb60607ec25993156ebe4848884b0db7d2aa83b6
                • Instruction Fuzzy Hash: 302125B6504704DFEB09DF10D9C0B26BB65FF88324F24C169E94A0F656C73AE456CAA2
                Function 02ABD01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501997200.0000000002ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ABD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2abd000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6de6189a017f10354678901628f8c90978be12f75d3ab0da0e02492e64adffc9
                • Instruction ID: 92a8a0ac8c1c9d4c5f290b06ac25b530244b04d7073c5e4ebf7973af9179daff
                • Opcode Fuzzy Hash: 6de6189a017f10354678901628f8c90978be12f75d3ab0da0e02492e64adffc9
                • Instruction Fuzzy Hash: 35210075604640DFDB16DF14D8C0B66BBA9FF88214F24C569D80B0B247CB3AD847CA62
                Function 02ABD1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501997200.0000000002ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ABD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2abd000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e5b4ec631e1338c16a073dd6295d5f3120259cb682ec23acaea2bbfdab93433f
                • Instruction ID: 118d50a6c3da9b62c059988e2e4bb85b85c10fc57490cd63eb110085b0a26bba
                • Opcode Fuzzy Hash: e5b4ec631e1338c16a073dd6295d5f3120259cb682ec23acaea2bbfdab93433f
                • Instruction Fuzzy Hash: C621F2B5904684EFDB06DF10D9C0B66FBA9FF88314F24C56DE80A4B257CB36D846CA61
                Function 02ABD007 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501997200.0000000002ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ABD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2abd000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62b2db8d861d17f248c0c910025219133ad209ac1ec539d2f6680bfd7df97f73
                • Instruction ID: 98d0c4e2c0440aa0343485c780d2b183bad7e5f83c0f503ffe7b668ca69412be
                • Opcode Fuzzy Hash: 62b2db8d861d17f248c0c910025219133ad209ac1ec539d2f6680bfd7df97f73
                • Instruction Fuzzy Hash: A3217C755097808FCB13CF20D9D0755BF71EF46214F28C5EAD8898B6A7C33A980ACB62
                Function 02AAD4BF Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501931182.0000000002AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2aad000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                • Instruction ID: 5e1a7a46a62e16179f6270ec702aed0f5a556cf097d9f132be15ee8a2eae1ff7
                • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                • Instruction Fuzzy Hash: 6611D376504680CFCB16CF10D5C4B16BF71FF84318F28C6A9D8490B656C33AD556CBA1
                Function 02AAD3D3 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501931182.0000000002AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2aad000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                • Instruction ID: 06f7f74592f7016859bba4e401e0a9dc2e7bde4526be9915b380494640555d8c
                • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                • Instruction Fuzzy Hash: 2311D376504640DFDB16CF10D5C4B16BF71FF84324F24C6A9D8490B656C33AE456CBA1
                Function 02ABD1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501997200.0000000002ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ABD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2abd000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                • Instruction ID: 0e716fc5ab64c3bfba324c46b91df07618c8c3d700a60dfbbd619afa970ee8fd
                • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                • Instruction Fuzzy Hash: 79117975904680DFDB16CF10D5C4B55FFA1FF84214F28C6AAD8494B696C33AD84ACB61
                Function 02AAD745 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501931182.0000000002AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2aad000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8ed0123e64ebf3fed33ca55e664d7340b54b725222fad92319d59d40519ec940
                • Instruction ID: 9b320611748627347499544c388e7b78520c55f6fc4710182c82fe022ce5368b
                • Opcode Fuzzy Hash: 8ed0123e64ebf3fed33ca55e664d7340b54b725222fad92319d59d40519ec940
                • Instruction Fuzzy Hash: F4012B71404B40DFE7244F11CDD4B66FBA8DF42224F18C51AED4A0F682DB799440CA71
                Function 02AAD744 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1501931182.0000000002AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AAD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2aad000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d614810806f9724547eb32139990ac7ecb67c8d34f051620bbc989fe7d9afeb3
                • Instruction ID: fa475cb8e70eaaf183312a772a05b60af7853beefa18c3535db3a430dbde6ab2
                • Opcode Fuzzy Hash: d614810806f9724547eb32139990ac7ecb67c8d34f051620bbc989fe7d9afeb3
                • Instruction Fuzzy Hash: 84F0C2714047449EE7248F15D8C4B62FB98EF41234F18C45AED490F696C7799840CAB1

                Non-executed Functions

                Function 05791DE8 Relevance: 6.9, Strings: 5, Instructions: 624COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1520063632.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Hq$Hq$Hq$Hq$Hq
                • API String ID: 0-3799487529
                • Opcode ID: 5e9a29bcb4119e839bbab388ed7991997e19ae11bf241415b0911dfbf6822cb5
                • Instruction ID: 8b91b86478ff932004e3df2f1513a756d590261d9454cb446cf84d9c7148342c
                • Opcode Fuzzy Hash: 5e9a29bcb4119e839bbab388ed7991997e19ae11bf241415b0911dfbf6822cb5
                • Instruction Fuzzy Hash: 86326D70E002188FDF59DFA8D8547AEBBB3BF85300F1485A9D409AB294DB349D46DFA1
                Function 05790C10 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1520063632.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: a818a401c56aece156191ce0f3100036bec47a94d3f901d4223faa4da085bcff
                • Instruction ID: ea3f3a4ecc00cb85c7ddb5dbd6c566123a190c552568b2bad48384bef58d3b6b
                • Opcode Fuzzy Hash: a818a401c56aece156191ce0f3100036bec47a94d3f901d4223faa4da085bcff
                • Instruction Fuzzy Hash: F1029171B102189FDF18DF69D488BAEBBF2FF89310F5484A9D419AB351DB349841CBA1
                Function 05794948 Relevance: .3, Instructions: 279COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1520063632.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0df68f9ab0d6c3b95680c52ecbc580303a64336765edb2607503dec0fc8d310
                • Instruction ID: d39bca5c012d0a05c1caed99f2a04585863e4cb1574b74e17a648df4d588347c
                • Opcode Fuzzy Hash: b0df68f9ab0d6c3b95680c52ecbc580303a64336765edb2607503dec0fc8d310
                • Instruction Fuzzy Hash: BFC16D71E002199FDF19CF65E884B99BBF2BF84300F04C5A9D409AB255EB309995DF60

                Execution Graph

                Execution Coverage:0.7%
                Dynamic/Decrypted Code Coverage:6.7%
                Signature Coverage:11.4%
                Total number of Nodes:105
                Total number of Limit Nodes:9
                execution_graph 93207 42fb63 93208 42fad3 93207->93208 93209 42fb30 93208->93209 93213 42ea73 93208->93213 93211 42fb0d 93216 42e993 93211->93216 93219 42cc03 93213->93219 93215 42ea8e 93215->93211 93222 42cc53 93216->93222 93218 42e9ac 93218->93209 93220 42cc20 93219->93220 93221 42cc31 RtlAllocateHeap 93220->93221 93221->93215 93223 42cc6d 93222->93223 93224 42cc7e RtlFreeHeap 93223->93224 93224->93218 93225 424f63 93226 424f7c 93225->93226 93227 424fc4 93226->93227 93230 425001 93226->93230 93232 425006 93226->93232 93228 42e993 RtlFreeHeap 93227->93228 93229 424fd1 93228->93229 93231 42e993 RtlFreeHeap 93230->93231 93231->93232 93233 1a12b60 LdrInitializeThunk 93248 424bd3 93249 424bef 93248->93249 93250 424c17 93249->93250 93251 424c2b 93249->93251 93252 42c8e3 NtClose 93250->93252 93258 42c8e3 93251->93258 93254 424c20 93252->93254 93255 424c34 93261 42eab3 RtlAllocateHeap 93255->93261 93257 424c3f 93259 42c900 93258->93259 93260 42c911 NtClose 93259->93260 93260->93255 93261->93257 93262 42bef3 93263 42bf10 93262->93263 93266 1a12df0 LdrInitializeThunk 93263->93266 93264 42bf38 93266->93264 93267 42fa33 93268 42fa43 93267->93268 93269 42fa49 93267->93269 93270 42ea73 RtlAllocateHeap 93269->93270 93271 42fa6f 93270->93271 93234 413e43 93238 413e63 93234->93238 93236 413ecc 93237 413ec2 93238->93236 93239 41b583 RtlFreeHeap LdrInitializeThunk 93238->93239 93239->93237 93240 413c63 93243 42cb73 93240->93243 93244 42cb8d 93243->93244 93247 1a12c70 LdrInitializeThunk 93244->93247 93245 413c85 93247->93245 93272 417973 93274 417997 93272->93274 93273 41799e 93274->93273 93275 4179d3 LdrLoadDll 93274->93275 93276 4179ea 93274->93276 93275->93276 93277 4019d3 93278 401955 93277->93278 93278->93277 93281 42ff03 93278->93281 93284 42e543 93281->93284 93285 42e569 93284->93285 93294 407333 93285->93294 93287 42e57f 93293 401aba 93287->93293 93297 41b273 93287->93297 93289 42e59e 93290 42cca3 ExitProcess 93289->93290 93291 42e5b3 93289->93291 93290->93291 93308 42cca3 93291->93308 93296 407340 93294->93296 93311 416623 93294->93311 93296->93287 93298 41b29f 93297->93298 93329 41b163 93298->93329 93301 41b2e4 93303 41b300 93301->93303 93306 42c8e3 NtClose 93301->93306 93302 41b2cc 93304 41b2d7 93302->93304 93305 42c8e3 NtClose 93302->93305 93303->93289 93304->93289 93305->93304 93307 41b2f6 93306->93307 93307->93289 93309 42ccc0 93308->93309 93310 42ccd1 ExitProcess 93309->93310 93310->93293 93312 416640 93311->93312 93314 416659 93312->93314 93315 42d343 93312->93315 93314->93296 93317 42d35d 93315->93317 93316 42d38c 93316->93314 93317->93316 93322 42bf43 93317->93322 93320 42e993 RtlFreeHeap 93321 42d402 93320->93321 93321->93314 93323 42bf60 93322->93323 93326 1a12c0a 93323->93326 93324 42bf8c 93324->93320 93327 1a12c1f LdrInitializeThunk 93326->93327 93328 1a12c11 93326->93328 93327->93324 93328->93324 93330 41b17d 93329->93330 93334 41b259 93329->93334 93335 42bfe3 93330->93335 93333 42c8e3 NtClose 93333->93334 93334->93301 93334->93302 93336 42c000 93335->93336 93339 1a135c0 LdrInitializeThunk 93336->93339 93337 41b24d 93337->93333 93339->93337

                Executed Functions

                Function 00417973 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004179E5
                Memory Dump Source
                • Source File: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                • Instruction ID: 323f89a42f38ea3497f3970b352b260b71411728b8fd7408dcac9773fc2b6fba
                • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                • Instruction Fuzzy Hash: 45015EB1E4020DBBDF10DAA5DC42FDEB7789B54308F4041AAE90897241F635EB588B95
                Function 0042C8E3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 25 42c8e3-42c91f call 4046e3 call 42db23 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C91A
                Memory Dump Source
                • Source File: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 1d10642a27bc0e5df660e21782aed2f5f7ca33b2a92859ff1fb4c9ff2df5d239
                • Instruction ID: f4ea3f721504e19aaa1cfae9f58be35606ded5cddfc2611419a9eff57343eac7
                • Opcode Fuzzy Hash: 1d10642a27bc0e5df660e21782aed2f5f7ca33b2a92859ff1fb4c9ff2df5d239
                • Instruction Fuzzy Hash: 58E04F362006147BD220AA5ADC01FEB776CDFC5714F00442AFA086B241CA75790087F4
                Function 01A12B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 39 1a12b60-1a12b6c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: e02770239fbc6f7bb17d62ecb8f8cbb96d3dc8c0989beec08276896d82ed9807
                • Instruction ID: 0109cd53e9de6771bef5c283d7ca1cadf80ea2ed99d54f5f8d2fffd3b84c69fe
                • Opcode Fuzzy Hash: e02770239fbc6f7bb17d62ecb8f8cbb96d3dc8c0989beec08276896d82ed9807
                • Instruction Fuzzy Hash: 5B900261202410034105715C4415616404A97E0201F56C021F1014590DC92989916225
                Function 01A12DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 41 1a12df0-1a12dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: a407199653be257ee5a08ab953c8aad3dfbc037d1e553fa33781490fe1e1ede4
                • Instruction ID: 2d38dc8207e6b41cf4f8522b6d2e72df2cc97a1b7e354c1df3f26eb9e6ec7747
                • Opcode Fuzzy Hash: a407199653be257ee5a08ab953c8aad3dfbc037d1e553fa33781490fe1e1ede4
                • Instruction Fuzzy Hash: 2A90023120141413D111715C4505707004997D0241F96C412F0424558DDA5A8A52A221
                Function 01A12C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 40 1a12c70-1a12c7c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 4cc1cd299a201ad809ef8f0ba2df61a53a845c1e909905f17a8b383f3ede7c3b
                • Instruction ID: 93c8dca32789ed31492bb142e21830eddf2ccb9c26cb190f3a2a3bb4a3a8e498
                • Opcode Fuzzy Hash: 4cc1cd299a201ad809ef8f0ba2df61a53a845c1e909905f17a8b383f3ede7c3b
                • Instruction Fuzzy Hash: BA90023120149802D110715C840574A004597D0301F5AC411F4424658DCA9989917221
                Function 01A135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 42 1a135c0-1a135cc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 491d9afaab9f4cb1955feae5c3ebe09715acd5efa1b0ec33ac11bf5863098310
                • Instruction ID: 605cb9c439b6ddf85528ce1642a0d9e8fe8eda644945c502a2e96e8e42dbbb74
                • Opcode Fuzzy Hash: 491d9afaab9f4cb1955feae5c3ebe09715acd5efa1b0ec33ac11bf5863098310
                • Instruction Fuzzy Hash: D490023160551402D100715C4515706104597D0201F66C411F0424568DCB998A5166A2
                Function 0042CC53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 20 42cc53-42cc94 call 4046e3 call 42db23 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,DC6F212F,00000007,00000000,00000004,00000000,004171E2,000000F4), ref: 0042CC8F
                Memory Dump Source
                • Source File: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 557dd09d46155c8d065a74e52eabe62f6234a348c59970a36251551f2b987aa6
                • Instruction ID: 30aef10183c22a1a62fbcf210e3d78793f30011ff7b7d1cb521fc0f0deeee649
                • Opcode Fuzzy Hash: 557dd09d46155c8d065a74e52eabe62f6234a348c59970a36251551f2b987aa6
                • Instruction Fuzzy Hash: EEE06D762006147BC610EE99EC45FDB77ACEFC9711F004419FA08A7241D670B9108BB8
                Function 0042CC03 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 15 42cc03-42cc47 call 4046e3 call 42db23 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,0041E734,?,?,00000000,?,0041E734,?,?,?), ref: 0042CC42
                Memory Dump Source
                • Source File: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: 84f08f4a2066c6d9ed02fbe2f8cb8e7e803df185f40cb42189c945346acc7129
                • Instruction ID: 9da0e5a159acf8ebbc4f67d848927f48e29f48abd992e1debcfc74d30967a2d3
                • Opcode Fuzzy Hash: 84f08f4a2066c6d9ed02fbe2f8cb8e7e803df185f40cb42189c945346acc7129
                • Instruction Fuzzy Hash: FCE06D762002087BC610EE5AEC45FEB37ACEFC5714F004419FA08A7242DA75B91087B8
                Function 0042CCA3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 30 42cca3-42ccdf call 4046e3 call 42db23 ExitProcess
                APIs
                Memory Dump Source
                • Source File: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 4e8808e30961d7915e61193a2ade2d1b0d33f20890588d16b0477d568bc97693
                • Instruction ID: 5e92d34dfac606af6914a61a49fda8cfab44f77039f2e86b1d2894ec50ce31b5
                • Opcode Fuzzy Hash: 4e8808e30961d7915e61193a2ade2d1b0d33f20890588d16b0477d568bc97693
                • Instruction Fuzzy Hash: CFE086362402147BD520EA5ADC41FDB776CDFC5714F408419FA0867241CA75B91187F5
                Function 01A12C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 35 1a12c0a-1a12c0f 36 1a12c11-1a12c18 35->36 37 1a12c1f-1a12c26 LdrInitializeThunk 35->37
                APIs
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 071d166936be4f2bfce8a81c0919d83d111ec9b3aa0ba7d54bd286126126daba
                • Instruction ID: 50cc7fdd4b06dbc1ff1537f9ccf35833aa4eb420b04a32fdaeefe9ed5e38f955
                • Opcode Fuzzy Hash: 071d166936be4f2bfce8a81c0919d83d111ec9b3aa0ba7d54bd286126126daba
                • Instruction Fuzzy Hash: AEB09B719015D5C6DA11E7644609717794077D0701F26C072E3030641F473CC5D1E275

                Non-executed Functions

                Function 01A52349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: d8beb26c768c8ac0048f57db38556d952756448eb90ed5807941de20b8d6cd17
                • Instruction ID: 8dee8684c69aed758072463711b76814666b2d649ab3ffea75370ba881e03f51
                • Opcode Fuzzy Hash: d8beb26c768c8ac0048f57db38556d952756448eb90ed5807941de20b8d6cd17
                • Instruction Fuzzy Hash: 9C925971608342EBE761DF29C880B6BBBE8BF84754F04492EFA95D7251D770E844CB92
                Function 01A08620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • undeleted critical section in freed memory, xrefs: 01A4542B
                • Thread is in a state in which it cannot own a critical section, xrefs: 01A45543
                • Invalid debug info address of this critical section, xrefs: 01A454B6
                • Critical section debug info address, xrefs: 01A4541F, 01A4552E
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01A454CE
                • Critical section address, xrefs: 01A45425, 01A454BC, 01A45534
                • corrupted critical section, xrefs: 01A454C2
                • Address of the debug info found in the active list., xrefs: 01A454AE, 01A454FA
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01A454E2
                • Critical section address., xrefs: 01A45502
                • double initialized or corrupted critical section, xrefs: 01A45508
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01A4540A, 01A45496, 01A45519
                • Thread identifier, xrefs: 01A4553A
                • 8, xrefs: 01A452E3
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: ecaabe5b60de92aa819e75cbffcfd0f986b1c6e39f02b17e32f44a2c584af631
                • Instruction ID: 3cf46507af150452d4eb05f4a92b56837c21ac4b2657287a684a316edded8500
                • Opcode Fuzzy Hash: ecaabe5b60de92aa819e75cbffcfd0f986b1c6e39f02b17e32f44a2c584af631
                • Instruction Fuzzy Hash: 948190B1E41348EFDB20CF99C985BAEBBB9BB88B14F244119F509B7280D375A941CB50
                Function 01A029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                Download Yara Rule
                Strings
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01A42624
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01A425EB
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01A42409
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01A42602
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01A422E4
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01A42506
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01A424C0
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01A42498
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01A42412
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 01A4261F
                • @, xrefs: 01A4259B
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: b3664140be7aad7b8a2b8a7d4213f599fb6322aa78bf8e7a36f1969b135882c9
                • Instruction ID: 8f52da6abc28dd7c059537f3c90e6b571761d13930fd9e859483bc2e3264e46c
                • Opcode Fuzzy Hash: b3664140be7aad7b8a2b8a7d4213f599fb6322aa78bf8e7a36f1969b135882c9
                • Instruction Fuzzy Hash: 110251F1D002299BDB31DB54DD84BE9B7B8AF94704F0441EAE60DA7281DB70AE84CF59
                Function 01A78B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                • API String ID: 0-2515994595
                • Opcode ID: bc6f0a6abf60b7c4fb24c01d09977ec1b87e4538ac5faa5e2730ae8707c818bf
                • Instruction ID: 8717eb50faffba8778b03a482ca60ec30bcc05cb103e581e7faaa962be17d5b0
                • Opcode Fuzzy Hash: bc6f0a6abf60b7c4fb24c01d09977ec1b87e4538ac5faa5e2730ae8707c818bf
                • Instruction Fuzzy Hash: D651BD716043019FD329CF588D89BABBBECFF94640F54491DAA99C3241E778D608CBD2
                Function 01A80274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 4b03f4f8436df784bc6f448d1f7439d6f9436834abf0a42821192ca9cee6bbf9
                • Instruction ID: 5e988863c0ea199c66415476446fcef22f371556ef440044035f67cfa2053ded
                • Opcode Fuzzy Hash: 4b03f4f8436df784bc6f448d1f7439d6f9436834abf0a42821192ca9cee6bbf9
                • Instruction Fuzzy Hash: 58D12235600681DFDB26EF68C511AADBBF1FF89714F08805DF48AAB252C734D949CB25
                Function 01A589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                Download Yara Rule
                Strings
                • VerifierDebug, xrefs: 01A58CA5
                • VerifierFlags, xrefs: 01A58C50
                • AVRF: -*- final list of providers -*- , xrefs: 01A58B8F
                • VerifierDlls, xrefs: 01A58CBD
                • HandleTraces, xrefs: 01A58C8F
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01A58A67
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01A58A3D
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: 8fad858edfea512346484bc1c7bd1fe8311c12abe0061c5bdf636e16d058d6f9
                • Instruction ID: ba9f0d79ffb40c63649aff7258dd4d1625fe3dfe4d619c9436a8074bbd5fff61
                • Opcode Fuzzy Hash: 8fad858edfea512346484bc1c7bd1fe8311c12abe0061c5bdf636e16d058d6f9
                • Instruction Fuzzy Hash: 409123B2A09702EFD762DF2AC980B6B77E9AB94B14F05041CFE496B241D778EC05C791
                Function 019DEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                • API String ID: 0-1109411897
                • Opcode ID: 7a4f4ee729f67654c9b4c54c8485d8e9ba84539f22e627ce631c66779bd2762d
                • Instruction ID: 968a481a96634e1cb5b9dcb825774133842d8a4bf43891430ea9d5fbe2806f00
                • Opcode Fuzzy Hash: 7a4f4ee729f67654c9b4c54c8485d8e9ba84539f22e627ce631c66779bd2762d
                • Instruction Fuzzy Hash: 8EA24E74A056298FDB65CF19CD88BADBBB5BF89304F1482E9E50DA7251DB349E81CF00
                Function 01A063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: c6b710a8c54a41c46a0380737dd799552ccc60418eb4699091c11d40200360f7
                • Instruction ID: 1689b2d523880a5cc795b0333d97dae1b75922927b9caa9a4a9a039296ad03ea
                • Opcode Fuzzy Hash: c6b710a8c54a41c46a0380737dd799552ccc60418eb4699091c11d40200360f7
                • Instruction Fuzzy Hash: 42914D70F003159FEB36DF58EA84BAA7BB1FF94B18F154129E5086B2C2D775A802C791
                Function 019C645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01A29A2A
                • apphelp.dll, xrefs: 019C6496
                • minkernel\ntdll\ldrinit.c, xrefs: 01A29A11, 01A29A3A
                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01A29A01
                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01A299ED
                • LdrpInitShimEngine, xrefs: 01A299F4, 01A29A07, 01A29A30
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: 2f729f4f6922ceb7a81c12092485bb7087a75ebfa177190855ce6e0f9b48c80a
                • Instruction ID: 47f28e9d4464f859a19eabe231900acb9cbdc218f80855b8ce4c9c42165608f9
                • Opcode Fuzzy Hash: 2f729f4f6922ceb7a81c12092485bb7087a75ebfa177190855ce6e0f9b48c80a
                • Instruction Fuzzy Hash: 3251BF716083149FE721DF28D985AAB77E8FFC4B48F14491DF589972A0D630E905CB93
                Function 01A0C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • Loading import redirection DLL: '%wZ', xrefs: 01A48170
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 01A481E5
                • minkernel\ntdll\ldrinit.c, xrefs: 01A0C6C3
                • LdrpInitializeImportRedirection, xrefs: 01A48177, 01A481EB
                • minkernel\ntdll\ldrredirect.c, xrefs: 01A48181, 01A481F5
                • LdrpInitializeProcess, xrefs: 01A0C6C4
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: 92132bdbf6474fcb733faa0039ab56eda0b307146097f3d621354e8f0db6cec5
                • Instruction ID: 99ea1a669e5dd2727031a7572e9d30e92da6e815ef3539bc626aed25b6163d7f
                • Opcode Fuzzy Hash: 92132bdbf6474fcb733faa0039ab56eda0b307146097f3d621354e8f0db6cec5
                • Instruction Fuzzy Hash: 81312771744302AFC224EF68EE46E2A77E4FFD4B20F05055CF9486B295E620EC04C7A2
                Function 01A02674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01A42178
                • RtlGetAssemblyStorageRoot, xrefs: 01A42160, 01A4219A, 01A421BA
                • SXS: %s() passed the empty activation context, xrefs: 01A42165
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01A421BF
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01A4219F
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01A42180
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: b532928f8b6c9329ea22ec0dc9077ff3ce271e60b600d80aa22e6f04f48ad9d4
                • Instruction ID: e3ec48d875530fa7fdcfd4ae9f38f7b4535cd630fe021650975cf5c9b0987e3d
                • Opcode Fuzzy Hash: b532928f8b6c9329ea22ec0dc9077ff3ce271e60b600d80aa22e6f04f48ad9d4
                • Instruction Fuzzy Hash: CE312B76F403157BF7228A9AAD85FAF7B78DBD4B90F05015BBB0877180D2709A00C7A1
                Function 01A1096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 01A12DF0: LdrInitializeThunk.NTDLL ref: 01A12DFA
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A10BA3
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A10BB6
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A10D60
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A10D74
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                • String ID:
                • API String ID: 1404860816-0
                • Opcode ID: 03a2bcb0d8fecec6182a77927949690984b6be6c9cba9fdf85cd310a9207997d
                • Instruction ID: 67362d918a0d9bb40659a7c954f3d9b128f29fe6ea647fbb1b85c6bcfe312b83
                • Opcode Fuzzy Hash: 03a2bcb0d8fecec6182a77927949690984b6be6c9cba9fdf85cd310a9207997d
                • Instruction Fuzzy Hash: FC427C75900705DFDB21CF28C980BAAB7F5BF48314F1485AAE989DB245D770EA85CF60
                Function 019E29A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                • API String ID: 0-3126994380
                • Opcode ID: 7e2f68bee8d21d3809ba5ffd8c45f90b02813ece0adf2b23cf304149d2663a4a
                • Instruction ID: 91fbec3f4d64379778c4f55c82891362d6d9bde0bd8881ba84965cf19ad3554a
                • Opcode Fuzzy Hash: 7e2f68bee8d21d3809ba5ffd8c45f90b02813ece0adf2b23cf304149d2663a4a
                • Instruction Fuzzy Hash: 8292CE71A042499FEB26CF68C448BAEBBF5FF49310F18849DE849AB391D735A941CF50
                Function 019DA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: e8900a0951b2430132872e022b560742d23bdea7eb3a114e7daed52532fd6987
                • Instruction ID: 9f091adef4941438dde8b2b93e8e8cad907a79718e3c7e745e41bf8893375c19
                • Opcode Fuzzy Hash: e8900a0951b2430132872e022b560742d23bdea7eb3a114e7daed52532fd6987
                • Instruction Fuzzy Hash: 4CC19C74208386CFD721CF58C144B6AB7E4FF84704F04896AF999CB291E738CA59CB56
                Function 01A08402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrinit.c, xrefs: 01A08421
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01A0855E
                • LdrpInitializeProcess, xrefs: 01A08422
                • @, xrefs: 01A08591
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: 09714579953658d79de7e3a25d96fb2f7a5f773de233d711ec45d64bb09cddf8
                • Instruction ID: 39ebb8ffcb003506b1239d3d04da09668e86cdee4aaa71234e934141b0c85d0f
                • Opcode Fuzzy Hash: 09714579953658d79de7e3a25d96fb2f7a5f773de233d711ec45d64bb09cddf8
                • Instruction Fuzzy Hash: E891AF71908345AFD722EF65CD41FABBBE8BF84744F40092EFA8892151E735E904CB66
                Function 01A0273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • .Local, xrefs: 01A028D8
                • SXS: %s() passed the empty activation context, xrefs: 01A421DE
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01A422B6
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01A421D9, 01A422B1
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: b5464db8bd8c3ee2c7567730aecb44a3c5a7154f27abd1c6663b71a37c5f3cc7
                • Instruction ID: cbf30418ce6985b7fa5afc2daeff9631f6db145a1d737e2a1af84a94b0ecf691
                • Opcode Fuzzy Hash: b5464db8bd8c3ee2c7567730aecb44a3c5a7154f27abd1c6663b71a37c5f3cc7
                • Instruction Fuzzy Hash: 4FA19535940329DFDB26CF58E888BA9B7B5BF58354F1541EAE908E7291D7309E80CF90
                Function 01A04AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                Download Yara Rule
                Strings
                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01A4342A
                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01A43437
                • RtlDeactivateActivationContext, xrefs: 01A43425, 01A43432, 01A43451
                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01A43456
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                • API String ID: 0-1245972979
                • Opcode ID: 3dfd4c712f5e280932bff88ad8c08c0786fab043d187f4d7e5085db3f32422be
                • Instruction ID: e5fe8df502f9756a69c825f5bf2475744bd6077ab135eb368248b1f34a1a5009
                • Opcode Fuzzy Hash: 3dfd4c712f5e280932bff88ad8c08c0786fab043d187f4d7e5085db3f32422be
                • Instruction Fuzzy Hash: DA613372600B229FDB23CF1DD981B6AB7E0FFC4B61F198519EA559B281C734E801CB91
                Function 019D64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01A30FE5
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01A3106B
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01A31028
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01A310AE
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: 75a9f8ecdf2b6b8411cbb525bad3a27bb9c5d8ba18489704d8e9318057621fc4
                • Instruction ID: b0ae80e49dcb077ae6b99223993e49b39852af80830398dc5ef6b29e9eeb4f8c
                • Opcode Fuzzy Hash: 75a9f8ecdf2b6b8411cbb525bad3a27bb9c5d8ba18489704d8e9318057621fc4
                • Instruction Fuzzy Hash: 6471D0B19043059FCB21DF18C984F9B7FA8EF94764F404869F9488B24AD738D588CBD2
                Function 019F245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01A3A992
                • apphelp.dll, xrefs: 019F2462
                • minkernel\ntdll\ldrinit.c, xrefs: 01A3A9A2
                • LdrpDynamicShimModule, xrefs: 01A3A998
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: 003a55e251946c481c0ad89a6029488c6741a98d540753bfd7c9bb96239ff416
                • Instruction ID: d7c644ffef57bab0b4eafe9ecb1054b56def7ed1930ad202df60763622b1bb43
                • Opcode Fuzzy Hash: 003a55e251946c481c0ad89a6029488c6741a98d540753bfd7c9bb96239ff416
                • Instruction Fuzzy Hash: C231237AA00211AFDB32DF59D885BAA7BB4FFC4B04F16405DF955E7245C7B09842C780
                Function 019E0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 8296bc94aaba1fac6062f7181cee2fdc8df0d01cfca2306ebec88156fefb31d7
                • Instruction ID: 71632c38287dc0960266b0d567454de00f05d0d98598c453f35c3af968518049
                • Opcode Fuzzy Hash: 8296bc94aaba1fac6062f7181cee2fdc8df0d01cfca2306ebec88156fefb31d7
                • Instruction Fuzzy Hash: F5F18B30B00606DFEB26CF68C998B6AB7F5FB84304F184569F45A9B381D774E981CB91
                Function 019F6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: $@
                • API String ID: 0-1077428164
                • Opcode ID: 0169d97918deb5bd34a976d1ef9c6283c3783cc04d588f4c5c0806b8b143448e
                • Instruction ID: 40f2e6880e8b0bcc64319413fe7684673072fa73ae3eaf39cb767aa5f886ae7f
                • Opcode Fuzzy Hash: 0169d97918deb5bd34a976d1ef9c6283c3783cc04d588f4c5c0806b8b143448e
                • Instruction Fuzzy Hash: D8C28071608341AFE729CF68C841BABBBE5AFC8754F04892EFA89D7241D734D845CB52
                Function 019CA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 1eca5122f1a6265128f033cc166184518c9ebfed0aac72389106c118ee5bfd6d
                • Instruction ID: fb7339188734ce4de3a5ffa89074870f01fa45dc43bdcbb078cb510c35efa158
                • Opcode Fuzzy Hash: 1eca5122f1a6265128f033cc166184518c9ebfed0aac72389106c118ee5bfd6d
                • Instruction Fuzzy Hash: 18A13A759116399BDB219B68CC88BAEB7B8EF44710F1001EAEA0DA7251E7359E84CF50
                Function 019F0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                Download Yara Rule
                Strings
                • LdrpCheckModule, xrefs: 01A3A117
                • minkernel\ntdll\ldrinit.c, xrefs: 01A3A121
                • Failed to allocated memory for shimmed module list, xrefs: 01A3A10F
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                • API String ID: 0-161242083
                • Opcode ID: a21622f33f1b5ff7c5dd81fb2e46c1e483cd69f210f97f63da3762695757f358
                • Instruction ID: 2db4b9712fe12405517e4029b8fdf16e03f582db46c11065211d0a072538d6fb
                • Opcode Fuzzy Hash: a21622f33f1b5ff7c5dd81fb2e46c1e483cd69f210f97f63da3762695757f358
                • Instruction Fuzzy Hash: 2971DF75E00305AFDB25DF68C981BAEB7F9FB88304F18842DE94AD7256D734A942CB41
                Function 019E0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-1334570610
                • Opcode ID: 93c7ef75053662888884c8e159f29406375a17c59d399a53dea1336eb2ff5011
                • Instruction ID: 3c04b8f73fb2d1fe67463dcbfad6ff3975daa155dc4266ae6558851015a2d25c
                • Opcode Fuzzy Hash: 93c7ef75053662888884c8e159f29406375a17c59d399a53dea1336eb2ff5011
                • Instruction Fuzzy Hash: 7861A071B00305DFDB2ACF28C559B6ABBE5FF84704F188559F4998B292D7B0E881CB91
                Function 01A0C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrinit.c, xrefs: 01A482E8
                • LdrpInitializePerUserWindowsDirectory, xrefs: 01A482DE
                • Failed to reallocate the system dirs string !, xrefs: 01A482D7
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: 45b1fefe8df0355f95c4c602edba79f285df703e3fd1a1f8034686c6553f7143
                • Instruction ID: 7cee907a1de287f39050c1814bd9e32d74b587959139d6d27580029954d51d25
                • Opcode Fuzzy Hash: 45b1fefe8df0355f95c4c602edba79f285df703e3fd1a1f8034686c6553f7143
                • Instruction Fuzzy Hash: D641F375544301AFD722EB68ED44B5B77E8FF84B64F044A2AF948D3294EB74E801CB91
                Function 01A8C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • @, xrefs: 01A8C1F1
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01A8C1C5
                • PreferredUILanguages, xrefs: 01A8C212
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: e77e5ee7ce97bbb76dc8085442ea2e1e2228c3fdeb95aebc8f486b340c403f41
                • Instruction ID: 01947eea3fab42db0dafe04e6660c6c237c8c33818854c9ddbfbd3fc47ce6287
                • Opcode Fuzzy Hash: e77e5ee7ce97bbb76dc8085442ea2e1e2228c3fdeb95aebc8f486b340c403f41
                • Instruction Fuzzy Hash: 28417671D00219EBDF11FBD8C881FEEB7B8AB54710F14416AE609B7284E7749A44CF60
                Function 01A64144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: 08d17eb6700fe776fa5dfadae13a5a7282b5b2f4b4629b5bb35080cb1adea40f
                • Instruction ID: 81fba93c8bda87f00078864d543bb5ebbf4ca99fc9ab7516eb1d65739c083688
                • Opcode Fuzzy Hash: 08d17eb6700fe776fa5dfadae13a5a7282b5b2f4b4629b5bb35080cb1adea40f
                • Instruction Fuzzy Hash: 5141EF71A04758CBEB26DBE9C944BADBBF8FF99340F28045AD905AB781D7358941CB10
                Function 01A54755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01A54888
                • minkernel\ntdll\ldrredirect.c, xrefs: 01A54899
                • LdrpCheckRedirection, xrefs: 01A5488F
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: cfce4bb5bbae86223a7a2633ec222543e266c3a07c42c9c10240043ea4f79282
                • Instruction ID: 435f84d803d047ae91bb6483336acc41ea0046d2d58609134910095b68d774da
                • Opcode Fuzzy Hash: cfce4bb5bbae86223a7a2633ec222543e266c3a07c42c9c10240043ea4f79282
                • Instruction Fuzzy Hash: 0E41CF32A087519FCBA2CF69D940A667BE4AF8DA50F0A056DED5897311F731E880CB91
                Function 019E0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: 877027cd495495d70b926b86b82b4484bd704908c88c805173226bf3458864d3
                • Instruction ID: f7127984684a5277da8bb5938318d16d9d7d59b6a3a307ec0fa7abb8835d6912
                • Opcode Fuzzy Hash: 877027cd495495d70b926b86b82b4484bd704908c88c805173226bf3458864d3
                • Instruction Fuzzy Hash: 8A1190317151429FEF2ECA18C455B65B7E9FF80A16F1D811DF40ACB252D770D845C751
                Function 01A520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • Process initialization failed with status 0x%08lx, xrefs: 01A520F3
                • minkernel\ntdll\ldrinit.c, xrefs: 01A52104
                • LdrpInitializationFailure, xrefs: 01A520FA
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: be3b5b10019357bfdc5efc3b4002fb7b5945e52f2bfd78768e464eb1da9248e0
                • Instruction ID: 5654b898384dea8a611a41f5271d14ecc472b87d05ee439fdc8146a0f1482166
                • Opcode Fuzzy Hash: be3b5b10019357bfdc5efc3b4002fb7b5945e52f2bfd78768e464eb1da9248e0
                • Instruction Fuzzy Hash: E3F0C279640308BFEB24E74DEE46FDA7B68FB80B54F140069FA046B685D2B0A901CA91
                Function 019E03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: 3c523d8f04028ee3900fa54e171e302929294b42fb39ae9acd65a221b9d3c099
                • Instruction ID: 36f50d349b68ae8e8d5260a2ade80715cfd5c9196f66e2312c7967e367a3e091
                • Opcode Fuzzy Hash: 3c523d8f04028ee3900fa54e171e302929294b42fb39ae9acd65a221b9d3c099
                • Instruction Fuzzy Hash: C2714A71A0014A9FDB02DFA8CA94FAEBBF8FF48744F144065E905E7251EA34EE45CB60
                Function 019DA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Enter, xrefs: 019DAA13
                • LdrResSearchResource Exit, xrefs: 019DAA25
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: edb7d05037fa03b395c41961cc9f319a6319afda68902eae542fef45bf05c5a8
                • Instruction ID: 67191e90fc6d9fcba1fcd08597282b7d6562756f31ad5fb98bf4e30af2a5cf22
                • Opcode Fuzzy Hash: edb7d05037fa03b395c41961cc9f319a6319afda68902eae542fef45bf05c5a8
                • Instruction Fuzzy Hash: 36E1B171E04209AFEF22CFA9C980BAEBBBABF54310F148526F905E7241D778D951CB51
                Function 01A9A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: 48288706600b1203beac56b3f7e960c94911822a5b449561112a7826247a42b1
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: 9FC1C0312043429BEF25CF28C945B6BBBE5AFC4318F184A2EF696CB291D774D585CB81
                Function 01A4E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: 0aebde58651bf0701f48cbfc48c60eaa0ced6bb242ce58991e8af355efb3cfe9
                • Instruction ID: 632756f598eac052bcb535c36aa881c13eb6c1bdf069b348a3f9e01860ee62e3
                • Opcode Fuzzy Hash: 0aebde58651bf0701f48cbfc48c60eaa0ced6bb242ce58991e8af355efb3cfe9
                • Instruction Fuzzy Hash: 54614B71E003199FEB15DFA9C980BAEBBF5FB88710F14406DE649EB251D735A900CB50
                Function 01A743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: 85365eb48d13fe908813e0a5327311b818da0a24ce4439a824cf4719c6605e99
                • Instruction ID: 13fac79b82e66ff6acd683cb757fed50fe4f76a8f7b5f38424d253e259c00b68
                • Opcode Fuzzy Hash: 85365eb48d13fe908813e0a5327311b818da0a24ce4439a824cf4719c6605e99
                • Instruction Fuzzy Hash: F8510A71E0021DAFEB11DFA9CD90AEEBBB8EB48754F10452AE615B7290D7309E05CB60
                Function 019D04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                Download Yara Rule
                Strings
                • kLsE, xrefs: 019D0540
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 019D063D
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                • API String ID: 0-2547482624
                • Opcode ID: 56f7f28dca2d8bbd21bdaf56626f21bc4ea9915f628c8092265e7525eccabd36
                • Instruction ID: 14bb35e3ccf6f37f5d192c8348b86715b9b8347033e13ff7eb7fe6dc11072b99
                • Opcode Fuzzy Hash: 56f7f28dca2d8bbd21bdaf56626f21bc4ea9915f628c8092265e7525eccabd36
                • Instruction Fuzzy Hash: 9B51EF715007428FD724EF29C5406A7BBE8AF84305F18893EFAEE87241E730D545CB92
                Function 019DA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Enter, xrefs: 019DA2FB
                • RtlpResUltimateFallbackInfo Exit, xrefs: 019DA309
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: 036f5f94fd3c58bf746866803b2dd1e4b5fa72b6a475ea217d058e96c796a4a9
                • Instruction ID: fbff43216e4aaff517b1babe5d8ef67ff6d599a03ec954fe903d79c25198ae28
                • Opcode Fuzzy Hash: 036f5f94fd3c58bf746866803b2dd1e4b5fa72b6a475ea217d058e96c796a4a9
                • Instruction Fuzzy Hash: 4841B231A04649DFEB15CF59C440B6DBBF5FF85700F1484A6E908DB291EBB6D940CB50
                Function 01A0A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: e5b4e49110d792805910479513038ba09098ea2f6923df6cc7bf806dc85ab400
                • Instruction ID: 7b36373f3aca620bccbdf43f7500bcaa1dd15543eeec44e7f9764b38f6adedcd
                • Opcode Fuzzy Hash: e5b4e49110d792805910479513038ba09098ea2f6923df6cc7bf806dc85ab400
                • Instruction Fuzzy Hash: C401D1B2240700AFE312DF14DE45B2677F8E785715F058939A64CCB190F734D805CB46
                Function 019DC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 3a44eedcd420a78845667d6e8071e853420b91e5bdde41ca046eb5b44f30b445
                • Instruction ID: da2d4b681f9ef7b541f6cbf4a4842c417f0c7281d00964002e9cd223bdd39a04
                • Opcode Fuzzy Hash: 3a44eedcd420a78845667d6e8071e853420b91e5bdde41ca046eb5b44f30b445
                • Instruction Fuzzy Hash: D1826975E002198FEB25CFA9C980BEDBBB5BF48710F14C169E95DAB391DB30A941CB50
                Function 01A7A118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: a5e843fa3d0b7c5ee4910bd815ec22968a606f107513a27c433fa804b6a08a23
                • Instruction ID: 75cffad4c7fcd3d5812c83231221486c9a2ab1a9b76466552cbc3c0495f753e7
                • Opcode Fuzzy Hash: a5e843fa3d0b7c5ee4910bd815ec22968a606f107513a27c433fa804b6a08a23
                • Instruction Fuzzy Hash: 1E22C275204661AFEB25CF2DC89437ABBF1AF44300F0C8459E996CF286E735E652CB60
                Function 01A56420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 06ecc31848c4b5403a9b64b26ab4e505c1bd3d6c07f2711eceadd413144134a5
                • Instruction ID: 4205309130565c56965337825bbb91c569639673b354740c2d6d707f5f69642d
                • Opcode Fuzzy Hash: 06ecc31848c4b5403a9b64b26ab4e505c1bd3d6c07f2711eceadd413144134a5
                • Instruction Fuzzy Hash: 40917172940219BFEB21DF95CD85FAE7BB8EF54750F540059FB05AB190D674AD00CBA0
                Function 01A7E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 6a23c9bd5a8efad2cbe941e0c989a530c53c71e4e42d1c5988ada8caed50d0ca
                • Instruction ID: 60e90fe9d758792b3fa416e9c5736aa50b194bb528cf4ac296b577e9f2b4ba6a
                • Opcode Fuzzy Hash: 6a23c9bd5a8efad2cbe941e0c989a530c53c71e4e42d1c5988ada8caed50d0ca
                • Instruction Fuzzy Hash: 4D91BE72A00649BFDF22AFA5DD44FAFBBB9EF85750F140069F605A7250DB349A01CB90
                Function 01A0A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: 9065b7485f0d4b2d2040b16a278cd2c3dce6873d17ea70e4f73baedf9abdb9cb
                • Instruction ID: 2897243c900cfb5e2a1d69ae3433555be05ed8d2b424ab63d1dd97d918fb9e51
                • Opcode Fuzzy Hash: 9065b7485f0d4b2d2040b16a278cd2c3dce6873d17ea70e4f73baedf9abdb9cb
                • Instruction Fuzzy Hash: DB718FB5E0020ADFEF29CF9CD9906EDBBB1BF99710F14812EE909A7241E7359941CB50
                Function 01A74978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: .mui
                • API String ID: 0-1199573805
                • Opcode ID: 40bf2c64a227e55545135269000c2a3f1c9db0ea6d98b7525c019759d806b6a4
                • Instruction ID: 9812299e0537bf7a98e85511aba5e124bc0a88d060770ec97e880f0ffc043683
                • Opcode Fuzzy Hash: 40bf2c64a227e55545135269000c2a3f1c9db0ea6d98b7525c019759d806b6a4
                • Instruction Fuzzy Hash: 17517272D0022A9BDF11EF99DC40AAEBBB4FF58710F094169EA15BB250D7349E01CBE4
                Function 019EE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: f0ea6edd983b6122dad3edd891999f38d1170ca3edf1ad360de6f7d7da73982d
                • Instruction ID: c9b137ac9be73ab93d8a3d0c1d7eacf22f998651300876488971972cd40af182
                • Opcode Fuzzy Hash: f0ea6edd983b6122dad3edd891999f38d1170ca3edf1ad360de6f7d7da73982d
                • Instruction Fuzzy Hash: CD41D072548312ABD712DA75D848B6BBBECAFC8B14F04092DFA8CD7140E675D904C796
                Function 01A4C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 787f70f6f79e91b6bbe01e801a67168aafecacc02a994b452db1fb17de01d67e
                • Instruction ID: c23cae4afea16a92b18a78c4bdf28d810a8542fcc40684d6eae516900ede83dc
                • Opcode Fuzzy Hash: 787f70f6f79e91b6bbe01e801a67168aafecacc02a994b452db1fb17de01d67e
                • Instruction Fuzzy Hash: 284133B1D0112DABEB21DB50CD84FDEB77DAB94724F0045A5EA0CAB144DB709E89CFA4
                Function 01A66B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: 62adcddd4f9eeefa857418d29899899e069db5cfc7c027b79dc928188f3166fd
                • Instruction ID: 23e27d81f5a02533efed084efb27705eeade381df8c10d6754d4c8c3a68cb75c
                • Opcode Fuzzy Hash: 62adcddd4f9eeefa857418d29899899e069db5cfc7c027b79dc928188f3166fd
                • Instruction Fuzzy Hash: C8310831A00B199BEB22DF69C854BFE7BBCDF44704F144068EA49AB286D775E805CB90
                Function 01A4CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: 93b9cb9cea98158fd0ee37cc6d9e12de431e748a1d9ac0de5740b101a0df490c
                • Instruction ID: 070be3bf15024358fd52bf7a68ce7b3a38c82a4d8397e49e92c7011a9c0b1330
                • Opcode Fuzzy Hash: 93b9cb9cea98158fd0ee37cc6d9e12de431e748a1d9ac0de5740b101a0df490c
                • Instruction Fuzzy Hash: E3310336902515AFEB16DB59C845E7FBBB4EBC0760F114129E909A7254D730DE01DBE0
                Function 01A5892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01A5895E
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: a10e8b3c455fbda0d9df1e65b1c62756ed6a4539babdb55f982ba7fc7033124c
                • Instruction ID: d662dc1093bf7f72a6557fa2a52ea1bccbe924fd0741b702e1d5de2e32f05d08
                • Opcode Fuzzy Hash: a10e8b3c455fbda0d9df1e65b1c62756ed6a4539babdb55f982ba7fc7033124c
                • Instruction Fuzzy Hash: C801F732308211EFE7605B5BCC84A66BFB6FFC5654F08001CFA4657151CB346841C792
                Function 01A72000 Relevance: .8, Instructions: 757COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba630873ac82f6c9088f72c746e3a3f9386aaced5c8ff770340ec5874617fcde
                • Instruction ID: f13da0d8570b8a8082f3775ac586b3586dd1cdcff84ce4084ef7bbb9f3a011c5
                • Opcode Fuzzy Hash: ba630873ac82f6c9088f72c746e3a3f9386aaced5c8ff770340ec5874617fcde
                • Instruction Fuzzy Hash: D042C5366083419BD726CF68CC90B6BBBE5BFC8700F08492EFA8697251D771DA45CB52
                Function 01A68158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 881b27d872a166dd4045c5517e99b5a618d8aab945f09d5b01d2783686b4c2c5
                • Instruction ID: ba8342b5d6a6696e7de27273d905461276d5afeeaca585e857f4e6497445ab78
                • Opcode Fuzzy Hash: 881b27d872a166dd4045c5517e99b5a618d8aab945f09d5b01d2783686b4c2c5
                • Instruction Fuzzy Hash: 94423E75E103199FEB25CF69C841BADBBF9BF88300F148199E949EB242D7389985CF50
                Function 019E2840 Relevance: .6, Instructions: 605COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14384504355a0c8f8c4edc73fc5dd3dd8848405cb32e73251b009728002cadee
                • Instruction ID: 1953b614f7e0ebe5ff63bdfc036260c54f620c72699e35a0023a420d8ad51ad3
                • Opcode Fuzzy Hash: 14384504355a0c8f8c4edc73fc5dd3dd8848405cb32e73251b009728002cadee
                • Instruction Fuzzy Hash: 8532DE70A00755ABDB26CF69C9447BEBBF2BFC8304F24411DE58A9B285D735AA42CB50
                Function 019D6A50 Relevance: .5, Instructions: 548COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1cf0c65459932c2008bda73c7745763805440c946e09e896473a6531f05dbb2
                • Instruction ID: f2500f0269170a9ee6d2d2f841e5bdc022e53c35c23ea7fd3e4d0362742f8c03
                • Opcode Fuzzy Hash: f1cf0c65459932c2008bda73c7745763805440c946e09e896473a6531f05dbb2
                • Instruction Fuzzy Hash: 8532A175A05205CFDB25CFA8C580BAEBBF5FF88310F148569E95AAB391D734E841CB50
                Function 019F4A35 Relevance: .4, Instructions: 423COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction ID: 8fc20d029695aa070dce194fb2583b14438e8fcd5bd7b4ad6366e63c52a95aaa
                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction Fuzzy Hash: D1F16171E0021AABDB15CF99D580BBEBBF6AF84710F05812DEA09EB341D774E841CB60
                Function 01A6892B Relevance: .4, Instructions: 386COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6e50123505259ad99f1e9b8adecf601d73d8d4d3dcfa5a3f1ac278733ff3645
                • Instruction ID: 2887c639dc75c91475377b6cb6cd276158e3f1848c03e287dd95758dc76a4f2c
                • Opcode Fuzzy Hash: a6e50123505259ad99f1e9b8adecf601d73d8d4d3dcfa5a3f1ac278733ff3645
                • Instruction Fuzzy Hash: ACD1F072A0070A8BDF15CF69C841ABEBBFDAF88304F198169D955E7241E739E9058B60
                Function 019D65D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 78417e80316b51ac78d5966cc9a4d30ddcae8490a975d3ebf4b964a3992935d4
                • Instruction ID: d8fda79f20e77c4b43532bace20355fe5a9cc448c1a4273198d75b915ae00864
                • Opcode Fuzzy Hash: 78417e80316b51ac78d5966cc9a4d30ddcae8490a975d3ebf4b964a3992935d4
                • Instruction Fuzzy Hash: 0CE16B71608342CFC715CF28C590A6ABBF5FF89314F058A6DE99987351EB31E905CB92
                Function 019C8397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4943accc7790dad3dcdb2af334c5b9bd3d86fd4c188e32a74182c1edcebee406
                • Instruction ID: 9a2b9283e3fa4b3c0045fe69d87a2200c1b88f3b28fd2f84b318c40d372b2a38
                • Opcode Fuzzy Hash: 4943accc7790dad3dcdb2af334c5b9bd3d86fd4c188e32a74182c1edcebee406
                • Instruction Fuzzy Hash: A7D1E671A00216DBDB14DF68C890EBAB7E5FF94B04F04462DE95ADB280F734E951CB61
                Function 01A58243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: d6b4ddc92f837e5a3becab9ac1acd36df5ad05b4e36395698810f4f81bc91096
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: 61B1B274A04705AFDB64DFAAC940AAFBFB9FF84344F10441DAE5297395DA38E906CB10
                Function 019E0535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: a09ca0b528a6f4a5fc371a7f195043dc046b738e4078cf7506427ad98d573404
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: C6B106317046469FDB12DBA8C844BBEBBF6AF88700F284559F556DB281DB70ED41CB90
                Function 019D83C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 553759dcac8e8d5897a38154a2f0b446d4cf3f160507e332c7c674d2d8da210a
                • Instruction ID: ebe85d2e231bd047a65272b670492acf21547d566228da564c9447eb926e4467
                • Opcode Fuzzy Hash: 553759dcac8e8d5897a38154a2f0b446d4cf3f160507e332c7c674d2d8da210a
                • Instruction Fuzzy Hash: A4C148741083418FD764CF19C494BABB7E9FF88704F44896EE98987291D775E908CFA2
                Function 019CC427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0fea61646d114f211ce7a93e36835239cc90b934e903a68080a4b0c971770eda
                • Instruction ID: c8e0f7b8dc6666d19e6edcd9b08c1a82557201dab0cdd64b5aebfc9a1896bfa3
                • Opcode Fuzzy Hash: 0fea61646d114f211ce7a93e36835239cc90b934e903a68080a4b0c971770eda
                • Instruction Fuzzy Hash: 1AB19070A042668BDB24CF68C990BA9B7B5EF54B10F0485EDD54EE7281EB30DDC5CB21
                Function 019FE5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19a0d0915c19174c092e04055fc12fae1dafa08ad9a6fe955a05e052501e5d9a
                • Instruction ID: 14bee264f0071b4f978c584792e922aa536b1499c4c04ece109917c38ab44501
                • Opcode Fuzzy Hash: 19a0d0915c19174c092e04055fc12fae1dafa08ad9a6fe955a05e052501e5d9a
                • Instruction Fuzzy Hash: D2A12931E00659AFEB22DB5CC944FAEBBB4BF44714F050129FB14AB2A1D7749D41CB92
                Function 01A10185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b5944405cde9a8141393169d78a3e407c2c0bbcdabf8ed03f2e4d915fa8747f2
                • Instruction ID: a54e60607ffd3ebf7bcb7a1bb5465916b51aebea1c3cb0a73d739e1375d2b185
                • Opcode Fuzzy Hash: b5944405cde9a8141393169d78a3e407c2c0bbcdabf8ed03f2e4d915fa8747f2
                • Instruction Fuzzy Hash: 78A1D170B006169FDB25CF69CA90BABB7B5FF98314F044029FA45D7286DB34E852CB90
                Function 01AA4500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87a5b76253d6667c3ec747bd3b1d7526170a8c09406086d6b70d6c801b56ffe9
                • Instruction ID: e10a9d09c53ad98a6617bf54d0e8e283cf8a06cbcf0ca2654ea2bd5b8fcd9782
                • Opcode Fuzzy Hash: 87a5b76253d6667c3ec747bd3b1d7526170a8c09406086d6b70d6c801b56ffe9
                • Instruction Fuzzy Hash: 54A1CE72A04252AFD712DF18C980B2ABBE9FF8C704F89052CF5899B651D7B0ED01CB91
                Function 01A560E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a440aec0d5e081b27f2d15a07cef7b3af4650369ac1aecb65ebfd9e6e80a049
                • Instruction ID: afe64292622271f3bc6320557f073bf89a036060759948f05058416fd42f29e6
                • Opcode Fuzzy Hash: 5a440aec0d5e081b27f2d15a07cef7b3af4650369ac1aecb65ebfd9e6e80a049
                • Instruction Fuzzy Hash: 5991D371E04216AFDF55CFA8D884BBEBFB5AF48710F554169EA18EB341D734E9008BA0
                Function 019EE3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ca40553abef1d9fd49c41a831eab8e9c61669a7caeba1835dc06ea7ca53ae43
                • Instruction ID: 82386b751bfeac85992b9d23f52a0156d4ebcb1455a33b213581511f1ba9be99
                • Opcode Fuzzy Hash: 3ca40553abef1d9fd49c41a831eab8e9c61669a7caeba1835dc06ea7ca53ae43
                • Instruction Fuzzy Hash: 04914431A00616DBEB26DB68C488B7ABBE5EFC4B14F054469E90DDB380FA74DD01C791
                Function 01A26ACC Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4591abe0bd31dc1fc4619a8555cf723f3ddfcfc3a04212092734f7dffc520616
                • Instruction ID: 8dbc516bf36cd701e915650e50ea7cfe2cb79b3d4c6cb8d0e90092f82793653e
                • Opcode Fuzzy Hash: 4591abe0bd31dc1fc4619a8555cf723f3ddfcfc3a04212092734f7dffc520616
                • Instruction Fuzzy Hash: 2E8184B1E016299BDB14DF6DC940ABEBBF9FB48700F14852EE849D7640E334D941CB94
                Function 01A9AB40 Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction ID: 8e390340ec91e4544198e7bf19807f5355922f8560790a9454d83d3ccfff013d
                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction Fuzzy Hash: 3C817071A002599FDF19CF99C980ABEBBF2FF84310F18856AD9169B344D734EA85CB50
                Function 01A0E284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eefff4a46ab35ec1e6e229c076e0ceb5df370b72d330a61cf630f5420072db21
                • Instruction ID: ad06d77e6462b1e2c1735eec83f23f28f001133aec1aa618d9a09c7ccfb7c0e4
                • Opcode Fuzzy Hash: eefff4a46ab35ec1e6e229c076e0ceb5df370b72d330a61cf630f5420072db21
                • Instruction Fuzzy Hash: 5C819D71A00609EFDB26CFA9D980BEEBBB9FF88314F144829E555A7250D730AC15DB60
                Function 019EC640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a884064221fc1a87e3a8f3817c35fd0c38d87547d1389c73af87b610eb97583
                • Instruction ID: e1eb8574a9c864cea624095c27f971d7f7e4f174c42d89185fe1c48892605d23
                • Opcode Fuzzy Hash: 7a884064221fc1a87e3a8f3817c35fd0c38d87547d1389c73af87b610eb97583
                • Instruction Fuzzy Hash: FF71BDB59012659FCB268F59C494BFEBBF5FF88710F14461AF986AB350D334A805CBA0
                Function 01A847A0 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bdf0f77fed3ec232d3e16105905e86ee8e9ae52b996fec86a99933ca32a81591
                • Instruction ID: 150368248d0b5c100f3c41b5c179fe1205a84abf7004a6ebe8cd9cf8794e3f6e
                • Opcode Fuzzy Hash: bdf0f77fed3ec232d3e16105905e86ee8e9ae52b996fec86a99933ca32a81591
                • Instruction Fuzzy Hash: FD71A0B4900206EFDB21EF99DA44B9AFBF8FF88700F15815AE608AB358D731C945CB54
                Function 019E260B Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fbe78c73f5b6804a8bee8714a6e44f95314b4cda04d9f0fc0401a1d659760e62
                • Instruction ID: a6c886ff702c60c484ae9f8e5bb75e8f6d4e1a84ade6929e56e3ff66f3396168
                • Opcode Fuzzy Hash: fbe78c73f5b6804a8bee8714a6e44f95314b4cda04d9f0fc0401a1d659760e62
                • Instruction Fuzzy Hash: F071C2756042429FD312DF28C488B2AB7E9FF88710F0585AAE89DCB352DB74ED45CB91
                Function 01A5035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: 747972c8fdd6d76e13d9d2ca965b32c0feeac5cde471e91698ee6985801daa20
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: CC717E71E00609AFDB11DFA9CA84EEEBBF8FF88714F104569E905A7250DB30EA41CB50
                Function 01A662A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d0c250a851959a4662a7b837de90b84f578665cf5abbe291d96d7a555ffffcd
                • Instruction ID: 00618275dfd02896a8734243937d9c33ed182e885eb25f10a785743e70a451af
                • Opcode Fuzzy Hash: 1d0c250a851959a4662a7b837de90b84f578665cf5abbe291d96d7a555ffffcd
                • Instruction Fuzzy Hash: 3471E332240701AFEB32DF18CA48F66BBFAFF44760F154528E65A8B2A1D775E944CB50
                Function 019D8AA0 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 89e79b786ca996ed2e13a7fb9b3847f469d726ed730c25c4c9ef3a6273c6fec4
                • Instruction ID: a3387902a3d5eca0188e920a98c4393a8efd5892fa1a869a13d1f435863c5b20
                • Opcode Fuzzy Hash: 89e79b786ca996ed2e13a7fb9b3847f469d726ed730c25c4c9ef3a6273c6fec4
                • Instruction Fuzzy Hash: AC81C072A043068FDB25CF9CD994BADB7B5BF88710F15812EE904AB286C778DD41CB94
                Function 01A0CDB1 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 33c0f2cfe621307c6c37daaeef0e77f22f13090cd5e06eda7a67052d346a32e3
                • Instruction ID: 26f72168224633850d516b222957b3f74412fdfb8927362381c8271bf6b2176e
                • Opcode Fuzzy Hash: 33c0f2cfe621307c6c37daaeef0e77f22f13090cd5e06eda7a67052d346a32e3
                • Instruction Fuzzy Hash: CD61E171A00206DFCB1ADFA8D980BAEB7B5FF88324F154269E615EB291DB74DD01CB50
                Function 01A8A250 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f35ba699bce10aee714e35cd751a62081145af8f34f39f8931ea99d1a415bf18
                • Instruction ID: 0d1e455e0b439a77e8e722284dad9c9a424e894d481a6cbdbc80a3f747d269e3
                • Opcode Fuzzy Hash: f35ba699bce10aee714e35cd751a62081145af8f34f39f8931ea99d1a415bf18
                • Instruction Fuzzy Hash: 2F51D172505712AFDB22EE6CC844E5BB7E8EFC9750F01092ABA81DB151D774ED04C7A2
                Function 01A98DAE Relevance: .2, Instructions: 162COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff81faea5a99bc097b9e0fec8f0c69d2f56809fb0eb86398b108c7d605590352
                • Instruction ID: 95160b383b47e998bde8979ec6409af3c41f72dc599c6ea4e10b5448b5558a78
                • Opcode Fuzzy Hash: ff81faea5a99bc097b9e0fec8f0c69d2f56809fb0eb86398b108c7d605590352
                • Instruction Fuzzy Hash: 5051E57260470A9FDB12DF28C840BABB7E5FF85350F04892DF98597290D738E988CB95
                Function 01A78350 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 23516ead073c5501e50525f3d043a83d54d65104172d98b039ef4d21012123b5
                • Instruction ID: ba2c2b922a2c79707b174d50c3828110c1db7c8dcf89d7061a3737aa2d9fa709
                • Opcode Fuzzy Hash: 23516ead073c5501e50525f3d043a83d54d65104172d98b039ef4d21012123b5
                • Instruction Fuzzy Hash: 4151D070900705DFD721CF6ACD88A6BFBF8BF94710F10461ED292976A1C7B4A645CB90
                Function 01A0E443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51f5179ac7a6c430559b670df17717cc935fb1ce8f2a3d046764802c5900c6ac
                • Instruction ID: 729a8c617531e663e3742fcb9313a4dfd1f0dfe849c1dfd9670e181a8209d325
                • Opcode Fuzzy Hash: 51f5179ac7a6c430559b670df17717cc935fb1ce8f2a3d046764802c5900c6ac
                • Instruction Fuzzy Hash: E5519E71600A05DFCB22EF69D984EABB3F9FF98744F41086AE546872A1D731ED50CB50
                Function 01A74180 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 659a15edee865708f8ee7fa27832e49f8b8a69a3be6c30423ba7e820460e4ce9
                • Instruction ID: 477160193c67bbdaddef3792a5923743315e3f5e98de445f27ddf0a551861b8d
                • Opcode Fuzzy Hash: 659a15edee865708f8ee7fa27832e49f8b8a69a3be6c30423ba7e820460e4ce9
                • Instruction Fuzzy Hash: 905168716083429FD754DF29C880A6BBBE5BFC8208F444A2EF599C7250EB30DA05CB96
                Function 019F45B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: 7c0574fc42121ba0c89b125461e42ca08b905365dd832eb5627eb4830be5b9a0
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: B5517C75E0021AABDF15DF98C440BEFBBB9AF85754F14406EEA09AB250D734DE44CBA0
                Function 01A5E9E0 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction ID: ab1212d09eddb3fed94d456baaa0c9b15d30751d19247d43ad64963d98bbb10a
                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction Fuzzy Hash: 6B51C871D0420AEFEF619F94C984BAEFB75AF00325F168665EE12A7190E7309F40C7A0
                Function 01A98B28 Relevance: .2, Instructions: 152COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb6c94c86cced1ad039a11bb563dc0631fe1cdc9d2b65d126aed6817b520d616
                • Instruction ID: e36e5a053b8fd860dfcd8f4479423413381fcc03d7e8cad36117a347a7488d9c
                • Opcode Fuzzy Hash: fb6c94c86cced1ad039a11bb563dc0631fe1cdc9d2b65d126aed6817b520d616
                • Instruction Fuzzy Hash: C74109707016599BDF25DB2EC994F3FBBDAEF82220F084119E915CB281DB3CD881C691
                Function 01A5CBF0 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3665cb1172a809b7d185debfb3b07c530f6b3e3e8cc525cbdaa94c6d7eca4fe
                • Instruction ID: f9844b6b67c3fe27d5059055e3c433ecbca31ca1c39f5150b200d4f46ee827c4
                • Opcode Fuzzy Hash: a3665cb1172a809b7d185debfb3b07c530f6b3e3e8cc525cbdaa94c6d7eca4fe
                • Instruction Fuzzy Hash: E7519E76904316DFCB61DFA9C9809AEBBB9FF48768B154519D949A3308EB30AD01CB90
                Function 01A0A430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8c63eb91a81e5da5ba345a17db66be0e50eeedc52eb0490ce469d9cfd0ca629
                • Instruction ID: dc1fb69bd72bbbf1e2e894520faaf68b48b6d76e3af8f47baa5b3fe677d31af0
                • Opcode Fuzzy Hash: e8c63eb91a81e5da5ba345a17db66be0e50eeedc52eb0490ce469d9cfd0ca629
                • Instruction Fuzzy Hash: 804126757403019FCB2BEF6CE981B6BB77ABB95718F05002CED4A9B281DBB29801C750
                Function 01A9A9D3 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction ID: 57e00908dff943d0938f29e4f65485b96b56a76e3420b4f6672e98b3c8b9f7d2
                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction Fuzzy Hash: 3641E671A01716AFDF25CF68C984A6AB7E9FF80214F09462FE9168B640EB34ED44C7D0
                Function 01A001F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8addca9eb5309a6addccfe844058d5c2975dc5e959cdf0ec98e59ebcee1e3217
                • Instruction ID: a6fd3143a8d856ff07968b4affdefef1e8f791817834e35e8c930d40bda34051
                • Opcode Fuzzy Hash: 8addca9eb5309a6addccfe844058d5c2975dc5e959cdf0ec98e59ebcee1e3217
                • Instruction Fuzzy Hash: C141DB31E00219DBDB12DF98D650BEEBBB4BF88740F18812AF905E7280D7359D05CBA5
                Function 019FEBFC Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb59b6379beb58d50f67174781403d0f39343236af17cfc2b02ba86ebc62e99c
                • Instruction ID: 5375d6aa8cae3b5e705dc70b29dfaf6463e369ddc3e55def366a62a791cb8c64
                • Opcode Fuzzy Hash: bb59b6379beb58d50f67174781403d0f39343236af17cfc2b02ba86ebc62e99c
                • Instruction Fuzzy Hash: 3641B471A043029FD725DF28C888A27B7E9FF88258F01482DF65AC7765EB75E8448B51
                Function 01A12750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: 6970971c460d5a26fa73e1b7f989b101977e4e0db7479351133b78ec3c1c706f
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: C2515B75E40215CFDB15CF98C580AAEF7B2FF84710F2881A9D916AB351D770AE82CB90
                Function 019D6154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f26859034a73bfff7435d78bce4a6db409a58967f3bae7a9448b22647c928d2
                • Instruction ID: 9f0f794e2c6a237dba4d049449fab0e144a09696835efa47a9e33c09b56150ef
                • Opcode Fuzzy Hash: 7f26859034a73bfff7435d78bce4a6db409a58967f3bae7a9448b22647c928d2
                • Instruction Fuzzy Hash: D051D4709002169FDB26CB68CD04BB9BBB5FF55314F1482A9E62DA72D1EB749981CF80
                Function 019D0BCD Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 58c442f6b53163cf0a7d1689d1c43dba60a15ae9270a02f60bd4e3a2c80bbeb1
                • Instruction ID: 3e176c8f06d561f53fb49c2a524db3ed0a21afb2eb48a42556aba349d7748dc0
                • Opcode Fuzzy Hash: 58c442f6b53163cf0a7d1689d1c43dba60a15ae9270a02f60bd4e3a2c80bbeb1
                • Instruction Fuzzy Hash: 85418E75E002289BDB21DF6CC944BEA77B8EF89750F0544A9E90CAB241D774EE84CB91
                Function 01A9866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: 8d97715c31984f607a92441a2132bf29202fd9aeff1380509538e16affd5443e
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: F541B775B0010DABDF15DF99CD84AAFBBFAAF89640F144069E604D7341D678DE40C7A0
                Function 019D0887 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 831f1fa33dd9f5ac9f0429a6fd52c23551e300c2286270349e62b6fa62ba38e7
                • Instruction ID: 8398fa706dbbeef441fa116aa04278865f6150e2ac7fefd9589440f6367606ef
                • Opcode Fuzzy Hash: 831f1fa33dd9f5ac9f0429a6fd52c23551e300c2286270349e62b6fa62ba38e7
                • Instruction Fuzzy Hash: DA41B3B16007029FE325CF29C580A26B7F9FF89314F188A6DE54F87A50E731E845CB90
                Function 019FA470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d3c5aa1f48f6ef8c21f12550e8ced89aacdd2c62a938e15598238f963864c3c
                • Instruction ID: 7ef20a5009a27649225b1b234181c9ab96107579bb3a8257e6416fc7e33b2687
                • Opcode Fuzzy Hash: 1d3c5aa1f48f6ef8c21f12550e8ced89aacdd2c62a938e15598238f963864c3c
                • Instruction Fuzzy Hash: 3F410232940206EFDF21DF68C898BED7BB4FF58B20F044559D619AB285DB34D901CBA4
                Function 019D8BF0 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3060463c8f987fb32ae4d6992ec16eb96f312ab4a5e27c736b7181c95e8f316a
                • Instruction ID: 6717677fc603b9d5ea61a0bc6c3668b373547322b23215e5bed55e3a61170854
                • Opcode Fuzzy Hash: 3060463c8f987fb32ae4d6992ec16eb96f312ab4a5e27c736b7181c95e8f316a
                • Instruction Fuzzy Hash: 2B41F136901206DFD7299F5CC890B6ABBB5FBD8B04F15C02AE9099B256C735D842CBD0
                Function 019C8918 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7e724d65871b7df20a9d5757a79ef7e6e93134cfda2db1ea32795a87ec99dc52
                • Instruction ID: 075d7194c5fc92eb7ddf6c44fc2f06521c5d2da99041a460132d1f3b76f6b240
                • Opcode Fuzzy Hash: 7e724d65871b7df20a9d5757a79ef7e6e93134cfda2db1ea32795a87ec99dc52
                • Instruction Fuzzy Hash: 31416235508316AFD312DF69C840AABB7E9EF84B54F40092EF989D7250E731DE058BA3
                Function 019CA020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: 4846c589a830ee43a9ab1638bf177d88209119d75936c501dc8a07b4fdc100bb
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: 3C416031A00229DFDB11DF5D8440FBAB771EB95B95F15C06EEA898B241E637CD40C7A2
                Function 019D09AD Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 23e52b5678891a39c9e75e484a9c1d6f48437ee09f5f25300354d29baa39ea6a
                • Instruction ID: e6a100fabaa171fcb021b60e511c92f3225b84a087a8c63a4fc378685acd71c9
                • Opcode Fuzzy Hash: 23e52b5678891a39c9e75e484a9c1d6f48437ee09f5f25300354d29baa39ea6a
                • Instruction Fuzzy Hash: AA416671600601EFD721DF18C844B26BBF8FF98315F28CA6AE44D8B251E770E942CB91
                Function 01A00710 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction ID: c07550788e9475a7d0998b74fb6a9ae48ccc65f0746eacc39b1652707d2db52b
                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction Fuzzy Hash: 86411871A00605EFDB26CFA9DA80BAABBF4FF18740B10496DE556D7691D330EA44CF50
                Function 019D262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d9ae562200ae3580b20c92ba44958fad929a59cfc55a2e6fb57ff2d52ca14044
                • Instruction ID: 0da164847da33c17bff634924b71955b6aff4f4a753899094f231d5c5dd11484
                • Opcode Fuzzy Hash: d9ae562200ae3580b20c92ba44958fad929a59cfc55a2e6fb57ff2d52ca14044
                • Instruction Fuzzy Hash: 3D41BFB5501701CFC722EF28C900A69B7F6FF94711F15C6AEC40E9B2A1EB30A942CB51
                Function 01A0C8F9 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f757793d0c0e906d4f24eaceab2e3a25b97cdc5b6e38ba74ff650d0715fadea
                • Instruction ID: 3515c937af435f381caf965022568a64d9addb68ae4f6cc7b2f5201afcd33bb7
                • Opcode Fuzzy Hash: 5f757793d0c0e906d4f24eaceab2e3a25b97cdc5b6e38ba74ff650d0715fadea
                • Instruction Fuzzy Hash: CF3179B1A00345EFDB12CF98D540799BBF0FB49B24F2081AED119EB291D3369902CB90
                Function 01A507C3 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db893f16ea26f29bb32299e3b38a0b19ed03f17b7e95e4fd7e6e4b6312056c25
                • Instruction ID: 0b2705fabc82871f1a67a90c9eebe9fa2e5405dede6f03f5d47ad47d5da0b1bb
                • Opcode Fuzzy Hash: db893f16ea26f29bb32299e3b38a0b19ed03f17b7e95e4fd7e6e4b6312056c25
                • Instruction Fuzzy Hash: 20418B715083019FD361DF29C945B9BBBE8FF88754F104A2EF998D7250D7309805CB92
                Function 01A505A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3f08c7bf81913d205901e8f29b6e0a8cb5bb0b3634bccf3ac08b6cadf988e1fe
                • Instruction ID: c89643302c493e5204ec38ca69f1b999abd2768a6cb6029e2f66741dc22ba228
                • Opcode Fuzzy Hash: 3f08c7bf81913d205901e8f29b6e0a8cb5bb0b3634bccf3ac08b6cadf988e1fe
                • Instruction Fuzzy Hash: 1D41C0726086429FD321DF68D940A6AB7E9BFC8700F144629F99897680E770E904C7A6
                Function 019D4859 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8ea568543f794fbe1884209b096d280c3816f68db11c8a6b86cf005c3edd9d1
                • Instruction ID: 127918f6ef8ef00c7e9d7fce687d6994726cfb518e6b9244e2b6a765d8d731c8
                • Opcode Fuzzy Hash: e8ea568543f794fbe1884209b096d280c3816f68db11c8a6b86cf005c3edd9d1
                • Instruction Fuzzy Hash: D041E4306003028FD725DF2DD884B2ABBE9FFC0B55F14842DEA998B691DB70D951CB91
                Function 019E02E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: 6280d0917a6e49ef9042e4cf8dad32dfd9d7d2210a76bead2e6fe4ba3847680f
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: A931F831A04245AFDB129B68CC48BABBFE9EF54350F0885A5F459D7352D6B4D844CBA0
                Function 01A7E3DB Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 33e72892d65169b8ff7b836dcb630c9cac8be1640127d749be54a97d5faa46ae
                • Instruction ID: 6ff042f3fff3d923cb5ca1b4ed377289322b037e0f1a37cebd7f2b78fd0927cd
                • Opcode Fuzzy Hash: 33e72892d65169b8ff7b836dcb630c9cac8be1640127d749be54a97d5faa46ae
                • Instruction Fuzzy Hash: C631B735750706ABDB229F69CC41F6F76B8AB99B50F000068F604AB3D2DAA5DD00C7A4
                Function 01A84B4B Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e870f0b77f9df73813c5d27ffd46c0941f74fa9692da97e357133d4343a4781
                • Instruction ID: 5d0ac4f95ac3cd18e2c48e32a66f594103f7eaf01c286a94ad7da9152185df53
                • Opcode Fuzzy Hash: 8e870f0b77f9df73813c5d27ffd46c0941f74fa9692da97e357133d4343a4781
                • Instruction Fuzzy Hash: C731A3726056029FC322EF19D884F26B7E9FF88360F09446EE9998B351D730E855CB91
                Function 019D4260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4f9e7391ada232968762ec51577357549f9462439e4c5fa10813b4df36f0c115
                • Instruction ID: 88f6a4087404322b2c1be9d81288c100020879477c0bfd8dc813d29690cc8b24
                • Opcode Fuzzy Hash: 4f9e7391ada232968762ec51577357549f9462439e4c5fa10813b4df36f0c115
                • Instruction Fuzzy Hash: 4341CE75200B05DFD722CF68C680FD6BBE9AF88714F008829F6998B650DB70E804CB90
                Function 01A84BB0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9fa10eab0d9b73bc1aad46d75adef02f0a66594645e7bfb242ee93ce0768a09e
                • Instruction ID: 05f250890024e2f351db6ee5f559bb9457f20ca41c20a14b105e65139fd8b813
                • Opcode Fuzzy Hash: 9fa10eab0d9b73bc1aad46d75adef02f0a66594645e7bfb242ee93ce0768a09e
                • Instruction Fuzzy Hash: 73317EB16047029FD320EF29C880B2AB7E9FB88710F09456DE9599B351E730EC15CB91
                Function 01A4EB1D Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 121ba2735ab6c1a10f1ea8ff86b4d977fe3a298e0ed8a42534b9060c2f2fd5b7
                • Instruction ID: a92e16d8881864993db1095739a1bc44f7a848ab7cfd5928a2fa9dbbca14c5dd
                • Opcode Fuzzy Hash: 121ba2735ab6c1a10f1ea8ff86b4d977fe3a298e0ed8a42534b9060c2f2fd5b7
                • Instruction Fuzzy Hash: 6A31D3317016869BF322576DCE48B257BD8BFC4B44F1D44A0AF459B6D2DB2CDC82C264
                Function 01A961C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 59f13f9855c4184c7143a9e73e0d0617b7b3defcdeb4266658d08c70ab8efa93
                • Instruction ID: 2286f82bed6c64498032654c171894cfd2a64efb4b3fb9262b615f298ce16038
                • Opcode Fuzzy Hash: 59f13f9855c4184c7143a9e73e0d0617b7b3defcdeb4266658d08c70ab8efa93
                • Instruction Fuzzy Hash: E831D075E0021AABDB15DF98C944BAEB7F5EF48B40F4541A9E904AB244D770ED40CBA4
                Function 01A7483A Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2de0796583e72460bb6c625acc6f6838c19c44b69fd4a1901a860cafbd4bedc1
                • Instruction ID: 451718ba4cb543f736eb65d3a5ad922654db0d10b72f9fce38adc9ae1307bba3
                • Opcode Fuzzy Hash: 2de0796583e72460bb6c625acc6f6838c19c44b69fd4a1901a860cafbd4bedc1
                • Instruction Fuzzy Hash: C9313376A4012DABCB21DF54DD88BDEBBF9AB9C350F1540A5E508E7250DA30DE91CF90
                Function 019FEB20 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 038c14c8ba283acaa74cc1523d1c887844be02fd9c2070ce9324bf8dbb5e05a4
                • Instruction ID: 8caae3532d56016c850b24f8f234828ef3e2d72fcfbf681d0d1b67e711848449
                • Opcode Fuzzy Hash: 038c14c8ba283acaa74cc1523d1c887844be02fd9c2070ce9324bf8dbb5e05a4
                • Instruction Fuzzy Hash: 7A31CB72D10219BFDB21DFA9CD44FAEB7F9EF44750F014469E51AD7260D6749E008BA0
                Function 01A960B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 041fbdd8f3ad1e630ac18c3da43d451f2ef478b1f84371a1b09d13abf6357912
                • Instruction ID: 0b04785f589751be3427f90fb2895d7dfc517ab709ebd48a339d558ac1f71ddb
                • Opcode Fuzzy Hash: 041fbdd8f3ad1e630ac18c3da43d451f2ef478b1f84371a1b09d13abf6357912
                • Instruction Fuzzy Hash: C73103B1A40302AFDF239FA9C950B6EB7F9AF84754F14406DE509DB352DA70DC418B90
                Function 019D07AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c53430c42f86c2f35bcf9bf46f9b156772e3f9e6919c62c27bb918114148f232
                • Instruction ID: e93d11a6445e4d0fc00592ffbcb145e32a7f6d3f6fcfd457ab8998c37e068b79
                • Opcode Fuzzy Hash: c53430c42f86c2f35bcf9bf46f9b156772e3f9e6919c62c27bb918114148f232
                • Instruction Fuzzy Hash: FC31D432E04716DBC712DE68C885E6BBBA5AFE4650F09892DFD5DA7310DA31DC0187E2
                Function 019D8550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e903b32b025ec5a2a191624a7112def43799d1838b172e744fda4f395ce34f6c
                • Instruction ID: 1b28dc8a091744a709b6aa640c8ad8284c34c6727c7ece102d4fef04eb6c335a
                • Opcode Fuzzy Hash: e903b32b025ec5a2a191624a7112def43799d1838b172e744fda4f395ce34f6c
                • Instruction Fuzzy Hash: EE316B716093019FE720CF19C840B2AFBE9FB98710F4989AEF98997251D770EC48CB91
                Function 01A0A6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: 63fd421210cc51790909d766df8ffe5d3d68f53f0b8462d9e850598f3d5d2a65
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: B3311072B00701AFE766CF6DDD41B57BBF8BB49750F14452DA59AC3691E630E900CB50
                Function 01A7EBD0 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 783c306fbc2399887239a0a60b6a8c20b26d1757373412b507c3b680c45b9a01
                • Instruction ID: 7d31243f16b91c61df72cc09b6632f299bfcc7f47134ca40b7e5b195b98034d3
                • Opcode Fuzzy Hash: 783c306fbc2399887239a0a60b6a8c20b26d1757373412b507c3b680c45b9a01
                • Instruction Fuzzy Hash: 7D31BAB5509301DFCB22DF19C94486ABBF9FF89614F0589AEE4889B311E330DA45CBD2
                Function 019F438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eea215632dacc225cc90d934e29e34818f44d4f9b7a4e8902ddccc109abee75a
                • Instruction ID: 66579a52bf1a2f446cffc0d40b57c78b80dddebb4e0e9de8de471702b3bea0ec
                • Opcode Fuzzy Hash: eea215632dacc225cc90d934e29e34818f44d4f9b7a4e8902ddccc109abee75a
                • Instruction Fuzzy Hash: 0A31D431B00205AFD724EFA8C985B6FBBFAAB84704F00852DD609E7695D730E945CB91
                Function 019CCB7E Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction ID: 0a92a9aef34dd1bfee5be3be96cf9933aac4607bf8a8a82ea4360d0f92b9a69b
                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction Fuzzy Hash: 58210936E4025AAAD711DBB9C850BAFFBB5AF54740F058439DE59E7340E270D90087A1
                Function 019CC156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2749e9729899e578fc92dfe917fa0fdafd72294424cd7ddb062842d86bcbcb6c
                • Instruction ID: 4ccc46fbcadd999e00b34bc2bcffa9b28176e40c259e2780c8820a7f5a126d97
                • Opcode Fuzzy Hash: 2749e9729899e578fc92dfe917fa0fdafd72294424cd7ddb062842d86bcbcb6c
                • Instruction Fuzzy Hash: CC3127B25002218BD731EF6CC844B7977B4AF90314F5481A9D98A9B382EE78D986CB90
                Function 01A8C3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: 34ba62812c1fea987fe50f47f23d783afba41a4da611537bd8d0eabe755ce9c0
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: 8721303660065276CB15BBD9CD04AFBBBB5EF40720F40801AFA9587597E634D990C770
                Function 019CE420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e32f4d4177880163abbf9573b0d67e6a8632e499243e48a2f48937790c23b11
                • Instruction ID: 403f0c539a2a4fba0f5278d399b6f839ec1bb4baa3202908f4a77b01c438a671
                • Opcode Fuzzy Hash: 1e32f4d4177880163abbf9573b0d67e6a8632e499243e48a2f48937790c23b11
                • Instruction Fuzzy Hash: 5A31E831A0111C9BDB31DF18CC41FEEBBBDEB55F80F0104A9E68AA7290D6749E808F91
                Function 01A04588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: 040693dba01659cb80d74f69ee4f52703bad86b0f6d117d22b893802b19950f5
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: 4B217435A00605EBCB16CF99D980A9EBBB5FF4C714F108165EE159B281E671EE05CB90
                Function 01A044B0 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 685e3cdaec7984f99248eb88fed0790af83081ac3b33a52779d2887b650f11e7
                • Instruction ID: d9afbdfd959e9069a926783af68dcd03c8c3911893de9f83bf2f64e05e86697d
                • Opcode Fuzzy Hash: 685e3cdaec7984f99248eb88fed0790af83081ac3b33a52779d2887b650f11e7
                • Instruction Fuzzy Hash: 9521C5729047459BCB22DF28E580B6B77E4FF8C760F054519FE589B681D731ED018BA1
                Function 019CE388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: 7a997818371d9021889e3863e75ae311a5ad69b87fe4c82e9de4d8897fae6879
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: A431A931600605AFD721CBA8C984F6ABBF9FF85714F1049A9E546CB281E730EE01CB51
                Function 01A4E609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 819f5c176d7b4fec98303109cf7c0ea9234e8595ba0e4a647d194a446c8c28cb
                • Instruction ID: d075281e8e55555deeeaf6f7a826a73f05b245315fb386091c5f00a463c1200a
                • Opcode Fuzzy Hash: 819f5c176d7b4fec98303109cf7c0ea9234e8595ba0e4a647d194a446c8c28cb
                • Instruction Fuzzy Hash: 26314979A00205DFCB18CF1CC8849AEB7B6FFC8304F19445AE8499B395E775AA50CB94
                Function 01A506F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df758dbb3cb66d7dfd05b9ad8ae3e1766bd210d372b22ae8ae155f5208a94ab1
                • Instruction ID: f559415164060262b8d629987f43b912e86bb305024dca72a20525c715f8b7b8
                • Opcode Fuzzy Hash: df758dbb3cb66d7dfd05b9ad8ae3e1766bd210d372b22ae8ae155f5208a94ab1
                • Instruction Fuzzy Hash: 1F21A075900629DBCF11DF59C981ABEB7F8FF48740B540069F941B7240D738AD42CBA0
                Function 01A5019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 25af82cc06f13f0ee5f98c47bb135e1f49d0c154c51cf472d44f3fc396c3fa7d
                • Instruction ID: ca0f97e25dbc6d108955a7e9f587e3d0b0858a96be15a9f88b5207b0ec8bd4a1
                • Opcode Fuzzy Hash: 25af82cc06f13f0ee5f98c47bb135e1f49d0c154c51cf472d44f3fc396c3fa7d
                • Instruction Fuzzy Hash: 6E21BC71600605AFD716DB6DC944F6AB7F8FF88780F140069F908DB6A0D634ED40CB64
                Function 01A50283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a902c2f7c16ecc39f685c1cc44759af1399e92df686b82bca06f3155f2e78fc
                • Instruction ID: fa81a834dbc52c2557c873200cda98b479137b481ae8570f5dcb8662b26acf9e
                • Opcode Fuzzy Hash: 6a902c2f7c16ecc39f685c1cc44759af1399e92df686b82bca06f3155f2e78fc
                • Instruction Fuzzy Hash: C221C5729083469FD721DF69DA48B5BBBECAFE0350F084456BE84C7252D734D944C7A1
                Function 019F2835 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eeb462ec98b679989ed23ef8baa74cfd8647431218a5c4ad32341e95e4cf9fd3
                • Instruction ID: d14ccd152b25883b120b4487926f66b9b0c587bdef0c95d912ba7029fcfeb3fc
                • Opcode Fuzzy Hash: eeb462ec98b679989ed23ef8baa74cfd8647431218a5c4ad32341e95e4cf9fd3
                • Instruction Fuzzy Hash: FE21F932605695ABE723976CCD08F243BD4AF85774F2803A8FA64DB6E2DB68C8418341
                Function 01A0A30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 520d1c5fa326189d87dc4693e09f3ed656fcb7a033191b74f7426b641598fc61
                • Instruction ID: e5c30ff7efd7511323f0aac92a2c44f97b3b6e1851c08ed85402da05393678af
                • Opcode Fuzzy Hash: 520d1c5fa326189d87dc4693e09f3ed656fcb7a033191b74f7426b641598fc61
                • Instruction Fuzzy Hash: F3217979610B01EFC726DF29C901B56B7F5BF48B04F24846CA509CBB61E371E942CB95
                Function 01A8A49A Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8e68f75527619704a5806b07846876df64e755aba22ae00174e12975a1aeaf3
                • Instruction ID: 845bff3bd28f6acbe0b6f9e58dcea0ff6f8bf30355007ed2088f2dca14adde5f
                • Opcode Fuzzy Hash: f8e68f75527619704a5806b07846876df64e755aba22ae00174e12975a1aeaf3
                • Instruction Fuzzy Hash: A6112C72340B117FE7266669DC01F27B699DBD5B60F554029B708DB190EB70DC0187A5
                Function 01A50946 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0bf8bddd55245936c617a7a1b02bf5015e8e0408c012d77397a9311224cdf84e
                • Instruction ID: 2db0fb92555b46b242c99b2ec337325a62b762d8f346d031332cc46a7fa5915b
                • Opcode Fuzzy Hash: 0bf8bddd55245936c617a7a1b02bf5015e8e0408c012d77397a9311224cdf84e
                • Instruction Fuzzy Hash: 4B2107B1E00249ABCB10DFAAD9819AEFBF8FF98B00F10012EE409A7344D6709941CB54
                Function 01A680A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: 237b5b4b710aa62bdf3c401a83ad8fd65d4d1823a2248eb0e1d36f0c46b236a0
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: A0218C72A00309EFDF129F98CC44BAEBBBDEF88310F214859F915A7251D738D9508B50
                Function 01A00124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: d00bdc005dea3067041f1ab256909b2fec5e5627f9f6daba6d66b3ec71fb53cc
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: 1911E272600705BFE7239B54EE40F9ABBB9EB80794F114029F6048B1D0D671ED44CB60
                Function 019D8770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 44b9d7b2bf59d79d5c1911f08b1209fabeb9cae9d6a5ce0322bb3f4d4e75a888
                • Instruction ID: 37c44ffa11cacce2efb56006bc27d1904ff3b1fcd7c594a81afd61711ea86406
                • Opcode Fuzzy Hash: 44b9d7b2bf59d79d5c1911f08b1209fabeb9cae9d6a5ce0322bb3f4d4e75a888
                • Instruction Fuzzy Hash: EB1182357016119BDB12CF4EC5C0A66BBEDAF8AB51B1AC06DEE0D9F206D6B2D9018790
                Function 01A0AAEE Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction ID: 9d6559615a5421ee0a854c2af0b96c5c8fc09fc7a0a3f6117deb806525aabbfe
                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction Fuzzy Hash: 7021A972A40B01DFD7228F5DE544B26BBF6EB96B10F14897DE94A87650C730EC01CB80
                Function 019D80E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e80761fd0c378ffcef3f7c449a99b6efaa2026803bd1d4f17984d802f850f391
                • Instruction ID: 470a7ca7afb8da916717858eb54264f3e376bae7e4bc308f822b26d0b5bbaf2c
                • Opcode Fuzzy Hash: e80761fd0c378ffcef3f7c449a99b6efaa2026803bd1d4f17984d802f850f391
                • Instruction Fuzzy Hash: FE218175A00205DFCB14CFA8C581A6EBBF5FB89318F24856DD109A7351DB71AD0ACBD0
                Function 01A0674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82c2409dd5b2b8db206096bc09cfd9f9b2a08691eda3661152e87b4e4f2b1c0b
                • Instruction ID: ea509106c5413e4a6baf4f489e552202749d5fe4052af10761ddb1dae3c7a7aa
                • Opcode Fuzzy Hash: 82c2409dd5b2b8db206096bc09cfd9f9b2a08691eda3661152e87b4e4f2b1c0b
                • Instruction Fuzzy Hash: 44218C75600A00EFD7228F69D880B66B7F8FF84754F04882DE59EC7290DA30B960CBA0
                Function 019FE8C0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 11acd3fceeac27af8560858e1adb25178c0e4e9a2d4c2d470f7e13b3786df21f
                • Instruction ID: 7772396c947d3047b678f9c8b228c55d2bf971b4ae73661069624e5f1a144943
                • Opcode Fuzzy Hash: 11acd3fceeac27af8560858e1adb25178c0e4e9a2d4c2d470f7e13b3786df21f
                • Instruction Fuzzy Hash: 85114C327041106FCB1ACB28CC44A6B725BEFD5774B25492DEA2A8B390E9308C11C390
                Function 01A66870 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 104c5eddd385ed6fffca2b341a3f7d89d4506b66ac8e82092b3b8dae1e5e0fb1
                • Instruction ID: ace444bd8ba4d6c049dc2fff02a43ff0772993ba51c7b46f5c2c23135bc0d879
                • Opcode Fuzzy Hash: 104c5eddd385ed6fffca2b341a3f7d89d4506b66ac8e82092b3b8dae1e5e0fb1
                • Instruction Fuzzy Hash: 7A11C133240604EFD723DBA9C940F9A77ACEB95650F014028F619DB260DA70E901CBD0
                Function 01A066B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b33007999ccd1e4a72e620407e65f477063625c19a4e13478596029d11ba3be
                • Instruction ID: 4c6a388670ba95ac0b979fee561b35ebd5df4000f957af13ad6897d8ed0e1ef2
                • Opcode Fuzzy Hash: 6b33007999ccd1e4a72e620407e65f477063625c19a4e13478596029d11ba3be
                • Instruction Fuzzy Hash: 0A11CE76A01205EFCB27CF5DE584A5ABBF8AF84714B054079D90DAB350F670DD10CB90
                Function 01A9A8E4 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction ID: 7993502d200042cec4338bca6721a7838a33e1f956e51fae29f48e8b45e120f4
                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction Fuzzy Hash: 5411C436A00919AFDF19CB58C805B9EBBF5FF84210F058269EC55E7380E675BE51CB80
                Function 019D0AD0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction ID: 32ed25ea1e9db02218970c171b6a852573e1253bb40d4eee54a0b381f90af310
                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction Fuzzy Hash: 2E2108B5A00B059FD3A0CF29C540B52BBF4FB48710F10892EE98AC7B50E371E814CB90
                Function 01A5E7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: 67f3cb620a41ef006853308fb936db9d8ccd5642b6c0cf48a868c3cf48717db9
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: C711C232604601FFE7629F49C844B56FBE6EFA5754F09842DEE099B260DB31DE40DB90
                Function 019F27ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c59ca253e1e57d81c1daeb26deb52ca3f6583e60562c46b48d8b6ea0925e89db
                • Instruction ID: 2d8ee4f2509134785da32cbfa05bb064eb8ea74dfe249e5de0936edc8f4dc8f6
                • Opcode Fuzzy Hash: c59ca253e1e57d81c1daeb26deb52ca3f6583e60562c46b48d8b6ea0925e89db
                • Instruction Fuzzy Hash: 7E01D631705685BFE316A36ED858F277B9DEFC4795F0540A9FA49CB291DA24DC00C362
                Function 019D4690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2be9f5a278bd70298100ca0a338325d92943fa88acecdb9bba02678ac4e1c535
                • Instruction ID: eef45cd9808cfe5c2d5e328fbb1fd43dbb44130d6970fd16f9554127a03f692d
                • Opcode Fuzzy Hash: 2be9f5a278bd70298100ca0a338325d92943fa88acecdb9bba02678ac4e1c535
                • Instruction Fuzzy Hash: EE112536340654AFDB25CF59C940F567BA8EB85B65F028119F90C8BA50C370E800CFA0
                Function 01A06620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4876abd49901d6d4d4ac78b0556feb2ecf6abf7c95e5a09d9f6309e89c582491
                • Instruction ID: 26b6171920f87fe864fa5f6b654bfb75f2a97bdb37d580575954ee051d4ed404
                • Opcode Fuzzy Hash: 4876abd49901d6d4d4ac78b0556feb2ecf6abf7c95e5a09d9f6309e89c582491
                • Instruction Fuzzy Hash: F011C272A00715ABDB26EF59DDC0B5EFBB8EF84744F550459DA09A7240D730AD118B60
                Function 019FEA2E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e47d03032d181e30acb53a36202ede21f7300a763afd4806e0d3f9cc91ad33d5
                • Instruction ID: 79cb640e2a819ecf533f53fad32517b814dc8725774862aa1b09223f5312ff13
                • Opcode Fuzzy Hash: e47d03032d181e30acb53a36202ede21f7300a763afd4806e0d3f9cc91ad33d5
                • Instruction Fuzzy Hash: E8019275A00209AFC726DB19D448F26BBF9EBD5715F25817EF1098B260C770ED46CB90
                Function 019FE53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: 30e51edde26439c59d45d54d41aa71b8eeba0b1544b59ce46ed0fd068044ccca
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: 1A110C71A116C6AFEB23971CC948B257BD4FB80748F1A04E5FE45C7692F328C942C352
                Function 01A5E75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: 6edfb5f3deac750a57f6bcff1ece0dfa92000fe9dbc5b02662610630e7fc9706
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: B301F532608505AFE7619F58CD04F5AFBA9EF81754F098024EE099B261E771DE40C790
                Function 019CA250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: c3adb2a9d8c9b5bb58700d62d88dead8e0be2da35eca94732076d8ff0de57542
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: CE0126314047399BDB318F19D840A327BFAEF55B65700892DFCD98B281E335D400CB61
                Function 01A4E1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 18601032f69ef66cd04958f281890093496d72cc557c121a3293505786e1b2ad
                • Instruction ID: a4fd658940cd31dd1a97771cf4d3b92e6ead4a85613f98593b47cf54da9c67d9
                • Opcode Fuzzy Hash: 18601032f69ef66cd04958f281890093496d72cc557c121a3293505786e1b2ad
                • Instruction Fuzzy Hash: D011C032241641EFDB16EF19CD91F16BBB8FF94B54F2400A9FA099B661C235ED01CB90
                Function 019D6259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30681fa6fbe672290937443b7d641af408dd05165a7a286ab56ad5b6291c0eaa
                • Instruction ID: d3b38a3347bb0fd687330fa0126bfd76eca6022a911beb5ecc1090ac17f926f3
                • Opcode Fuzzy Hash: 30681fa6fbe672290937443b7d641af408dd05165a7a286ab56ad5b6291c0eaa
                • Instruction Fuzzy Hash: B7117C70545229ABDB25EF64CE42FE9B3B8BF44710F6081D5A319E61E0DB709E85CF84
                Function 01A06DA0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                • Instruction ID: 0399cb9e6b2220bfc115a3b6f13d958ddd71f1c25cff000697681440976e1524
                • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                • Instruction Fuzzy Hash: 5301D8B160435567EF269B59E804B9B7FA9DB80B54F154019AA0E5B2C0D774DCA0C3E1
                Function 019D208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: 50490cdb96dbfa82888b667156e2ae845c7e6343fdea87ee3b1e4c180ec9701b
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: 060128326002108FEF118B2DD880F62B76BBFC4700F5585A9ED098F246DA71CC81C790
                Function 01A56050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 18ba03fbdc49d772021ff53dd81844352b5b7d2e26a3809875b58c721432cb95
                • Instruction ID: ee98550270f911cd45930b478f1ae27c7503923fc7c5e555a28700b1c803c815
                • Opcode Fuzzy Hash: 18ba03fbdc49d772021ff53dd81844352b5b7d2e26a3809875b58c721432cb95
                • Instruction Fuzzy Hash: E7111B76900119ABCB12DB94CC84DEFB77CEF48258F044166E906E7211EA34AA55CBA0
                Function 01A66500 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 27f8c42d45116d5ad4c1f458db53df5149713c13123b2dad9488fffbf769567e
                • Instruction ID: 6d705a623a31c8470187b468f7b55f09a06932c3eeeaa05e2f4220ce92292429
                • Opcode Fuzzy Hash: 27f8c42d45116d5ad4c1f458db53df5149713c13123b2dad9488fffbf769567e
                • Instruction Fuzzy Hash: 5211C4366441469FD711CF68D801BA6FBB9FB9A314F088159E849CB325D732EC85CBA1
                Function 01A5C810 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f3a3d2f4173b6cc3683498baf8e11b1acb08062c56805b1789fa24da73a078a
                • Instruction ID: 7596dff6dc5f33df92acfb6cdd1ada262bb13c2efee14ab5896a14a0151d4b15
                • Opcode Fuzzy Hash: 9f3a3d2f4173b6cc3683498baf8e11b1acb08062c56805b1789fa24da73a078a
                • Instruction Fuzzy Hash: 121118B1A002199FCB00DFA9D541AAEBBF8FF58350F14406AA905E7355D674EA018BA4
                Function 01A7EA60 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8904debffc31af38d2f597a784e8f116081cfa30fd400344529b202893c448b
                • Instruction ID: 3a126170b3f3ae3f7be6d9ddd1bbd8794843c45457ea6265fa5822c3a07857df
                • Opcode Fuzzy Hash: e8904debffc31af38d2f597a784e8f116081cfa30fd400344529b202893c448b
                • Instruction Fuzzy Hash: B501B1325402119FCB33BB19C948966BBF9FF91A52F0584AEE5495B211CB60DD41CB91
                Function 01A120F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49056dcf8ffabeed2aacaeea19d37e5cb878c0bbcbf795f1690ea9b9d21174a6
                • Instruction ID: 76e1217a47f26865721323b06dd62b1fd5a17c3090bbddd25076f7b1763cda17
                • Opcode Fuzzy Hash: 49056dcf8ffabeed2aacaeea19d37e5cb878c0bbcbf795f1690ea9b9d21174a6
                • Instruction Fuzzy Hash: 83116D75A0024DEFCB15DF68C951BAE7BB9EB88350F104059E9069B254D735EE11CB90
                Function 019CC020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: eab097f5502248144a5e3cb7cd038dacbbe006add5f0e64c4a0452910afcb10b
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: 8E01B532100B45AFEF22DAAED900EA7BBEDFFC5614F05481DE68A8B541DAB0F541C761
                Function 01A0E5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 35c2b3845406aa011173b648e4448c178678c18a1e5f032637712f22fff55cd1
                • Instruction ID: 68f1ccb3bddb00fd94a7d4a92d34be4a3b930e0e348deb784421b18a696df1ad
                • Opcode Fuzzy Hash: 35c2b3845406aa011173b648e4448c178678c18a1e5f032637712f22fff55cd1
                • Instruction Fuzzy Hash: EC018471601601BBD312AB79CD44E57B7ECFFD8A54B000529B50D83651DB64EC11C6A0
                Function 01A669C0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c798aba697e039f161454c9c32a3013d34eb42cd204cde763f48bb590cffc541
                • Instruction ID: d4f3ef0a561435762bf9807e9d052953bd7a158b2aaca38c1ec31fd83e559a4a
                • Opcode Fuzzy Hash: c798aba697e039f161454c9c32a3013d34eb42cd204cde763f48bb590cffc541
                • Instruction Fuzzy Hash: 3B01FC32214206DBC324DF7EC94896BFBBCFF98660F154129E95D87280E7309901C7D1
                Function 01A5C460 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c84fdfbcc45bb2e1870fbe7a483253fefd6c2063cb5690a5fcb8661b43e99d45
                • Instruction ID: 5c1efd6e2f80e2c069160d801c26477d1c54543227ae6bdfdd5422f8e2a4c5ac
                • Opcode Fuzzy Hash: c84fdfbcc45bb2e1870fbe7a483253fefd6c2063cb5690a5fcb8661b43e99d45
                • Instruction Fuzzy Hash: 3E115B75A0024DEBDF15EF68C944EAE7BB9EB48354F004059BD0197349DA35EA11CB90
                Function 01A5C97C Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fae6687c93d13d1844877532a674ce3c3ffc96caca6298a597d7406eee3e07fd
                • Instruction ID: 12aeda2848d3a680bbb2ec81b99496b31df534875d07cbf07ecd6699693f57db
                • Opcode Fuzzy Hash: fae6687c93d13d1844877532a674ce3c3ffc96caca6298a597d7406eee3e07fd
                • Instruction Fuzzy Hash: 371179B1608309DFC710DF69C54295BBBF8EF98320F00451AB998D7394E630E900CBA2
                Function 01AA4A80 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction ID: 87d650311e28b87b470cce027fc34562f742768c6d5963772a1f9507ad317d60
                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction Fuzzy Hash: 0B01D432200B059FE7259B69D854F96BBEAFBCA610F4C4819F6428B650DBF0F880C794
                Function 01A5CA11 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8c7d35eb24c480a82acb7c893686e30a6b018167b1acd8151fd7a6548423fb76
                • Instruction ID: 22c38ddac7bfb264f5db80be41ae7085e4dabf975d093af493fbfde4e0bad2d8
                • Opcode Fuzzy Hash: 8c7d35eb24c480a82acb7c893686e30a6b018167b1acd8151fd7a6548423fb76
                • Instruction Fuzzy Hash: D21179B16083089FC700DF69C54195BBBE8FF99360F00851ABA98D73A4E630E900CBA2
                Function 019EE016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: 246218093b38f4ca1228bcd69c7aeb2ab4e7a2a3cbe1b0bc05419fa293505c40
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: 790178322086949FE327871DCA4CF777BECEB88B55F0904A5F909CB6A2D638DD40C621
                Function 019C826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a398a52acb0cde3cb7c3df00cb54b88c9b8d837f877102a8fa9f6525d60f53b
                • Instruction ID: 43e89009acd1ba8215a55c718e971b0525cec257e53d4abf7f10aacfa5602e9c
                • Opcode Fuzzy Hash: 5a398a52acb0cde3cb7c3df00cb54b88c9b8d837f877102a8fa9f6525d60f53b
                • Instruction Fuzzy Hash: E101F771700605EFD714DB69D918ABEB7AEFF80A60B15402DDD06A7780EE30ED02C291
                Function 01A7EB50 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 647e192b0bc7282de8a283a1545ffae5321dd81f6f7b8720a141dda75b6ad2b4
                • Instruction ID: 733ad036df666cf6aa4c9107fec58520188fa88de076f1fd15959e13d9b178d5
                • Opcode Fuzzy Hash: 647e192b0bc7282de8a283a1545ffae5321dd81f6f7b8720a141dda75b6ad2b4
                • Instruction Fuzzy Hash: E401A272240701AFD3329B19DD44F52BEB8EF95F50F11842EB20A9F3A0D6B0D9418B54
                Function 019D2582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc8ab805363c9c27e2de07eada95adc47da0ab687088b9dad29b025195cf0c50
                • Instruction ID: 8ca4d30f81d2d5bb3f128e4e5fb04b74be2967d399216aca6733bc1867e1d3ce
                • Opcode Fuzzy Hash: cc8ab805363c9c27e2de07eada95adc47da0ab687088b9dad29b025195cf0c50
                • Instruction Fuzzy Hash: B7F0F932641710B7C732DB5ACC44F577FADEBC4A90F018028E60A97640C630ED01CAA0
                Function 019FC073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: 67169e545b3ad8540e338e4777a01a60145d9f661978d5524f2b9f3333742b56
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: 91F0A4B2600615ABD324CF4DD840E57F7EEDBD1A90F058128A609C7220E631DD05CB50
                Function 019CC310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: 6b63b1988d14d0b09bf27e1908ff05c68dffa10f3cff7372cdd609069a7a843d
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: DCF021332446339BD732565D9840F2BAE998FD1E64F19003DF24E9B204C964DD0257E3
                Function 01A0CA6F Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction ID: c3c971f23f67d22426c40d81c48161dc62531444968d97cdb8176ddc532695bf
                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction Fuzzy Hash: B901F4326006859BD323976DE909F59BBE9EF81764F0C81E5FA048B6A2D77DC980C210
                Function 01AA61E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3bd80cfd0355468a9abf15582085aa4d221da51d115085dfaf8acec97c9f1092
                • Instruction ID: 82e0a2d72356ee8d03456311f5098a7213b27c295ebe42236a3ee510fc9d2e8b
                • Opcode Fuzzy Hash: 3bd80cfd0355468a9abf15582085aa4d221da51d115085dfaf8acec97c9f1092
                • Instruction Fuzzy Hash: 0B014F71E00249DFDB04DFA9D545AEEBBF8BF58310F14405AE505A7380D774EA01CBA4
                Function 01A5A4B0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ecc30ccd35af531c766d3c012caf3b9076be86f16a89009e6815f6d4b0717bc
                • Instruction ID: a9bf83bc0edee6923ec37ad1db2fcf52e7b9335a25d22ecf6a112b0f05e1af46
                • Opcode Fuzzy Hash: 3ecc30ccd35af531c766d3c012caf3b9076be86f16a89009e6815f6d4b0717bc
                • Instruction Fuzzy Hash: 40018536204209AFCF129F94D844EDA3F66FB4C768F068201FE1966220C732E971EB81
                Function 019CC0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 23eb2fdbd73b855a34ff8fdb20cef47613eaa5e5d2433cb3e0430d232f5c079e
                • Instruction ID: 110162abf9e7311cadb72c2a485eb9b39b8031ddc5018e5d4f172b5b0ba92b76
                • Opcode Fuzzy Hash: 23eb2fdbd73b855a34ff8fdb20cef47613eaa5e5d2433cb3e0430d232f5c079e
                • Instruction Fuzzy Hash: 93F0F0712043415BF218965A8C02F327ADAF7C4B52F69806EEB8D8B281E971D8018396
                Function 01A0656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 00c3add5d407fd6bcc0f4747207a31e9ea59b4a8eac5f9fcdcf2e2540cbc806b
                • Instruction ID: 90d1864fde11902824e7bd3c35c56eb21dcee1b56e95143e0199971d96e3ac0f
                • Opcode Fuzzy Hash: 00c3add5d407fd6bcc0f4747207a31e9ea59b4a8eac5f9fcdcf2e2540cbc806b
                • Instruction Fuzzy Hash: 6101AF706047859FF3239B3CDE48B253BE8BB88B08F4C0190BA059BAD6E729F4428610
                Function 01A7437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: 7d09e3b273c34de4f2e4b2edb224640431bc32b0b7b885b5e9c45b8705d5d751
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: EEF0E936345E1357E736AB2D9C20B3AB6959FD4A00B05052C960DCB6C0DF20DD009790
                Function 01A5C89D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8ea34f592209921a51b9a0321e415125e724dba15398e01ff6d2ed0c09c01356
                • Instruction ID: 22743473e20b1cbc61ebf48b69c22fcc3d4ee4b75a79b6f7d06c56d273ca6f2e
                • Opcode Fuzzy Hash: 8ea34f592209921a51b9a0321e415125e724dba15398e01ff6d2ed0c09c01356
                • Instruction Fuzzy Hash: 4AF0C2706093049FC310EF28C546A2BB7E8FF98720F40465ABC98DB398E634EA01C796
                Function 01A5E872 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction ID: b93674f0f018bd449aad0278c7742fb5e6d7a9b8ec5cfe0b8e974c88f2c4e238
                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction Fuzzy Hash: 3EF05433B195519BD3629B4DCC80F16F7B8AFD5A60F190065AE099B660C770ED1187D0
                Function 01A00854 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction ID: 7e00cd3a12d43d1da3d55e00088863cd2d8d71591412b5a5c35a76d483a76967
                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction Fuzzy Hash: 85F02472600200AFF316DB21CD04F56B6E9FF99340F188078A544C71A0FAB0EE00C654
                Function 0040AA86 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2302720727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_400000_wN7EPNiHSM.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14e7f06b814caee567c152a8af13d6254212ff5d26f3838a7bba3a4efd16b11c
                • Instruction ID: fc16cbaa5a542503e1a7dd2e9938927c6a2fd267ce64b47daeb517aea2116c85
                • Opcode Fuzzy Hash: 14e7f06b814caee567c152a8af13d6254212ff5d26f3838a7bba3a4efd16b11c
                • Instruction Fuzzy Hash: FCF0596392D65683EF11C93899E86D16F519BA372432C0F69C8C0A32C6D2219565CA5A
                Function 01A5C912 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c8924a0b175ba4fa067d71196ec5f3f7fcd211434803970299ca08ac941de769
                • Instruction ID: 1fb9754f630ce3c5e213a3335178df509d23fbbec8e99a03f0d33635a06dad12
                • Opcode Fuzzy Hash: c8924a0b175ba4fa067d71196ec5f3f7fcd211434803970299ca08ac941de769
                • Instruction Fuzzy Hash: F3F06274A0124DDFCB04EF69C615A6EB7F8FF58300F008055B955EB389DA38EA01CB54
                Function 019D47FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7105d4b6d44a6cb99f3438050c224804fedfa3735888f71c3282f5a40d2a03b2
                • Instruction ID: d79a8d23812008a759697d037f644c2e844cf5acf013ddac72c1e15a885477a1
                • Opcode Fuzzy Hash: 7105d4b6d44a6cb99f3438050c224804fedfa3735888f71c3282f5a40d2a03b2
                • Instruction Fuzzy Hash: 88F0B4319167E19FE732CB9CC049F61BBDC9B006A1F08C96AD54DC7D02C774D880CA52
                Function 01A90115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b69394d456ad238d9874ff449af8cc9ca112ddd2b8bb01a0162622818135fc18
                • Instruction ID: c22d570f821edd0e16d66f48633c131ef5e3cac91147daca4d7be8b1c64a1c72
                • Opcode Fuzzy Hash: b69394d456ad238d9874ff449af8cc9ca112ddd2b8bb01a0162622818135fc18
                • Instruction Fuzzy Hash: 36F027EE4167810ECF32AB2C66502D17FA8A741550F291049D4A8D7305C67488C3C320
                Function 01A0C5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6c3015665bb8a91cdbbed5a0328dd669e3f4471bbe18941f38ebf126826cf5e
                • Instruction ID: 1c48447a547a9251fa2c8df9b95e5248937f07c45e61d5b005721c5e8f7275f8
                • Opcode Fuzzy Hash: d6c3015665bb8a91cdbbed5a0328dd669e3f4471bbe18941f38ebf126826cf5e
                • Instruction Fuzzy Hash: 41F052714026809FE333875CE908B11BBE4AB007B0F0CB6A1D806C3186C360F880CA40
                Function 01A12619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: 14f2caa0c4b491a48d287b58a3907f4ae99617567fd02ba540076e32707591db
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: 71E0D8323006016BE7129F59CDC4F5777AEDFD2B14F15047EB5045F295C9E2DC0986A4
                Function 01A66030 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction ID: d1e543c6045974f97523753eb6cf45966ba1f98754ac246b895b0e45816a14aa
                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction Fuzzy Hash: 1BF01C72104204AFE3218F09D944B92BBFCEB45365F56C039E6099B561D379EC40CBA4
                Function 019D0710 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction ID: 162aeae0505ce24a1ced9e244774c29d36fa706026dbffbb5b2a0577073021e3
                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction Fuzzy Hash: 20F0E5392043559BDB16DF5AC440AA57BE4FB45350F054494F85A8F311E731EA81CB90
                Function 01A049D0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction ID: c9c55366610211ae8ad05810a3195053c1fc91e397bf24d3dccfd29696bb7bea
                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction Fuzzy Hash: 22E0D832244145AFD7232A59E804B667FA5FBD87A0F160429E7048B1D0DB74DCC0D7D8
                Function 01A7678E Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction ID: fb0c1e2d4b4ef26ce3320648b65967e5c8b9e250a19de0c2b21f147d129dfafc
                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction Fuzzy Hash: 91E0D833600510BBEB229759CD05F9ABEADDB94F90F050054B604D70D0D530DE04D690
                Function 01AA08C0 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction ID: 47c3c6cc89aa0560d05797adcc0f1572f7b4cf02b466b530eeda0ddbb224b2d0
                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction Fuzzy Hash: 5DE09B316403509BCB268B2DC240A53B7E8DFA9660F55806DE90547612C331F842C6D4
                Function 019D25E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 1e9621770e95ee4c3940e00f6465787d9f56dc5e683bf0cad6b1681267027987
                • Instruction ID: f4c51a8dec35cf19828335aabc189e2f57bd38bcb861c82b27aa0f0051f87d4b
                • Opcode Fuzzy Hash: 1e9621770e95ee4c3940e00f6465787d9f56dc5e683bf0cad6b1681267027987
                • Instruction Fuzzy Hash: 22E09232100A549BC322FB2ADD01F9A77AAEFA0760F114515B11957190CA30A910C794
                Function 01A8A456 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction ID: d19c2e61d72dda740760aa2f4c0d13d0c6212ade401ec7187a019fed586a03bf
                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction Fuzzy Hash: D1E09231010A11DFEB327F2ED908B527BE1BF90711F148C2EA19A024F1C775D8D0CA40
                Function 01A54000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: 2ea5a4e5c1a0685183668dfdd27eac26322c8c89728429a0823ece3b46a5f866
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: 9CE0C2343043058FE755CF19C044B627BB6BFD9A20F28C068A9488F209EB36E882CB40
                Function 01A0CA38 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 231d90a4d2b58e04b4a032ffc92b1095ea5a0f0982d95425d8e9cdfb81285d83
                • Instruction ID: 13b5fedf0ac835acf67d6984c4339497343d7492c2d30a4683d9129ee1e35f36
                • Opcode Fuzzy Hash: 231d90a4d2b58e04b4a032ffc92b1095ea5a0f0982d95425d8e9cdfb81285d83
                • Instruction Fuzzy Hash: 88D0C2328810207ACB27E219BC08FA32A9B9B80330F0648A0F108920A5D524CCC182D4
                Function 019C823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: 7fd52534fdad8e0f142b4c7694efcb84f94a586348d2488ce0fd9745cc5f18e3
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: 61E08C31404A20EFDB322F29DD08F5176A6FB94F90F20482EE08A1A0A88670A881DA65
                Function 019D2050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 25cf2eb460afcd4294fbad8cd20d00c905e66cd970c6e1e336fb980638ab3c45
                • Instruction ID: 79e28e0b0965c5b5c485a28b88de5879cedca6e44f0ee143f328f73c23778e0f
                • Opcode Fuzzy Hash: 25cf2eb460afcd4294fbad8cd20d00c905e66cd970c6e1e336fb980638ab3c45
                • Instruction Fuzzy Hash: 03E0C2321005506BC312FB5EDD00F5A739EEFE4660F004121F15987694CA30ED01C794
                Function 01A08A90 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction ID: e7c64e4115b485b0adfe7322a691e4c2a6c55d16f88f1055140e20cd20dc4edd
                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction Fuzzy Hash: 0EE08633511A1487C729DE18D511B7277A4EF45720F09463EA613477C1C534E544C798
                Function 01A26AA4 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction ID: 4685b1e2437bf77a398a1944909ccf84c0ab11afda68abbb7e9b7985cf5bd579
                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction Fuzzy Hash: 38D05E36511A50AFC3329F1BEA04D13BBF9FBC4A10705066EE94A83920C670E806CBA0
                Function 01A0E59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: 9df039b464ff1b976bbce8221027b642d40654b5cdbe1a2c828cba41aa6fb759
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: E3D0A932614A20ABD732AA1CFC04FC333E8BB88724F160499B009C7050C360EC81CA84
                Function 01A4E908 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction ID: f133d3b665eea75f8416d4a3db89e213eeb6394664a76d10f2750388251f6ff6
                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction Fuzzy Hash: BBE0EC359506849BDF16DF59C644F5ABBF5BBD4B40F150458A5089B661C628E900CB40
                Function 019CA0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: 0028fedbbe370b85749f61e6f5bc77e78f251400121e5a086f0ad0ee915083a8
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: 9BD0223222603093CB299655AC04F636A09ABC1EE0F0A006C380F93800C0048C42C3E0
                Function 01A0A830 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction ID: a33200c4a82aee261f1891fb215c6884b869e2098fef3eece88eb03a27697ffe
                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction Fuzzy Hash: 47D012371E054DBBCB129F66DC01F957BA9E7A4BA0F444020B909875A0C63AE960D584
                Function 01A0CA24 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab3a3cc40d61fcec61b84f04dde372d0bccbf6ac007074135f1f1296ccac2ab6
                • Instruction ID: fcc9525469e77d1f2f90586f375afde46491bd5e9ebdfde0bc6af4a1cd63eea9
                • Opcode Fuzzy Hash: ab3a3cc40d61fcec61b84f04dde372d0bccbf6ac007074135f1f1296ccac2ab6
                • Instruction Fuzzy Hash: D2D05234A910028BDF2BCB88EA18A2A3AB1EB90640F4000A8EA0192121E328D8028A20
                Function 019E02A0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction ID: a28269fb01b0f7523f4fc309aaa119e2284b1cf8432a6104d4c5514376e438f0
                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction Fuzzy Hash: E9D0C935312E80CFD61BCB0CC5A8B1533F8BB84B45F894490F445CBB22D66CD940CE00
                Function 01A0C700 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction ID: b5a688173544c1fd971d739333f378d936c97ee034a99e3ea4734ff8c9e36da3
                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction Fuzzy Hash: 4BC012322A0648AFC712AA99CD01F027BA9EBA8B40F000061F6098B670C631E920EA84
                Function 019F0310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: ec3af2d5b24b329244cd678ef241ecd024ff8d004d8abae799c4d2078aaba494
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: EDD01236100249EFCB01DF41C890D9A772BFBD8710F148019FD19076118A71ED62DB50
                Function 019D0750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: e2d6acd51271c911bdce7e1a30a842843f8f000fd9926f060a8d04ba24dd2c40
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: E3C04879701A468FDF16DB6ED298F5977E4FB88740F1508D0E809CBB22E624E981CA10
                Function 01AA4DAD Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                • Instruction ID: 2f24718f37a4badea1b98f29dacf6b6735039d24ce73ff91a84609769d3c428c
                • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                • Instruction Fuzzy Hash: E6B01232212545DFC7026720CB00B5836A9BF417C0F0900F4660489830D618C910E601
                Function 01A14340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a3ffc2697202d694792fe6077befce8c4746b20c8159f1eeeb0e20062ebb96e
                • Instruction ID: fc0a4f2881b12e04eef405cfb700dd07ccabd0d03691fceadb6a6e9396209222
                • Opcode Fuzzy Hash: 5a3ffc2697202d694792fe6077befce8c4746b20c8159f1eeeb0e20062ebb96e
                • Instruction Fuzzy Hash: B7900231605810129140715C48855464045A7E0301F56C011F0424554CCE188A565361
                Function 01A14650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29c6f2725fb970330c1dea2e231e14a0548d6ccf73e38100edb4f4717daafc75
                • Instruction ID: 6e039442860261d0049e0ee947e49f1616c05b55b675fb307b7b539754be5e7b
                • Opcode Fuzzy Hash: 29c6f2725fb970330c1dea2e231e14a0548d6ccf73e38100edb4f4717daafc75
                • Instruction Fuzzy Hash: 74900471701510434140715C4C054077045F7F13017D7C115F0554570CCF1CCD55D37D
                Function 01A12BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 07c9f6f162c759d50bcb7965a7478ce140cfa11e0f6b6af12b7e7b91252a2798
                • Instruction ID: fba7e48a5bf14029dd30b8859f313e37a3817942048418855bacff8f2f47239a
                • Opcode Fuzzy Hash: 07c9f6f162c759d50bcb7965a7478ce140cfa11e0f6b6af12b7e7b91252a2798
                • Instruction Fuzzy Hash: 9090023160541802D150715C4415746004597D0301F56C011F0024654DCB598B5577A1
                Function 01A12B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: afe55e8dad4efdb20360f9f249354fff5a6945dd0972ce6c64340957ddfe08b2
                • Instruction ID: 6bd910a1c737f45d9588405c1d04ad27822f4bd5f66954f8c2c26c9ef126734a
                • Opcode Fuzzy Hash: afe55e8dad4efdb20360f9f249354fff5a6945dd0972ce6c64340957ddfe08b2
                • Instruction Fuzzy Hash: EC90023120141802D104715C4805686004597D0301F56C011F6024655EDA6989917231
                Function 01A12BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28d0648a945eb590a3a997eee2f14eb5d8fccc6381083d5e5b7d4417c8b0791d
                • Instruction ID: cfb8622dc95684d6092bf8d0c00b9ed58d9d779a61f55e932b8716ad2e9f074b
                • Opcode Fuzzy Hash: 28d0648a945eb590a3a997eee2f14eb5d8fccc6381083d5e5b7d4417c8b0791d
                • Instruction Fuzzy Hash: 6F90023120545842D140715C4405A46005597D0305F56C011F0064694DDA298E55B761
                Function 01A12BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 92dedd6702eb8ad2caae876ab8f71e3ff27e88b093f6378cee5cf59b4ead6dde
                • Instruction ID: e0321f9a72b59e39f9df2f21ec1500eaacf6fb0962d4f700dc14f9a4f36017b4
                • Opcode Fuzzy Hash: 92dedd6702eb8ad2caae876ab8f71e3ff27e88b093f6378cee5cf59b4ead6dde
                • Instruction Fuzzy Hash: 5E90023120141802D180715C440564A004597D1301F96C015F0025654DCE198B5977A1
                Function 01A12AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bc6f00c72a6a8dba32412eaa9336e114d07b188917990f4a0f8148e62a5cfb34
                • Instruction ID: ade9a265c4d91892c9d0df6b92b263c737fcefc551e73b9b36c11ecaf3dce877
                • Opcode Fuzzy Hash: bc6f00c72a6a8dba32412eaa9336e114d07b188917990f4a0f8148e62a5cfb34
                • Instruction Fuzzy Hash: 249002A1201550924500B25C8405B0A454597E0201F56C016F1054560CC92989519235
                Function 01A12AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a7e3de754d0f6296115a81baf6ced98ff8bb682dc049cd9d181bcfc5c519f01
                • Instruction ID: d3bf75c02e9f0caa84550639d6f0783d4376a3c1e9a18fc561dad4a328e631dc
                • Opcode Fuzzy Hash: 4a7e3de754d0f6296115a81baf6ced98ff8bb682dc049cd9d181bcfc5c519f01
                • Instruction Fuzzy Hash: 24900225221410020145B55C060550B0485A7D6351796C015F1416590CCA2589655321
                Function 01A12AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d72e97ccb07fd19ad8c488303fe99dae00dee62e2d62eb546cea2e8a6a41711
                • Instruction ID: 90e6df70d615d200e73efb95b91fc48b5f557ef9505b2199193e9cf564ee93dd
                • Opcode Fuzzy Hash: 0d72e97ccb07fd19ad8c488303fe99dae00dee62e2d62eb546cea2e8a6a41711
                • Instruction Fuzzy Hash: 07900435311410030105F55C070550700C7D7D5351757C031F1015550CDF35CD715331
                Function 01A12DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9205ed9e4a61f54e1f860aa1bc23b530707369c245c388bb35961aa92667131d
                • Instruction ID: f32e5906bfd44787a3ffd78fbba5a1f87832a23ab147cc8be6d0501952ae94c7
                • Opcode Fuzzy Hash: 9205ed9e4a61f54e1f860aa1bc23b530707369c245c388bb35961aa92667131d
                • Instruction Fuzzy Hash: FC90023124141402D141715C44056060049A7D0241F96C012F0424554ECA598B56AB61
                Function 01A12DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f7e01e8e5898797a2ac2b550f421316ffdf81120d38af183e153805c9866dd18
                • Instruction ID: 770607b89cb1d8e5cf1e2e9ab25005bd287fc59c147018fa187cabc64564a377
                • Opcode Fuzzy Hash: f7e01e8e5898797a2ac2b550f421316ffdf81120d38af183e153805c9866dd18
                • Instruction Fuzzy Hash: BE900221242451525545B15C44055074046A7E0241B96C012F1414950CC92A9956D721
                Function 01A12D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4746bbf8b64e6b262028aa86bf036786b36fe6f1a0e8198f280b3f29dedaa6e3
                • Instruction ID: 826481beae15e9936a3572c672128fd81ae513b99ff6451a9fb86bb23e1aa87b
                • Opcode Fuzzy Hash: 4746bbf8b64e6b262028aa86bf036786b36fe6f1a0e8198f280b3f29dedaa6e3
                • Instruction Fuzzy Hash: 0A90043130141003D140715C541D7074045F7F1301F57D011F0414554CDD1DCD575333
                Function 01A12D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 75c481a6cca5fd0ab6368367e2aafa229a0fd164648080ad119f00324f18a7b7
                • Instruction ID: a82bf03dd9db71b6ba4ea4b61805fe300238a58e542b91503188afedf59a29cd
                • Opcode Fuzzy Hash: 75c481a6cca5fd0ab6368367e2aafa229a0fd164648080ad119f00324f18a7b7
                • Instruction Fuzzy Hash: D890022120545442D100755C5409A06004597D0205F56D011F1064595DCA398951A231
                Function 01A12D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b7b90f9d917314b54feec6deb1393c39ac5796fe6cee8b544da2d827f794319
                • Instruction ID: bc64aa762b1a8d8b5022ce0e3faced874df0ee9d6531e115b91ed1f636a00dbd
                • Opcode Fuzzy Hash: 3b7b90f9d917314b54feec6deb1393c39ac5796fe6cee8b544da2d827f794319
                • Instruction Fuzzy Hash: 9A90022921341002D180715C540960A004597D1202F96D415F0015558CCD1989695321
                Function 01A12CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c7b3c0c98597f21ba9864a60ec2a296f246198718688d9cd141983d4610d57dd
                • Instruction ID: aafaebe98ab865f26c8d3560bd1308562121a820fac448a59a9e333e02d131c2
                • Opcode Fuzzy Hash: c7b3c0c98597f21ba9864a60ec2a296f246198718688d9cd141983d4610d57dd
                • Instruction Fuzzy Hash: 5490023120141402D100759C5409646004597E0301F56D011F5024555ECA6989916231
                Function 01A12CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0e6ecc2bb02f7dfbf1aacdad26f5d2cc419f6292fe1d3189e8d7baa1f86d17a
                • Instruction ID: f62dc6212c48e60b0185a2690bd3fb36149a448ca3c0a58988023f5a083983e0
                • Opcode Fuzzy Hash: b0e6ecc2bb02f7dfbf1aacdad26f5d2cc419f6292fe1d3189e8d7baa1f86d17a
                • Instruction Fuzzy Hash: 3290043130141403D100715C550D7070045D7D0301F57D411F043455CDDF5FCD517331
                Function 01A12CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2099fa2c5e721b6757ed6ef6b10a45d79dac611fa092adc70a7d675854df3eda
                • Instruction ID: 643aa390c5d55c63c6a195d6a2d9479fc3e44376b12c9af9e8ecb7cd2f339984
                • Opcode Fuzzy Hash: 2099fa2c5e721b6757ed6ef6b10a45d79dac611fa092adc70a7d675854df3eda
                • Instruction Fuzzy Hash: 1990043170541403D140715C541D7070055D7D0301F57D011F0034554DCF5DCF5577F1
                Function 01A12C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e754e3809155f984e4f056472263e2db117a3ab65f5a6e9114cac744fa1af835
                • Instruction ID: 9829dd7daf4367e791ffd3cf1c1206ef04f7b2f9bc3b897fef47fec2c1ad659c
                • Opcode Fuzzy Hash: e754e3809155f984e4f056472263e2db117a3ab65f5a6e9114cac744fa1af835
                • Instruction Fuzzy Hash: 3790023120141842D100715C4405B46004597E0301F56C016F0124654DCA19C9517621
                Function 01A12FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a97228bd1d06acf449f924fde5e160f25e1d78c5b418135fc35209c80f66952
                • Instruction ID: 52fb8ad2b7c9be93a6afa4aa0d5b1fdd3a6df24558d0445471dbe43797dfec30
                • Opcode Fuzzy Hash: 8a97228bd1d06acf449f924fde5e160f25e1d78c5b418135fc35209c80f66952
                • Instruction Fuzzy Hash: 6A90023120181402D100715C4809747004597D0302F56C011F5164555ECA69C9916631
                Function 01A12FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ac77a727269ea9b5a9cca6b511a181ad8eb0e7261587d357bc1796666c61afcc
                • Instruction ID: 2416565b4997bdf413c7acc7c098893cf8590a18b319b9fbea730f962c714536
                • Opcode Fuzzy Hash: ac77a727269ea9b5a9cca6b511a181ad8eb0e7261587d357bc1796666c61afcc
                • Instruction Fuzzy Hash: 08900221601410424140716C88459064045BBE1211B56C121F0998550DC95D89655765
                Function 01A12F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02e1c56ef6d94188c5a6dc2371a96a44d21a4c4329997a6f076f46293a46951f
                • Instruction ID: 757211ee72f75a0d3459ea73c1df774060e782728bbab2e826ca1d360f03a45d
                • Opcode Fuzzy Hash: 02e1c56ef6d94188c5a6dc2371a96a44d21a4c4329997a6f076f46293a46951f
                • Instruction Fuzzy Hash: 1390023120181402D100715C481570B004597D0302F56C011F1164555DCA2989516671
                Function 01A12FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51b97434bdd452f77618d8f5c1486ed7a99534ec7f81aec2a0b719466c6ee218
                • Instruction ID: a5e67eb1c5163bba4494b122da34881b852197f6589a49b66b98b2aa4f4f1adf
                • Opcode Fuzzy Hash: 51b97434bdd452f77618d8f5c1486ed7a99534ec7f81aec2a0b719466c6ee218
                • Instruction Fuzzy Hash: 60900221211C1042D200756C4C15B07004597D0303F56C115F0154554CCD1989615621
                Function 01A12F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9cf8e6ef86fd41119ec52dacca1c1d23b5d003aa3f9674becffec5d1c00965b2
                • Instruction ID: 6db034e412d4ba899734af5e20761986906b077fd12d1baa48b5918f2eee5dde
                • Opcode Fuzzy Hash: 9cf8e6ef86fd41119ec52dacca1c1d23b5d003aa3f9674becffec5d1c00965b2
                • Instruction Fuzzy Hash: CF90026134141442D100715C4415B060045D7E1301F56C015F1064554DCA1DCD526226
                Function 01A12F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 88621316266c890bacf303aa01ecf0401e52cf4593b189b6ab021171f97b5e07
                • Instruction ID: 74b90cff64a902b4d74ff22b1581a5c2eb2ad6899bfdbb0a9170c3e5a37b7d16
                • Opcode Fuzzy Hash: 88621316266c890bacf303aa01ecf0401e52cf4593b189b6ab021171f97b5e07
                • Instruction Fuzzy Hash: 2990047131141043D104715C440570700C5D7F1301F57C013F3154554CCD3DCD715335
                Function 01A12EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd111f96f201ad26e3a965c5466cf9a2983aa0d9ef45e3579ebe18e7cb175959
                • Instruction ID: 314ee54f617832f774cac92994b0029738a55e78c89a5912a50e2de1e1ef852a
                • Opcode Fuzzy Hash: cd111f96f201ad26e3a965c5466cf9a2983aa0d9ef45e3579ebe18e7cb175959
                • Instruction Fuzzy Hash: 7590047130141403D140715C44057470045D7D0301F57C011F5074554FCF5DCFD57775
                Function 01A12E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfbc943052fcb55ded9a94633ff6369edd7f9d3cd70e2bb11e35c9869ff8d8e2
                • Instruction ID: 3b7d318d5064dfd4efbd1c23aafc8146f9f4f4d48695fd61c6a7b9baec3fa9fd
                • Opcode Fuzzy Hash: cfbc943052fcb55ded9a94633ff6369edd7f9d3cd70e2bb11e35c9869ff8d8e2
                • Instruction Fuzzy Hash: 3090022160141502D101715C4405616004A97D0241F96C022F1024555ECE298A92A231
                Function 01A12EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4fa0069bdc4fcbe1e3e614b8c926d174412a22f8c38c9a059d7900f665cc51b6
                • Instruction ID: 52ef63162ec94b73908280b778e9fd3d014845f635a09b4dbbfd0074aad433d8
                • Opcode Fuzzy Hash: 4fa0069bdc4fcbe1e3e614b8c926d174412a22f8c38c9a059d7900f665cc51b6
                • Instruction Fuzzy Hash: 7F90026120181403D140755C4805607004597D0302F56C011F2064555ECE2D8D516235
                Function 01A12E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2a85c1ca4a4687ec8c3a50288172fc323b6fd641ea47fd5ea300b943b9ecf47
                • Instruction ID: 99a865f107ddf20b90f3d4d282dd2e0fe28b844146a218f37322ad228f8d8327
                • Opcode Fuzzy Hash: e2a85c1ca4a4687ec8c3a50288172fc323b6fd641ea47fd5ea300b943b9ecf47
                • Instruction Fuzzy Hash: 1D90022130141402D102715C44156060049D7D1345F96C012F1424555DCA298A53A232
                Function 01A13090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 676410da331512bd0951752249a1c05811fa354d23ff173ef2050abad66ee675
                • Instruction ID: 0e2d79448857559d4cb88a1adfe0cd786641b9cad91464c941836b638b535d1d
                • Opcode Fuzzy Hash: 676410da331512bd0951752249a1c05811fa354d23ff173ef2050abad66ee675
                • Instruction Fuzzy Hash: FE90022124141802D140715C84157070046D7D0601F56C011F0024554DCA1A8A6567B1
                Function 01A13010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 21af0aea71ac2e9d1e228a8781609478148943dc078df0686af157652c9c996d
                • Instruction ID: 51430c34ba6ef01581c7930368c3e2d044393060fa32f546b53b6bef0e9de4f8
                • Opcode Fuzzy Hash: 21af0aea71ac2e9d1e228a8781609478148943dc078df0686af157652c9c996d
                • Instruction Fuzzy Hash: 4290022120185442D140725C4805B0F414597E1202F96C019F4156554CCD1989555721
                Function 01A139B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ec38dfdf4863d4bf4921dc8911603cba073251286a07eb9014e55cfd8bd03a22
                • Instruction ID: 61e7604a454f1a5b742f8bdb515767e0ec1210fc9062086ac33268efb1e3555e
                • Opcode Fuzzy Hash: ec38dfdf4863d4bf4921dc8911603cba073251286a07eb9014e55cfd8bd03a22
                • Instruction Fuzzy Hash: 5E90022124546102D150715C44056164045B7E0201F56C021F0814594DC95989556321
                Function 01A13D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ada4db7974c154924c3399057640e651e4c9094273534fc89c9685d272fa8bb
                • Instruction ID: ce92a28225be76946e531115ee90f4040f11455e3b9757cbc9f0af93487faea7
                • Opcode Fuzzy Hash: 5ada4db7974c154924c3399057640e651e4c9094273534fc89c9685d272fa8bb
                • Instruction Fuzzy Hash: 1B900231202411429540725C5805A4E414597E1302F96D415F0015554CCD1889615321
                Function 01A13D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8ae52860214d9ecbd0909312d767c4d4f2d8f65755394e700414e96dab89c596
                • Instruction ID: 15b0083f7d1f46160f3c51215ef0efc3b766a8afeb1f9fa1fefc258a9fb43c7c
                • Opcode Fuzzy Hash: 8ae52860214d9ecbd0909312d767c4d4f2d8f65755394e700414e96dab89c596
                • Instruction Fuzzy Hash: AC90023520141402D510715C5805646008697D0301F56D411F0424558DCA5889A1A221
                Function 01A12C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: a97d8c90dfa3e1a9e16978671afeb0d1d11322fde2f13f2bf7548eaa18942065
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 01A12890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: f23705a2778caebd2fd550988282b2023890c7dd1cd6d94cb770af21aa92fb7b
                • Instruction ID: 9da5e5d859cf56466b34b19250f2271db6b829a39fec1365c4d9aaac5eaae8b1
                • Opcode Fuzzy Hash: f23705a2778caebd2fd550988282b2023890c7dd1cd6d94cb770af21aa92fb7b
                • Instruction Fuzzy Hash: B1510BB5A04116BFDB11DFACCA90A7EFBB8BB48240764C12AF4A9D7645D334DE0087E0
                Function 01A82410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 08aff5b2fb936f6d9d5ea1181f4ea51a87b418e1a59109a8e5056aecfe543498
                • Instruction ID: 3c78b6d5b3ea40d978aebea6979ff1535c6880f56baee148499fa5df3412e4d2
                • Opcode Fuzzy Hash: 08aff5b2fb936f6d9d5ea1181f4ea51a87b418e1a59109a8e5056aecfe543498
                • Instruction Fuzzy Hash: 54510775A40645AEDB34EF6CC990A7FBBF8EF44200B44846EE4D6D7642D674DA40C770
                Function 01A07630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • ExecuteOptions, xrefs: 01A446A0
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01A44725
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01A446FC
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01A44742
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01A44655
                • Execute=1, xrefs: 01A44713
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01A44787
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 11990e0af913ab8c30fee699b9cdb3bc76e1e185d037ea92ba38979d8ac0142a
                • Instruction ID: c95f8afdcc1bb63f5901dc6fc06aafa82f499b5e1f293fa0fe32bcfed6f516ce
                • Opcode Fuzzy Hash: 11990e0af913ab8c30fee699b9cdb3bc76e1e185d037ea92ba38979d8ac0142a
                • Instruction Fuzzy Hash: 65512971600219ABEF12EBE9ED95FBE77B8AF58340F1400A9E606A71C1D770AA458F50
                Function 01A1B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: 121c87826b776d0e8638f422f1d1dab56420ac38766706c5f75dfe37fda1e304
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 8E81CE70E062498EEF25CF6CC8907FEBBB2AF55720F1C451AE861A7299C7348840CB71
                Function 01A820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: 824a26d4c717123fb8a80a6b3253e4dfa87499fcf3fc74003e275e7ae974bddb
                • Instruction ID: 140028b690739e5b09da09d9e1f6765508f9a1cd656d1fdfa14e22a6cfed82f9
                • Opcode Fuzzy Hash: 824a26d4c717123fb8a80a6b3253e4dfa87499fcf3fc74003e275e7ae974bddb
                • Instruction Fuzzy Hash: E721627AA00219ABDB11EF79CD40BFEBBF9EF54650F54011AE905E3204E734DA11CBA1
                Function 019FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Re-Waiting, xrefs: 01A4031E
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01A402E7
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01A402BD
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 2a1a8000d2a09dcc020bda3e5b686c773cc47f981f3a84b396ee9533295d6612
                • Instruction ID: e112bce265f16297322733d104f6d013948d462378df7da773b32090b7c293b2
                • Opcode Fuzzy Hash: 2a1a8000d2a09dcc020bda3e5b686c773cc47f981f3a84b396ee9533295d6612
                • Instruction Fuzzy Hash: 82E1C072604741AFD725CF28C984B6ABBE4BF88714F140A5DF6A9CB2E1D774E844CB42
                Function 01A0BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Re-Waiting, xrefs: 01A47BAC
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01A47B7F
                • RTL: Resource at %p, xrefs: 01A47B8E
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: fc56a1fe3f10a0a0c07c32a091f3e3973cb187708f3e76c613ccbb7370070659
                • Instruction ID: af80285f56fa0de73bac64e1eaad07de98a1d7a2bb596b1edbd2ac078dc702c1
                • Opcode Fuzzy Hash: fc56a1fe3f10a0a0c07c32a091f3e3973cb187708f3e76c613ccbb7370070659
                • Instruction Fuzzy Hash: E64124753047028FD726DF29DA40B6AB7E5EF88710F100A1DFA5ADB2C0DB31E8058BA1
                Function 01A0B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A4728C
                Strings
                • RTL: Re-Waiting, xrefs: 01A472C1
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01A47294
                • RTL: Resource at %p, xrefs: 01A472A3
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 2c6c65d682af8360955a972a0a4f8e856a9e17b45bb06ea4cb68cd028ca879d2
                • Instruction ID: b2e8eab188037a644119bf9472fd6e6ea6916661b579c0f29f005f9a27c1afb0
                • Opcode Fuzzy Hash: 2c6c65d682af8360955a972a0a4f8e856a9e17b45bb06ea4cb68cd028ca879d2
                • Instruction Fuzzy Hash: FE410E75700242AFC721CF69CE41B6ABBA5FB94710F140619F955EB280DB32F8568BE1
                Function 01A82300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: 809fc2e0eca5bf45a5ef1134209b374b7a761b4d02266dccac6b10598daa5fac
                • Instruction ID: c352495096973105c4bbf6720f3d234b094b8a7e0471636164e478c6c7c4f4bb
                • Opcode Fuzzy Hash: 809fc2e0eca5bf45a5ef1134209b374b7a761b4d02266dccac6b10598daa5fac
                • Instruction Fuzzy Hash: 32315476A002199FDB20EF2DCD50BFEB7F8EF54650F84455AE949E3240EB309A45CBA1
                Function 01A17D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: 00b67d8c1fb708fe9b4328deff444eb7c8b11b74cf7230780e1fbf007116c683
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: 9991B171E0021A9AEB24CFADC880ABFBBB5AF44320F68551AE955E72C8D7349940CB51
                Function 019D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: 069c9fc34bb96864f3acd27c68c63dda1179f1a17b985ad296682d90f5bd555f
                • Instruction ID: 9039a424e9aa4c58d3df538349283c772b450d75f1d165bcd452734908ce2eb3
                • Opcode Fuzzy Hash: 069c9fc34bb96864f3acd27c68c63dda1179f1a17b985ad296682d90f5bd555f
                • Instruction Fuzzy Hash: 21810B75D002699BDB31DB64CC45BEAB7B8AF48714F0441EAAA1DB7280D7709E85CFA0
                Function 01A5CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                Download Yara Rule
                APIs
                • @_EH4_CallFilterFunc@8.LIBCMT ref: 01A5CFBD
                Strings
                Memory Dump Source
                • Source File: 00000004.00000002.2303321047.00000000019A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019A0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_4_2_19a0000_wN7EPNiHSM.jbxd
                Similarity
                • API ID: CallFilterFunc@8
                • String ID: @$@4rw@4rw
                • API String ID: 4062629308-2979693914
                • Opcode ID: f127826e4685a43c7dbe960c67c6ea3af221df5a3f146a9377991400717322ff
                • Instruction ID: 66f9f3e056eb82f7aa73769dd118eeccec379bff497d06a3803c62a2cebbbf08
                • Opcode Fuzzy Hash: f127826e4685a43c7dbe960c67c6ea3af221df5a3f146a9377991400717322ff
                • Instruction Fuzzy Hash: 3D41BE75904215EFDB229FA9C940AADBBF8FF54B20F04442EED06DB258D734C901CB61