Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ztcrKv3zFz.exe

Overview

General Information

Sample name:ztcrKv3zFz.exe
renamed because original name is a hash value
Original sample name:2e0e7afdab8ca0ee49b2e3df7d9c8c3ff3f38d615fa114bd9dd06b8705842d5b.exe
Analysis ID:1588229
MD5:65181f8c69d2bee406d2e629424d2cb8
SHA1:48c68f17a383fd6c1127fd680c5a8e7945874676
SHA256:2e0e7afdab8ca0ee49b2e3df7d9c8c3ff3f38d615fa114bd9dd06b8705842d5b
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ztcrKv3zFz.exe (PID: 7400 cmdline: "C:\Users\user\Desktop\ztcrKv3zFz.exe" MD5: 65181F8C69D2BEE406D2E629424D2CB8)
    • ztcrKv3zFz.exe (PID: 7804 cmdline: "C:\Users\user\Desktop\ztcrKv3zFz.exe" MD5: 65181F8C69D2BEE406D2E629424D2CB8)
    • ztcrKv3zFz.exe (PID: 7816 cmdline: "C:\Users\user\Desktop\ztcrKv3zFz.exe" MD5: 65181F8C69D2BEE406D2E629424D2CB8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.1935670359.0000000000EE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.2.ztcrKv3zFz.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        5.2.ztcrKv3zFz.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: ztcrKv3zFz.exeVirustotal: Detection: 58%Perma Link
          Source: ztcrKv3zFz.exeReversingLabs: Detection: 86%
          Yara detected FormBook
          Source: Yara matchFile source: 5.2.ztcrKv3zFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.ztcrKv3zFz.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1935670359.0000000000EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: ztcrKv3zFz.exeJoe Sandbox ML: detected
          Source: ztcrKv3zFz.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: ztcrKv3zFz.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wCLu.pdbSHA256V source: ztcrKv3zFz.exe
          Source: Binary string: wntdll.pdbUGP source: ztcrKv3zFz.exe, 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wCLu.pdb source: ztcrKv3zFz.exe
          Source: Binary string: wntdll.pdb source: ztcrKv3zFz.exe, ztcrKv3zFz.exe, 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp
          Source: global trafficTCP traffic: 192.168.2.11:51745 -> 1.1.1.1:53
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: ztcrKv3zFz.exe, 00000000.00000002.3181579475.00000000025D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.2.ztcrKv3zFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.ztcrKv3zFz.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1935670359.0000000000EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0042CCB3 NtClose,5_2_0042CCB3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_010B2DF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_010B2C70
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B35C0 NtCreateMutant,LdrInitializeThunk,5_2_010B35C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B4340 NtSetContextThread,5_2_010B4340
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B4650 NtSuspendThread,5_2_010B4650
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2B60 NtClose,5_2_010B2B60
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2B80 NtQueryInformationFile,5_2_010B2B80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2BA0 NtEnumerateValueKey,5_2_010B2BA0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2BE0 NtQueryValueKey,5_2_010B2BE0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2BF0 NtAllocateVirtualMemory,5_2_010B2BF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2AB0 NtWaitForSingleObject,5_2_010B2AB0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2AD0 NtReadFile,5_2_010B2AD0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2AF0 NtWriteFile,5_2_010B2AF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2D00 NtSetInformationFile,5_2_010B2D00
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2D10 NtMapViewOfSection,5_2_010B2D10
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2D30 NtUnmapViewOfSection,5_2_010B2D30
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2DB0 NtEnumerateKey,5_2_010B2DB0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2DD0 NtDelayExecution,5_2_010B2DD0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2C00 NtQueryInformationProcess,5_2_010B2C00
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2C60 NtCreateKey,5_2_010B2C60
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2CA0 NtQueryInformationToken,5_2_010B2CA0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2CC0 NtQueryVirtualMemory,5_2_010B2CC0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2CF0 NtOpenProcess,5_2_010B2CF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2F30 NtCreateSection,5_2_010B2F30
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2F60 NtCreateProcessEx,5_2_010B2F60
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2F90 NtProtectVirtualMemory,5_2_010B2F90
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2FA0 NtQuerySection,5_2_010B2FA0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2FB0 NtResumeThread,5_2_010B2FB0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2FE0 NtCreateFile,5_2_010B2FE0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2E30 NtWriteVirtualMemory,5_2_010B2E30
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2E80 NtReadVirtualMemory,5_2_010B2E80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2EA0 NtAdjustPrivilegesToken,5_2_010B2EA0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2EE0 NtQueueApcThread,5_2_010B2EE0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B3010 NtOpenDirectoryObject,5_2_010B3010
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B3090 NtSetValueKey,5_2_010B3090
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B39B0 NtGetContextThread,5_2_010B39B0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B3D10 NtOpenProcessToken,5_2_010B3D10
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B3D70 NtOpenThread,5_2_010B3D70
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_00BB3E340_2_00BB3E34
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_00BBE1240_2_00BBE124
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_00BB6F900_2_00BB6F90
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_056A0BD40_2_056A0BD4
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_056A01200_2_056A0120
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_056A01300_2_056A0130
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_056A20F00_2_056A20F0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_057967B00_2_057967B0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_057967A30_2_057967A3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_070A87F80_2_070A87F8
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_070A43100_2_070A4310
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_070A4FE00_2_070A4FE0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_070A4FF00_2_070A4FF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_070A55000_2_070A5500
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_070A2C180_2_070A2C18
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_070A30700_2_070A3070
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_089E41170_2_089E4117
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_089E12400_2_089E1240
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_089E36680_2_089E3668
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_089E6D080_2_089E6D08
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_089E11F80_2_089E11F8
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_089E12300_2_089E1230
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0042F2535_2_0042F253
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_004022E05_2_004022E0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0041046B5_2_0041046B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_004104735_2_00410473
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_004025F05_2_004025F0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_00416DF35_2_00416DF3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_00416DAC5_2_00416DAC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0040E6735_2_0040E673
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_004106935_2_00410693
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_00402F255_2_00402F25
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_00402F305_2_00402F30
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0040E7C35_2_0040E7C3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0040E7B75_2_0040E7B7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010701005_2_01070100
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111A1185_2_0111A118
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011081585_2_01108158
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011341A25_2_011341A2
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011401AA5_2_011401AA
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011381CC5_2_011381CC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011120005_2_01112000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113A3525_2_0113A352
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011403E65_2_011403E6
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108E3F05_2_0108E3F0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011202745_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011002C05_2_011002C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010805355_2_01080535
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011405915_2_01140591
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011244205_2_01124420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011324465_2_01132446
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112E4F65_2_0112E4F6
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A47505_2_010A4750
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010807705_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107C7C05_2_0107C7C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109C6E05_2_0109C6E0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010969625_2_01096962
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A05_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0114A9A65_2_0114A9A6
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108A8405_2_0108A840
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010828405_2_01082840
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010668B85_2_010668B8
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE8F05_2_010AE8F0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113AB405_2_0113AB40
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01136BD75_2_01136BD7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA805_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108AD005_2_0108AD00
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111CD1F5_2_0111CD1F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01098DBF5_2_01098DBF
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107ADE05_2_0107ADE0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080C005_2_01080C00
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120CB55_2_01120CB5
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01070CF25_2_01070CF2
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01122F305_2_01122F30
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010C2F285_2_010C2F28
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A0F305_2_010A0F30
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F4F405_2_010F4F40
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FEFA05_2_010FEFA0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01072FC85_2_01072FC8
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108CFE05_2_0108CFE0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113EE265_2_0113EE26
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080E595_2_01080E59
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113CE935_2_0113CE93
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01092E905_2_01092E90
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113EEDB5_2_0113EEDB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B516C5_2_010B516C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106F1725_2_0106F172
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0114B16B5_2_0114B16B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108B1B05_2_0108B1B0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010870C05_2_010870C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112F0CC5_2_0112F0CC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113F0E05_2_0113F0E0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011370E95_2_011370E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113132D5_2_0113132D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106D34C5_2_0106D34C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010C739A5_2_010C739A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010852A05_2_010852A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109B2C05_2_0109B2C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011212ED5_2_011212ED
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011375715_2_01137571
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111D5B05_2_0111D5B0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113F43F5_2_0113F43F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010714605_2_01071460
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113F7B05_2_0113F7B0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010C56305_2_010C5630
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011316CC5_2_011316CC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011159105_2_01115910
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010899505_2_01089950
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109B9505_2_0109B950
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010ED8005_2_010ED800
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010838E05_2_010838E0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113FB765_2_0113FB76
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109FB805_2_0109FB80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010BDBF95_2_010BDBF9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F5BF05_2_010F5BF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01137A465_2_01137A46
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113FA495_2_0113FA49
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F3A6C5_2_010F3A6C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010C5AA05_2_010C5AA0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01121AA35_2_01121AA3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111DAAC5_2_0111DAAC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112DAC65_2_0112DAC6
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01083D405_2_01083D40
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01131D5A5_2_01131D5A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01137D735_2_01137D73
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109FDC05_2_0109FDC0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F9C325_2_010F9C32
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113FCF25_2_0113FCF2
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113FF095_2_0113FF09
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01081F925_2_01081F92
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113FFB15_2_0113FFB1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01089EB05_2_01089EB0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: String function: 010C7E54 appears 108 times
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: String function: 010FF290 appears 105 times
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: String function: 010EEA12 appears 86 times
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: String function: 010B5130 appears 58 times
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: String function: 0106B970 appears 280 times
          Source: ztcrKv3zFz.exe, 00000000.00000002.3183000004.0000000003619000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs ztcrKv3zFz.exe
          Source: ztcrKv3zFz.exe, 00000000.00000002.3183000004.0000000003619000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs ztcrKv3zFz.exe
          Source: ztcrKv3zFz.exe, 00000000.00000000.1334828299.0000000000182000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewCLu.exeJ vs ztcrKv3zFz.exe
          Source: ztcrKv3zFz.exe, 00000000.00000002.3180528923.000000000083E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ztcrKv3zFz.exe
          Source: ztcrKv3zFz.exe, 00000000.00000002.3186558999.0000000008A20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs ztcrKv3zFz.exe
          Source: ztcrKv3zFz.exe, 00000000.00000002.3183000004.00000000035D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs ztcrKv3zFz.exe
          Source: ztcrKv3zFz.exe, 00000000.00000002.3185705639.0000000006D20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs ztcrKv3zFz.exe
          Source: ztcrKv3zFz.exe, 00000005.00000002.1935767401.000000000116D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ztcrKv3zFz.exe
          Source: ztcrKv3zFz.exeBinary or memory string: OriginalFilenamewCLu.exeJ vs ztcrKv3zFz.exe
          Source: ztcrKv3zFz.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: ztcrKv3zFz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal68.troj.evad.winEXE@5/1@0/0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ztcrKv3zFz.exe.logJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMutant created: NULL
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
          Source: ztcrKv3zFz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: ztcrKv3zFz.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: ztcrKv3zFz.exeVirustotal: Detection: 58%
          Source: ztcrKv3zFz.exeReversingLabs: Detection: 86%
          Source: unknownProcess created: C:\Users\user\Desktop\ztcrKv3zFz.exe "C:\Users\user\Desktop\ztcrKv3zFz.exe"
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess created: C:\Users\user\Desktop\ztcrKv3zFz.exe "C:\Users\user\Desktop\ztcrKv3zFz.exe"
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess created: C:\Users\user\Desktop\ztcrKv3zFz.exe "C:\Users\user\Desktop\ztcrKv3zFz.exe"
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess created: C:\Users\user\Desktop\ztcrKv3zFz.exe "C:\Users\user\Desktop\ztcrKv3zFz.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess created: C:\Users\user\Desktop\ztcrKv3zFz.exe "C:\Users\user\Desktop\ztcrKv3zFz.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: ztcrKv3zFz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: ztcrKv3zFz.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: ztcrKv3zFz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: wCLu.pdbSHA256V source: ztcrKv3zFz.exe
          Source: Binary string: wntdll.pdbUGP source: ztcrKv3zFz.exe, 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wCLu.pdb source: ztcrKv3zFz.exe
          Source: Binary string: wntdll.pdb source: ztcrKv3zFz.exe, ztcrKv3zFz.exe, 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp
          Source: ztcrKv3zFz.exeStatic PE information: 0xB9F48759 [Sat Nov 10 21:59:53 2068 UTC]
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 0_2_06D51F8F push ebp; retn 0000h0_2_06D51FEC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0040D8D0 pushad ; iretd 5_2_0040D8D1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_004031B0 push eax; ret 5_2_004031B2
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0040D3DE pushad ; retf 5_2_0040D3DF
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_00414C77 push es; iretd 5_2_00414C79
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_00415DE9 push ebp; iretd 5_2_00415E4B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0040E61C push es; retf 5_2_0040E61D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_00405F99 push edi; retf 5_2_00405F9A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010709AD push ecx; mov dword ptr [esp], ecx5_2_010709B6
          Source: ztcrKv3zFz.exeStatic PE information: section name: .text entropy: 7.623766480078115
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMemory allocated: BA0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMemory allocated: 25D0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMemory allocated: 2500000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMemory allocated: 8BF0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMemory allocated: 9BF0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMemory allocated: 9E10000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMemory allocated: AE10000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B096E rdtsc 5_2_010B096E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeThread delayed: delay time: 240000Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeAPI coverage: 0.6 %
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exe TID: 7436Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exe TID: 7420Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exe TID: 7436Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exe TID: 7820Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeThread delayed: delay time: 240000Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B096E rdtsc 5_2_010B096E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_00417D83 LdrLoadDll,5_2_00417D83
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01130115 mov eax, dword ptr fs:[00000030h]5_2_01130115
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111A118 mov ecx, dword ptr fs:[00000030h]5_2_0111A118
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111A118 mov eax, dword ptr fs:[00000030h]5_2_0111A118
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111A118 mov eax, dword ptr fs:[00000030h]5_2_0111A118
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111A118 mov eax, dword ptr fs:[00000030h]5_2_0111A118
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov eax, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov ecx, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov eax, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov eax, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov ecx, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov eax, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov eax, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov ecx, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov eax, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E10E mov ecx, dword ptr fs:[00000030h]5_2_0111E10E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A0124 mov eax, dword ptr fs:[00000030h]5_2_010A0124
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01108158 mov eax, dword ptr fs:[00000030h]5_2_01108158
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106C156 mov eax, dword ptr fs:[00000030h]5_2_0106C156
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076154 mov eax, dword ptr fs:[00000030h]5_2_01076154
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076154 mov eax, dword ptr fs:[00000030h]5_2_01076154
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01104144 mov eax, dword ptr fs:[00000030h]5_2_01104144
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01104144 mov eax, dword ptr fs:[00000030h]5_2_01104144
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01104144 mov ecx, dword ptr fs:[00000030h]5_2_01104144
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01104144 mov eax, dword ptr fs:[00000030h]5_2_01104144
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01104144 mov eax, dword ptr fs:[00000030h]5_2_01104144
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144164 mov eax, dword ptr fs:[00000030h]5_2_01144164
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144164 mov eax, dword ptr fs:[00000030h]5_2_01144164
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B0185 mov eax, dword ptr fs:[00000030h]5_2_010B0185
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F019F mov eax, dword ptr fs:[00000030h]5_2_010F019F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F019F mov eax, dword ptr fs:[00000030h]5_2_010F019F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F019F mov eax, dword ptr fs:[00000030h]5_2_010F019F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F019F mov eax, dword ptr fs:[00000030h]5_2_010F019F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106A197 mov eax, dword ptr fs:[00000030h]5_2_0106A197
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106A197 mov eax, dword ptr fs:[00000030h]5_2_0106A197
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106A197 mov eax, dword ptr fs:[00000030h]5_2_0106A197
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01114180 mov eax, dword ptr fs:[00000030h]5_2_01114180
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01114180 mov eax, dword ptr fs:[00000030h]5_2_01114180
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112C188 mov eax, dword ptr fs:[00000030h]5_2_0112C188
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112C188 mov eax, dword ptr fs:[00000030h]5_2_0112C188
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011361C3 mov eax, dword ptr fs:[00000030h]5_2_011361C3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011361C3 mov eax, dword ptr fs:[00000030h]5_2_011361C3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE1D0 mov eax, dword ptr fs:[00000030h]5_2_010EE1D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE1D0 mov eax, dword ptr fs:[00000030h]5_2_010EE1D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE1D0 mov ecx, dword ptr fs:[00000030h]5_2_010EE1D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE1D0 mov eax, dword ptr fs:[00000030h]5_2_010EE1D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE1D0 mov eax, dword ptr fs:[00000030h]5_2_010EE1D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011461E5 mov eax, dword ptr fs:[00000030h]5_2_011461E5
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A01F8 mov eax, dword ptr fs:[00000030h]5_2_010A01F8
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F4000 mov ecx, dword ptr fs:[00000030h]5_2_010F4000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01112000 mov eax, dword ptr fs:[00000030h]5_2_01112000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01112000 mov eax, dword ptr fs:[00000030h]5_2_01112000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01112000 mov eax, dword ptr fs:[00000030h]5_2_01112000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01112000 mov eax, dword ptr fs:[00000030h]5_2_01112000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01112000 mov eax, dword ptr fs:[00000030h]5_2_01112000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01112000 mov eax, dword ptr fs:[00000030h]5_2_01112000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01112000 mov eax, dword ptr fs:[00000030h]5_2_01112000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01112000 mov eax, dword ptr fs:[00000030h]5_2_01112000
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108E016 mov eax, dword ptr fs:[00000030h]5_2_0108E016
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108E016 mov eax, dword ptr fs:[00000030h]5_2_0108E016
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108E016 mov eax, dword ptr fs:[00000030h]5_2_0108E016
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108E016 mov eax, dword ptr fs:[00000030h]5_2_0108E016
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01106030 mov eax, dword ptr fs:[00000030h]5_2_01106030
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106A020 mov eax, dword ptr fs:[00000030h]5_2_0106A020
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106C020 mov eax, dword ptr fs:[00000030h]5_2_0106C020
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01072050 mov eax, dword ptr fs:[00000030h]5_2_01072050
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F6050 mov eax, dword ptr fs:[00000030h]5_2_010F6050
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109C073 mov eax, dword ptr fs:[00000030h]5_2_0109C073
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107208A mov eax, dword ptr fs:[00000030h]5_2_0107208A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010680A0 mov eax, dword ptr fs:[00000030h]5_2_010680A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011360B8 mov eax, dword ptr fs:[00000030h]5_2_011360B8
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011360B8 mov ecx, dword ptr fs:[00000030h]5_2_011360B8
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011080A8 mov eax, dword ptr fs:[00000030h]5_2_011080A8
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F20DE mov eax, dword ptr fs:[00000030h]5_2_010F20DE
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0106A0E3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010780E9 mov eax, dword ptr fs:[00000030h]5_2_010780E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F60E0 mov eax, dword ptr fs:[00000030h]5_2_010F60E0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106C0F0 mov eax, dword ptr fs:[00000030h]5_2_0106C0F0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B20F0 mov ecx, dword ptr fs:[00000030h]5_2_010B20F0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA30B mov eax, dword ptr fs:[00000030h]5_2_010AA30B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA30B mov eax, dword ptr fs:[00000030h]5_2_010AA30B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA30B mov eax, dword ptr fs:[00000030h]5_2_010AA30B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106C310 mov ecx, dword ptr fs:[00000030h]5_2_0106C310
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01090310 mov ecx, dword ptr fs:[00000030h]5_2_01090310
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113A352 mov eax, dword ptr fs:[00000030h]5_2_0113A352
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01118350 mov ecx, dword ptr fs:[00000030h]5_2_01118350
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F2349 mov eax, dword ptr fs:[00000030h]5_2_010F2349
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F035C mov eax, dword ptr fs:[00000030h]5_2_010F035C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F035C mov eax, dword ptr fs:[00000030h]5_2_010F035C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F035C mov eax, dword ptr fs:[00000030h]5_2_010F035C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F035C mov ecx, dword ptr fs:[00000030h]5_2_010F035C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F035C mov eax, dword ptr fs:[00000030h]5_2_010F035C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F035C mov eax, dword ptr fs:[00000030h]5_2_010F035C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111437C mov eax, dword ptr fs:[00000030h]5_2_0111437C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109438F mov eax, dword ptr fs:[00000030h]5_2_0109438F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109438F mov eax, dword ptr fs:[00000030h]5_2_0109438F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106E388 mov eax, dword ptr fs:[00000030h]5_2_0106E388
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106E388 mov eax, dword ptr fs:[00000030h]5_2_0106E388
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106E388 mov eax, dword ptr fs:[00000030h]5_2_0106E388
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01068397 mov eax, dword ptr fs:[00000030h]5_2_01068397
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01068397 mov eax, dword ptr fs:[00000030h]5_2_01068397
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01068397 mov eax, dword ptr fs:[00000030h]5_2_01068397
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011143D4 mov eax, dword ptr fs:[00000030h]5_2_011143D4
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011143D4 mov eax, dword ptr fs:[00000030h]5_2_011143D4
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A3C0 mov eax, dword ptr fs:[00000030h]5_2_0107A3C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A3C0 mov eax, dword ptr fs:[00000030h]5_2_0107A3C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A3C0 mov eax, dword ptr fs:[00000030h]5_2_0107A3C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A3C0 mov eax, dword ptr fs:[00000030h]5_2_0107A3C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A3C0 mov eax, dword ptr fs:[00000030h]5_2_0107A3C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A3C0 mov eax, dword ptr fs:[00000030h]5_2_0107A3C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010783C0 mov eax, dword ptr fs:[00000030h]5_2_010783C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010783C0 mov eax, dword ptr fs:[00000030h]5_2_010783C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010783C0 mov eax, dword ptr fs:[00000030h]5_2_010783C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010783C0 mov eax, dword ptr fs:[00000030h]5_2_010783C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E3DB mov eax, dword ptr fs:[00000030h]5_2_0111E3DB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E3DB mov eax, dword ptr fs:[00000030h]5_2_0111E3DB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E3DB mov ecx, dword ptr fs:[00000030h]5_2_0111E3DB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111E3DB mov eax, dword ptr fs:[00000030h]5_2_0111E3DB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F63C0 mov eax, dword ptr fs:[00000030h]5_2_010F63C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112C3CD mov eax, dword ptr fs:[00000030h]5_2_0112C3CD
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010803E9 mov eax, dword ptr fs:[00000030h]5_2_010803E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010803E9 mov eax, dword ptr fs:[00000030h]5_2_010803E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010803E9 mov eax, dword ptr fs:[00000030h]5_2_010803E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010803E9 mov eax, dword ptr fs:[00000030h]5_2_010803E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010803E9 mov eax, dword ptr fs:[00000030h]5_2_010803E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010803E9 mov eax, dword ptr fs:[00000030h]5_2_010803E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010803E9 mov eax, dword ptr fs:[00000030h]5_2_010803E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010803E9 mov eax, dword ptr fs:[00000030h]5_2_010803E9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A63FF mov eax, dword ptr fs:[00000030h]5_2_010A63FF
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108E3F0 mov eax, dword ptr fs:[00000030h]5_2_0108E3F0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108E3F0 mov eax, dword ptr fs:[00000030h]5_2_0108E3F0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108E3F0 mov eax, dword ptr fs:[00000030h]5_2_0108E3F0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106823B mov eax, dword ptr fs:[00000030h]5_2_0106823B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112A250 mov eax, dword ptr fs:[00000030h]5_2_0112A250
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112A250 mov eax, dword ptr fs:[00000030h]5_2_0112A250
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F8243 mov eax, dword ptr fs:[00000030h]5_2_010F8243
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F8243 mov ecx, dword ptr fs:[00000030h]5_2_010F8243
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106A250 mov eax, dword ptr fs:[00000030h]5_2_0106A250
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076259 mov eax, dword ptr fs:[00000030h]5_2_01076259
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01120274 mov eax, dword ptr fs:[00000030h]5_2_01120274
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01074260 mov eax, dword ptr fs:[00000030h]5_2_01074260
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01074260 mov eax, dword ptr fs:[00000030h]5_2_01074260
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01074260 mov eax, dword ptr fs:[00000030h]5_2_01074260
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106826B mov eax, dword ptr fs:[00000030h]5_2_0106826B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F0283 mov eax, dword ptr fs:[00000030h]5_2_010F0283
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F0283 mov eax, dword ptr fs:[00000030h]5_2_010F0283
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F0283 mov eax, dword ptr fs:[00000030h]5_2_010F0283
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE284 mov eax, dword ptr fs:[00000030h]5_2_010AE284
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE284 mov eax, dword ptr fs:[00000030h]5_2_010AE284
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010802A0 mov eax, dword ptr fs:[00000030h]5_2_010802A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010802A0 mov eax, dword ptr fs:[00000030h]5_2_010802A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011062A0 mov eax, dword ptr fs:[00000030h]5_2_011062A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011062A0 mov ecx, dword ptr fs:[00000030h]5_2_011062A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011062A0 mov eax, dword ptr fs:[00000030h]5_2_011062A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011062A0 mov eax, dword ptr fs:[00000030h]5_2_011062A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011062A0 mov eax, dword ptr fs:[00000030h]5_2_011062A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011062A0 mov eax, dword ptr fs:[00000030h]5_2_011062A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A2C3 mov eax, dword ptr fs:[00000030h]5_2_0107A2C3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A2C3 mov eax, dword ptr fs:[00000030h]5_2_0107A2C3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A2C3 mov eax, dword ptr fs:[00000030h]5_2_0107A2C3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A2C3 mov eax, dword ptr fs:[00000030h]5_2_0107A2C3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A2C3 mov eax, dword ptr fs:[00000030h]5_2_0107A2C3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010802E1 mov eax, dword ptr fs:[00000030h]5_2_010802E1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010802E1 mov eax, dword ptr fs:[00000030h]5_2_010802E1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010802E1 mov eax, dword ptr fs:[00000030h]5_2_010802E1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01106500 mov eax, dword ptr fs:[00000030h]5_2_01106500
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144500 mov eax, dword ptr fs:[00000030h]5_2_01144500
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144500 mov eax, dword ptr fs:[00000030h]5_2_01144500
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144500 mov eax, dword ptr fs:[00000030h]5_2_01144500
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144500 mov eax, dword ptr fs:[00000030h]5_2_01144500
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144500 mov eax, dword ptr fs:[00000030h]5_2_01144500
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144500 mov eax, dword ptr fs:[00000030h]5_2_01144500
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144500 mov eax, dword ptr fs:[00000030h]5_2_01144500
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E53E mov eax, dword ptr fs:[00000030h]5_2_0109E53E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E53E mov eax, dword ptr fs:[00000030h]5_2_0109E53E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E53E mov eax, dword ptr fs:[00000030h]5_2_0109E53E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E53E mov eax, dword ptr fs:[00000030h]5_2_0109E53E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E53E mov eax, dword ptr fs:[00000030h]5_2_0109E53E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080535 mov eax, dword ptr fs:[00000030h]5_2_01080535
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080535 mov eax, dword ptr fs:[00000030h]5_2_01080535
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080535 mov eax, dword ptr fs:[00000030h]5_2_01080535
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080535 mov eax, dword ptr fs:[00000030h]5_2_01080535
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080535 mov eax, dword ptr fs:[00000030h]5_2_01080535
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080535 mov eax, dword ptr fs:[00000030h]5_2_01080535
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01078550 mov eax, dword ptr fs:[00000030h]5_2_01078550
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01078550 mov eax, dword ptr fs:[00000030h]5_2_01078550
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A656A mov eax, dword ptr fs:[00000030h]5_2_010A656A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A656A mov eax, dword ptr fs:[00000030h]5_2_010A656A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A656A mov eax, dword ptr fs:[00000030h]5_2_010A656A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A4588 mov eax, dword ptr fs:[00000030h]5_2_010A4588
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01072582 mov eax, dword ptr fs:[00000030h]5_2_01072582
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01072582 mov ecx, dword ptr fs:[00000030h]5_2_01072582
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE59C mov eax, dword ptr fs:[00000030h]5_2_010AE59C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F05A7 mov eax, dword ptr fs:[00000030h]5_2_010F05A7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F05A7 mov eax, dword ptr fs:[00000030h]5_2_010F05A7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F05A7 mov eax, dword ptr fs:[00000030h]5_2_010F05A7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010945B1 mov eax, dword ptr fs:[00000030h]5_2_010945B1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010945B1 mov eax, dword ptr fs:[00000030h]5_2_010945B1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE5CF mov eax, dword ptr fs:[00000030h]5_2_010AE5CF
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE5CF mov eax, dword ptr fs:[00000030h]5_2_010AE5CF
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010765D0 mov eax, dword ptr fs:[00000030h]5_2_010765D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA5D0 mov eax, dword ptr fs:[00000030h]5_2_010AA5D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA5D0 mov eax, dword ptr fs:[00000030h]5_2_010AA5D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010725E0 mov eax, dword ptr fs:[00000030h]5_2_010725E0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AC5ED mov eax, dword ptr fs:[00000030h]5_2_010AC5ED
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AC5ED mov eax, dword ptr fs:[00000030h]5_2_010AC5ED
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E5E7 mov eax, dword ptr fs:[00000030h]5_2_0109E5E7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E5E7 mov eax, dword ptr fs:[00000030h]5_2_0109E5E7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E5E7 mov eax, dword ptr fs:[00000030h]5_2_0109E5E7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E5E7 mov eax, dword ptr fs:[00000030h]5_2_0109E5E7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E5E7 mov eax, dword ptr fs:[00000030h]5_2_0109E5E7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E5E7 mov eax, dword ptr fs:[00000030h]5_2_0109E5E7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E5E7 mov eax, dword ptr fs:[00000030h]5_2_0109E5E7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E5E7 mov eax, dword ptr fs:[00000030h]5_2_0109E5E7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A8402 mov eax, dword ptr fs:[00000030h]5_2_010A8402
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A8402 mov eax, dword ptr fs:[00000030h]5_2_010A8402
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A8402 mov eax, dword ptr fs:[00000030h]5_2_010A8402
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106C427 mov eax, dword ptr fs:[00000030h]5_2_0106C427
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106E420 mov eax, dword ptr fs:[00000030h]5_2_0106E420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106E420 mov eax, dword ptr fs:[00000030h]5_2_0106E420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106E420 mov eax, dword ptr fs:[00000030h]5_2_0106E420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F6420 mov eax, dword ptr fs:[00000030h]5_2_010F6420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F6420 mov eax, dword ptr fs:[00000030h]5_2_010F6420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F6420 mov eax, dword ptr fs:[00000030h]5_2_010F6420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F6420 mov eax, dword ptr fs:[00000030h]5_2_010F6420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F6420 mov eax, dword ptr fs:[00000030h]5_2_010F6420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F6420 mov eax, dword ptr fs:[00000030h]5_2_010F6420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F6420 mov eax, dword ptr fs:[00000030h]5_2_010F6420
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA430 mov eax, dword ptr fs:[00000030h]5_2_010AA430
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112A456 mov eax, dword ptr fs:[00000030h]5_2_0112A456
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE443 mov eax, dword ptr fs:[00000030h]5_2_010AE443
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE443 mov eax, dword ptr fs:[00000030h]5_2_010AE443
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE443 mov eax, dword ptr fs:[00000030h]5_2_010AE443
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE443 mov eax, dword ptr fs:[00000030h]5_2_010AE443
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE443 mov eax, dword ptr fs:[00000030h]5_2_010AE443
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE443 mov eax, dword ptr fs:[00000030h]5_2_010AE443
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE443 mov eax, dword ptr fs:[00000030h]5_2_010AE443
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AE443 mov eax, dword ptr fs:[00000030h]5_2_010AE443
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109245A mov eax, dword ptr fs:[00000030h]5_2_0109245A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106645D mov eax, dword ptr fs:[00000030h]5_2_0106645D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FC460 mov ecx, dword ptr fs:[00000030h]5_2_010FC460
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109A470 mov eax, dword ptr fs:[00000030h]5_2_0109A470
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109A470 mov eax, dword ptr fs:[00000030h]5_2_0109A470
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109A470 mov eax, dword ptr fs:[00000030h]5_2_0109A470
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0112A49A mov eax, dword ptr fs:[00000030h]5_2_0112A49A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010764AB mov eax, dword ptr fs:[00000030h]5_2_010764AB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A44B0 mov ecx, dword ptr fs:[00000030h]5_2_010A44B0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FA4B0 mov eax, dword ptr fs:[00000030h]5_2_010FA4B0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010704E5 mov ecx, dword ptr fs:[00000030h]5_2_010704E5
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AC700 mov eax, dword ptr fs:[00000030h]5_2_010AC700
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01070710 mov eax, dword ptr fs:[00000030h]5_2_01070710
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A0710 mov eax, dword ptr fs:[00000030h]5_2_010A0710
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AC720 mov eax, dword ptr fs:[00000030h]5_2_010AC720
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AC720 mov eax, dword ptr fs:[00000030h]5_2_010AC720
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A273C mov eax, dword ptr fs:[00000030h]5_2_010A273C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A273C mov ecx, dword ptr fs:[00000030h]5_2_010A273C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A273C mov eax, dword ptr fs:[00000030h]5_2_010A273C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EC730 mov eax, dword ptr fs:[00000030h]5_2_010EC730
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A674D mov esi, dword ptr fs:[00000030h]5_2_010A674D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A674D mov eax, dword ptr fs:[00000030h]5_2_010A674D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A674D mov eax, dword ptr fs:[00000030h]5_2_010A674D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FE75D mov eax, dword ptr fs:[00000030h]5_2_010FE75D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01070750 mov eax, dword ptr fs:[00000030h]5_2_01070750
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F4755 mov eax, dword ptr fs:[00000030h]5_2_010F4755
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2750 mov eax, dword ptr fs:[00000030h]5_2_010B2750
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2750 mov eax, dword ptr fs:[00000030h]5_2_010B2750
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01078770 mov eax, dword ptr fs:[00000030h]5_2_01078770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080770 mov eax, dword ptr fs:[00000030h]5_2_01080770
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111678E mov eax, dword ptr fs:[00000030h]5_2_0111678E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010707AF mov eax, dword ptr fs:[00000030h]5_2_010707AF
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011247A0 mov eax, dword ptr fs:[00000030h]5_2_011247A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107C7C0 mov eax, dword ptr fs:[00000030h]5_2_0107C7C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F07C3 mov eax, dword ptr fs:[00000030h]5_2_010F07C3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010927ED mov eax, dword ptr fs:[00000030h]5_2_010927ED
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010927ED mov eax, dword ptr fs:[00000030h]5_2_010927ED
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010927ED mov eax, dword ptr fs:[00000030h]5_2_010927ED
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FE7E1 mov eax, dword ptr fs:[00000030h]5_2_010FE7E1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010747FB mov eax, dword ptr fs:[00000030h]5_2_010747FB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010747FB mov eax, dword ptr fs:[00000030h]5_2_010747FB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE609 mov eax, dword ptr fs:[00000030h]5_2_010EE609
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B2619 mov eax, dword ptr fs:[00000030h]5_2_010B2619
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A6620 mov eax, dword ptr fs:[00000030h]5_2_010A6620
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A8620 mov eax, dword ptr fs:[00000030h]5_2_010A8620
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107262C mov eax, dword ptr fs:[00000030h]5_2_0107262C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108E627 mov eax, dword ptr fs:[00000030h]5_2_0108E627
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108C640 mov eax, dword ptr fs:[00000030h]5_2_0108C640
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA660 mov eax, dword ptr fs:[00000030h]5_2_010AA660
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA660 mov eax, dword ptr fs:[00000030h]5_2_010AA660
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113866E mov eax, dword ptr fs:[00000030h]5_2_0113866E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113866E mov eax, dword ptr fs:[00000030h]5_2_0113866E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A2674 mov eax, dword ptr fs:[00000030h]5_2_010A2674
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01074690 mov eax, dword ptr fs:[00000030h]5_2_01074690
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01074690 mov eax, dword ptr fs:[00000030h]5_2_01074690
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AC6A6 mov eax, dword ptr fs:[00000030h]5_2_010AC6A6
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A66B0 mov eax, dword ptr fs:[00000030h]5_2_010A66B0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA6C7 mov ebx, dword ptr fs:[00000030h]5_2_010AA6C7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA6C7 mov eax, dword ptr fs:[00000030h]5_2_010AA6C7
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE6F2 mov eax, dword ptr fs:[00000030h]5_2_010EE6F2
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE6F2 mov eax, dword ptr fs:[00000030h]5_2_010EE6F2
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE6F2 mov eax, dword ptr fs:[00000030h]5_2_010EE6F2
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE6F2 mov eax, dword ptr fs:[00000030h]5_2_010EE6F2
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F06F1 mov eax, dword ptr fs:[00000030h]5_2_010F06F1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F06F1 mov eax, dword ptr fs:[00000030h]5_2_010F06F1
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE908 mov eax, dword ptr fs:[00000030h]5_2_010EE908
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EE908 mov eax, dword ptr fs:[00000030h]5_2_010EE908
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FC912 mov eax, dword ptr fs:[00000030h]5_2_010FC912
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01068918 mov eax, dword ptr fs:[00000030h]5_2_01068918
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01068918 mov eax, dword ptr fs:[00000030h]5_2_01068918
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F892A mov eax, dword ptr fs:[00000030h]5_2_010F892A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0110892B mov eax, dword ptr fs:[00000030h]5_2_0110892B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F0946 mov eax, dword ptr fs:[00000030h]5_2_010F0946
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144940 mov eax, dword ptr fs:[00000030h]5_2_01144940
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B096E mov eax, dword ptr fs:[00000030h]5_2_010B096E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B096E mov edx, dword ptr fs:[00000030h]5_2_010B096E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010B096E mov eax, dword ptr fs:[00000030h]5_2_010B096E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01114978 mov eax, dword ptr fs:[00000030h]5_2_01114978
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01114978 mov eax, dword ptr fs:[00000030h]5_2_01114978
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01096962 mov eax, dword ptr fs:[00000030h]5_2_01096962
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01096962 mov eax, dword ptr fs:[00000030h]5_2_01096962
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01096962 mov eax, dword ptr fs:[00000030h]5_2_01096962
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FC97C mov eax, dword ptr fs:[00000030h]5_2_010FC97C
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010829A0 mov eax, dword ptr fs:[00000030h]5_2_010829A0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010709AD mov eax, dword ptr fs:[00000030h]5_2_010709AD
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010709AD mov eax, dword ptr fs:[00000030h]5_2_010709AD
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F89B3 mov esi, dword ptr fs:[00000030h]5_2_010F89B3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F89B3 mov eax, dword ptr fs:[00000030h]5_2_010F89B3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010F89B3 mov eax, dword ptr fs:[00000030h]5_2_010F89B3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113A9D3 mov eax, dword ptr fs:[00000030h]5_2_0113A9D3
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011069C0 mov eax, dword ptr fs:[00000030h]5_2_011069C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A9D0 mov eax, dword ptr fs:[00000030h]5_2_0107A9D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A9D0 mov eax, dword ptr fs:[00000030h]5_2_0107A9D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A9D0 mov eax, dword ptr fs:[00000030h]5_2_0107A9D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A9D0 mov eax, dword ptr fs:[00000030h]5_2_0107A9D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A9D0 mov eax, dword ptr fs:[00000030h]5_2_0107A9D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107A9D0 mov eax, dword ptr fs:[00000030h]5_2_0107A9D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A49D0 mov eax, dword ptr fs:[00000030h]5_2_010A49D0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FE9E0 mov eax, dword ptr fs:[00000030h]5_2_010FE9E0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A29F9 mov eax, dword ptr fs:[00000030h]5_2_010A29F9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A29F9 mov eax, dword ptr fs:[00000030h]5_2_010A29F9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FC810 mov eax, dword ptr fs:[00000030h]5_2_010FC810
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111483A mov eax, dword ptr fs:[00000030h]5_2_0111483A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111483A mov eax, dword ptr fs:[00000030h]5_2_0111483A
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AA830 mov eax, dword ptr fs:[00000030h]5_2_010AA830
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01092835 mov eax, dword ptr fs:[00000030h]5_2_01092835
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01092835 mov eax, dword ptr fs:[00000030h]5_2_01092835
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01092835 mov eax, dword ptr fs:[00000030h]5_2_01092835
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01092835 mov ecx, dword ptr fs:[00000030h]5_2_01092835
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01092835 mov eax, dword ptr fs:[00000030h]5_2_01092835
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01092835 mov eax, dword ptr fs:[00000030h]5_2_01092835
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01082840 mov ecx, dword ptr fs:[00000030h]5_2_01082840
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01074859 mov eax, dword ptr fs:[00000030h]5_2_01074859
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01074859 mov eax, dword ptr fs:[00000030h]5_2_01074859
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A0854 mov eax, dword ptr fs:[00000030h]5_2_010A0854
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01106870 mov eax, dword ptr fs:[00000030h]5_2_01106870
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01106870 mov eax, dword ptr fs:[00000030h]5_2_01106870
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FE872 mov eax, dword ptr fs:[00000030h]5_2_010FE872
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FE872 mov eax, dword ptr fs:[00000030h]5_2_010FE872
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01070887 mov eax, dword ptr fs:[00000030h]5_2_01070887
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FC89D mov eax, dword ptr fs:[00000030h]5_2_010FC89D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109E8C0 mov eax, dword ptr fs:[00000030h]5_2_0109E8C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_011408C0 mov eax, dword ptr fs:[00000030h]5_2_011408C0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AC8F9 mov eax, dword ptr fs:[00000030h]5_2_010AC8F9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AC8F9 mov eax, dword ptr fs:[00000030h]5_2_010AC8F9
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113A8E4 mov eax, dword ptr fs:[00000030h]5_2_0113A8E4
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EEB1D mov eax, dword ptr fs:[00000030h]5_2_010EEB1D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EEB1D mov eax, dword ptr fs:[00000030h]5_2_010EEB1D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EEB1D mov eax, dword ptr fs:[00000030h]5_2_010EEB1D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EEB1D mov eax, dword ptr fs:[00000030h]5_2_010EEB1D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EEB1D mov eax, dword ptr fs:[00000030h]5_2_010EEB1D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EEB1D mov eax, dword ptr fs:[00000030h]5_2_010EEB1D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EEB1D mov eax, dword ptr fs:[00000030h]5_2_010EEB1D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EEB1D mov eax, dword ptr fs:[00000030h]5_2_010EEB1D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010EEB1D mov eax, dword ptr fs:[00000030h]5_2_010EEB1D
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144B00 mov eax, dword ptr fs:[00000030h]5_2_01144B00
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109EB20 mov eax, dword ptr fs:[00000030h]5_2_0109EB20
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109EB20 mov eax, dword ptr fs:[00000030h]5_2_0109EB20
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01138B28 mov eax, dword ptr fs:[00000030h]5_2_01138B28
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01138B28 mov eax, dword ptr fs:[00000030h]5_2_01138B28
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111EB50 mov eax, dword ptr fs:[00000030h]5_2_0111EB50
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01142B57 mov eax, dword ptr fs:[00000030h]5_2_01142B57
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01142B57 mov eax, dword ptr fs:[00000030h]5_2_01142B57
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01142B57 mov eax, dword ptr fs:[00000030h]5_2_01142B57
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01142B57 mov eax, dword ptr fs:[00000030h]5_2_01142B57
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01106B40 mov eax, dword ptr fs:[00000030h]5_2_01106B40
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01106B40 mov eax, dword ptr fs:[00000030h]5_2_01106B40
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0113AB40 mov eax, dword ptr fs:[00000030h]5_2_0113AB40
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01118B42 mov eax, dword ptr fs:[00000030h]5_2_01118B42
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01068B50 mov eax, dword ptr fs:[00000030h]5_2_01068B50
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01124B4B mov eax, dword ptr fs:[00000030h]5_2_01124B4B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01124B4B mov eax, dword ptr fs:[00000030h]5_2_01124B4B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0106CB7E mov eax, dword ptr fs:[00000030h]5_2_0106CB7E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01124BB0 mov eax, dword ptr fs:[00000030h]5_2_01124BB0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01124BB0 mov eax, dword ptr fs:[00000030h]5_2_01124BB0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080BBE mov eax, dword ptr fs:[00000030h]5_2_01080BBE
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080BBE mov eax, dword ptr fs:[00000030h]5_2_01080BBE
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111EBD0 mov eax, dword ptr fs:[00000030h]5_2_0111EBD0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01090BCB mov eax, dword ptr fs:[00000030h]5_2_01090BCB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01090BCB mov eax, dword ptr fs:[00000030h]5_2_01090BCB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01090BCB mov eax, dword ptr fs:[00000030h]5_2_01090BCB
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01070BCD mov eax, dword ptr fs:[00000030h]5_2_01070BCD
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01070BCD mov eax, dword ptr fs:[00000030h]5_2_01070BCD
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01070BCD mov eax, dword ptr fs:[00000030h]5_2_01070BCD
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109EBFC mov eax, dword ptr fs:[00000030h]5_2_0109EBFC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01078BF0 mov eax, dword ptr fs:[00000030h]5_2_01078BF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01078BF0 mov eax, dword ptr fs:[00000030h]5_2_01078BF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01078BF0 mov eax, dword ptr fs:[00000030h]5_2_01078BF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FCBF0 mov eax, dword ptr fs:[00000030h]5_2_010FCBF0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010FCA11 mov eax, dword ptr fs:[00000030h]5_2_010FCA11
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0109EA2E mov eax, dword ptr fs:[00000030h]5_2_0109EA2E
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010ACA24 mov eax, dword ptr fs:[00000030h]5_2_010ACA24
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010ACA38 mov eax, dword ptr fs:[00000030h]5_2_010ACA38
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01094A35 mov eax, dword ptr fs:[00000030h]5_2_01094A35
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01094A35 mov eax, dword ptr fs:[00000030h]5_2_01094A35
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080A5B mov eax, dword ptr fs:[00000030h]5_2_01080A5B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01080A5B mov eax, dword ptr fs:[00000030h]5_2_01080A5B
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076A50 mov eax, dword ptr fs:[00000030h]5_2_01076A50
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076A50 mov eax, dword ptr fs:[00000030h]5_2_01076A50
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076A50 mov eax, dword ptr fs:[00000030h]5_2_01076A50
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076A50 mov eax, dword ptr fs:[00000030h]5_2_01076A50
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076A50 mov eax, dword ptr fs:[00000030h]5_2_01076A50
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076A50 mov eax, dword ptr fs:[00000030h]5_2_01076A50
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01076A50 mov eax, dword ptr fs:[00000030h]5_2_01076A50
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010ACA6F mov eax, dword ptr fs:[00000030h]5_2_010ACA6F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010ACA6F mov eax, dword ptr fs:[00000030h]5_2_010ACA6F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010ACA6F mov eax, dword ptr fs:[00000030h]5_2_010ACA6F
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0111EA60 mov eax, dword ptr fs:[00000030h]5_2_0111EA60
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010ECA72 mov eax, dword ptr fs:[00000030h]5_2_010ECA72
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010ECA72 mov eax, dword ptr fs:[00000030h]5_2_010ECA72
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA80 mov eax, dword ptr fs:[00000030h]5_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA80 mov eax, dword ptr fs:[00000030h]5_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA80 mov eax, dword ptr fs:[00000030h]5_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA80 mov eax, dword ptr fs:[00000030h]5_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA80 mov eax, dword ptr fs:[00000030h]5_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA80 mov eax, dword ptr fs:[00000030h]5_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA80 mov eax, dword ptr fs:[00000030h]5_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA80 mov eax, dword ptr fs:[00000030h]5_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0107EA80 mov eax, dword ptr fs:[00000030h]5_2_0107EA80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01144A80 mov eax, dword ptr fs:[00000030h]5_2_01144A80
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A8A90 mov edx, dword ptr fs:[00000030h]5_2_010A8A90
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01078AA0 mov eax, dword ptr fs:[00000030h]5_2_01078AA0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01078AA0 mov eax, dword ptr fs:[00000030h]5_2_01078AA0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010C6AA4 mov eax, dword ptr fs:[00000030h]5_2_010C6AA4
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010C6ACC mov eax, dword ptr fs:[00000030h]5_2_010C6ACC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010C6ACC mov eax, dword ptr fs:[00000030h]5_2_010C6ACC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010C6ACC mov eax, dword ptr fs:[00000030h]5_2_010C6ACC
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01070AD0 mov eax, dword ptr fs:[00000030h]5_2_01070AD0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A4AD0 mov eax, dword ptr fs:[00000030h]5_2_010A4AD0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010A4AD0 mov eax, dword ptr fs:[00000030h]5_2_010A4AD0
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AAAEE mov eax, dword ptr fs:[00000030h]5_2_010AAAEE
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_010AAAEE mov eax, dword ptr fs:[00000030h]5_2_010AAAEE
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01128D10 mov eax, dword ptr fs:[00000030h]5_2_01128D10
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_01128D10 mov eax, dword ptr fs:[00000030h]5_2_01128D10
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeCode function: 5_2_0108AD00 mov eax, dword ptr fs:[00000030h]5_2_0108AD00
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeMemory written: C:\Users\user\Desktop\ztcrKv3zFz.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess created: C:\Users\user\Desktop\ztcrKv3zFz.exe "C:\Users\user\Desktop\ztcrKv3zFz.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeProcess created: C:\Users\user\Desktop\ztcrKv3zFz.exe "C:\Users\user\Desktop\ztcrKv3zFz.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeQueries volume information: C:\Users\user\Desktop\ztcrKv3zFz.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ztcrKv3zFz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.2.ztcrKv3zFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.ztcrKv3zFz.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1935670359.0000000000EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.2.ztcrKv3zFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.ztcrKv3zFz.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1935670359.0000000000EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping2
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS12
          System Information Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
          Obfuscated Files or Information          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          ztcrKv3zFz.exe58%VirustotalBrowse
          ztcrKv3zFz.exe87%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
          ztcrKv3zFz.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          s-part-0017.t-0009.t-msedge.net
          		13.107.246.45
          		truefalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameztcrKv3zFz.exe, 00000000.00000002.3181579475.00000000025D1000.00000004.00000800.00020000.00000000.sdmpfalse
              		high

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1588229
              Start date and time:2025-01-10 22:57:28 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 7m 10s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Run name:Run with higher sleep bypass
              Number of analysed new started processes analysed:11
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:ztcrKv3zFz.exe
              renamed because original name is a hash value
              Original Sample Name:2e0e7afdab8ca0ee49b2e3df7d9c8c3ff3f38d615fa114bd9dd06b8705842d5b.exe
              Detection:MAL
              Classification:mal68.troj.evad.winEXE@5/1@0/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 96%
              • Number of executed functions: 129
              • Number of non-executed functions: 277
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 184.28.90.27, 52.149.20.212
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              s-part-0017.t-0009.t-msedge.netgH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
              • 13.107.246.45
              3j7f6Bv4FT.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              rComprobante_swift_8676534657698632.exeGet hashmaliciousAgentTeslaBrowse
              • 13.107.246.45
              6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
              • 13.107.246.45
              iRmpdWgpoF.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              7cYDC0HciP.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              http://@1800-web.com/new/auth/6XEcGVvsnjwXq8bbJloqbuPkeuHjc6rLcgYUe/bGVvbi5ncmF2ZXNAYXRvcy5uZXQ=Get hashmaliciousUnknownBrowse
              • 13.107.246.45
              7cYDC0HciP.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              28uMwHvbTD.exeGet hashmaliciousAgentTeslaBrowse
              • 13.107.246.45
              https://services221.com/mm/Get hashmaliciousHTMLPhisherBrowse
              • 13.107.246.45

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ztcrKv3zFz.exe.log

              Download File
              Process:C:\Users\user\Desktop\ztcrKv3zFz.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1415
              Entropy (8bit):5.352427679901606
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
              MD5:97AD91F1C1F572C945DA12233082171D
              SHA1:D5E33DDAB37E32E416FC40419FB26B3C0563519D
              SHA-256:3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
              SHA-512:8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
              Malicious:true
              Reputation:moderate, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.617246165582524
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:ztcrKv3zFz.exe
              File size:878'080 bytes
              MD5:65181f8c69d2bee406d2e629424d2cb8
              SHA1:48c68f17a383fd6c1127fd680c5a8e7945874676
              SHA256:2e0e7afdab8ca0ee49b2e3df7d9c8c3ff3f38d615fa114bd9dd06b8705842d5b
              SHA512:30a37abb898afcee98f22d199b95ed7c5ad958323ff318694b07629c440f583acc17109a9fd71f2b0912eab8be918a9bdb1ba944f7ee33e3aca033ae72b103ee
              SSDEEP:24576:08ozfXxFvW9rozgdvTH2XjPP8RQP3tgTYqwFO:DWS9r8gdvz2Xh9gTYX
              TLSH:0115E064776EDB06C5394BF00A71E2B823B96D5EF411D21B6DD97EEF3836B014A10A83
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y.................0..\...........{... ........@.. ....................................@................................

              File Icon

              Icon Hash:90cececece8e8eb0

              Static PE Info

              General

              Entrypoint:0x4d7bba
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0xB9F48759 [Sat Nov 10 21:59:53 2068 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              push ebx
              add byte ptr [ecx+00h], bh
              jnc 00007FB764738632h
              je 00007FB764738632h
              add byte ptr [ebp+00h], ch
              add byte ptr [ecx+00h], al
              arpl word ptr [eax], ax
              je 00007FB764738632h
              imul eax, dword ptr [eax], 00610076h
              je 00007FB764738632h
              outsd
              add byte ptr [edx+00h], dh
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xd7b660x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd80000x5cc.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xda0000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0xd556c0x70.text
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xd5be00xd5c0085bb372e100f27a3ebe5de95104521c0False0.8365862573099415OpenPGP Public Key7.623766480078115IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xd80000x5cc0x600b0c889cf4f114fd7e14defb7d6d0eda2False0.427734375data4.123888308467754IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xda0000xc0x200f3d7ee1dbf376a01f4f69dd4b73d5694False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xd80900x33cdata0.42995169082125606
              RT_MANIFEST0xd83dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 10, 2025 22:58:44.552489042 CET5174553192.168.2.111.1.1.1
              Jan 10, 2025 22:58:44.557415009 CET53517451.1.1.1192.168.2.11
              Jan 10, 2025 22:58:44.557514906 CET5174553192.168.2.111.1.1.1
              Jan 10, 2025 22:58:44.562378883 CET53517451.1.1.1192.168.2.11
              Jan 10, 2025 22:58:45.006983995 CET5174553192.168.2.111.1.1.1
              Jan 10, 2025 22:58:45.013633966 CET53517451.1.1.1192.168.2.11
              Jan 10, 2025 22:58:45.014311075 CET5174553192.168.2.111.1.1.1

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 10, 2025 22:58:44.550995111 CET53631811.1.1.1192.168.2.11

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jan 10, 2025 22:58:23.965912104 CET1.1.1.1192.168.2.110x3a4dNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Jan 10, 2025 22:58:23.965912104 CET1.1.1.1192.168.2.110x3a4dNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:16:58:26
              Start date:10/01/2025
              Path:C:\Users\user\Desktop\ztcrKv3zFz.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\ztcrKv3zFz.exe"
              Imagebase:0x180000
              File size:878'080 bytes
              MD5 hash:65181F8C69D2BEE406D2E629424D2CB8
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:4
              Start time:16:58:44
              Start date:10/01/2025
              Path:C:\Users\user\Desktop\ztcrKv3zFz.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\Desktop\ztcrKv3zFz.exe"
              Imagebase:0x3c0000
              File size:878'080 bytes
              MD5 hash:65181F8C69D2BEE406D2E629424D2CB8
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:5
              Start time:16:58:44
              Start date:10/01/2025
              Path:C:\Users\user\Desktop\ztcrKv3zFz.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\ztcrKv3zFz.exe"
              Imagebase:0x460000
              File size:878'080 bytes
              MD5 hash:65181F8C69D2BEE406D2E629424D2CB8
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1935670359.0000000000EE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:9.6%
                Dynamic/Decrypted Code Coverage:98.5%
                Signature Coverage:0%
                Total number of Nodes:205
                Total number of Limit Nodes:12
                execution_graph 61713 a4d1b4 61714 a4d1cc 61713->61714 61715 a4d226 61714->61715 61720 56a1fa8 61714->61720 61724 56a0bac 61714->61724 61733 56a2cf8 61714->61733 61742 56a1f98 61714->61742 61721 56a1fce 61720->61721 61722 56a0bac CallWindowProcW 61721->61722 61723 56a1fef 61722->61723 61723->61715 61725 56a0bb7 61724->61725 61726 56a2d69 61725->61726 61728 56a2d59 61725->61728 61762 56a0cd4 61726->61762 61746 56a2f5c 61728->61746 61752 56a2e90 61728->61752 61757 56a2e81 61728->61757 61729 56a2d67 61736 56a2d35 61733->61736 61734 56a2d69 61735 56a0cd4 CallWindowProcW 61734->61735 61738 56a2d67 61735->61738 61736->61734 61737 56a2d59 61736->61737 61739 56a2f5c CallWindowProcW 61737->61739 61740 56a2e90 CallWindowProcW 61737->61740 61741 56a2e81 CallWindowProcW 61737->61741 61739->61738 61740->61738 61741->61738 61743 56a1fce 61742->61743 61744 56a0bac CallWindowProcW 61743->61744 61745 56a1fef 61744->61745 61745->61715 61747 56a2f1a 61746->61747 61748 56a2f6a 61746->61748 61766 56a2f48 61747->61766 61769 56a2f37 61747->61769 61749 56a2f30 61749->61729 61754 56a2ea4 61752->61754 61753 56a2f30 61753->61729 61755 56a2f48 CallWindowProcW 61754->61755 61756 56a2f37 CallWindowProcW 61754->61756 61755->61753 61756->61753 61759 56a2e90 61757->61759 61758 56a2f30 61758->61729 61760 56a2f48 CallWindowProcW 61759->61760 61761 56a2f37 CallWindowProcW 61759->61761 61760->61758 61761->61758 61763 56a0cdf 61762->61763 61764 56a444a CallWindowProcW 61763->61764 61765 56a43f9 61763->61765 61764->61765 61765->61729 61767 56a2f59 61766->61767 61772 56a438b 61766->61772 61767->61749 61770 56a438b CallWindowProcW 61769->61770 61771 56a2f59 61769->61771 61770->61771 61771->61749 61773 56a0cd4 CallWindowProcW 61772->61773 61774 56a439a 61773->61774 61774->61767 61794 579efc8 61795 579f016 DrawTextExW 61794->61795 61797 579f06e 61795->61797 61786 bbb218 61789 bbb30f 61786->61789 61787 bbb227 61790 bbb344 61789->61790 61791 bbb321 61789->61791 61790->61787 61791->61790 61792 bbb548 GetModuleHandleW 61791->61792 61793 bbb575 61792->61793 61793->61787 61798 70a6339 61802 70a6ab8 61798->61802 61817 70a6ac8 61798->61817 61799 70a62a9 61803 70a6ac8 61802->61803 61815 70a6b06 61803->61815 61832 70a70c7 61803->61832 61836 70a6f06 61803->61836 61840 70a7626 61803->61840 61845 70a72ee 61803->61845 61852 70a7088 61803->61852 61859 70a7815 61803->61859 61864 70a7114 61803->61864 61869 70a7477 61803->61869 61874 70a76b7 61803->61874 61878 70a75b9 61803->61878 61885 70a6f78 61803->61885 61890 70a7165 61803->61890 61815->61799 61818 70a6ae2 61817->61818 61819 70a7088 4 API calls 61818->61819 61820 70a72ee 4 API calls 61818->61820 61821 70a7626 2 API calls 61818->61821 61822 70a6f06 2 API calls 61818->61822 61823 70a70c7 2 API calls 61818->61823 61824 70a7165 2 API calls 61818->61824 61825 70a6f78 2 API calls 61818->61825 61826 70a75b9 4 API calls 61818->61826 61827 70a76b7 2 API calls 61818->61827 61828 70a7477 2 API calls 61818->61828 61829 70a7114 2 API calls 61818->61829 61830 70a6b06 61818->61830 61831 70a7815 2 API calls 61818->61831 61819->61830 61820->61830 61821->61830 61822->61830 61823->61830 61824->61830 61825->61830 61826->61830 61827->61830 61828->61830 61829->61830 61830->61799 61831->61830 61894 70a59f8 61832->61894 61898 70a59f0 61832->61898 61833 70a70f5 61833->61815 61902 70a5c80 61836->61902 61906 70a5c74 61836->61906 61841 70a748e 61840->61841 61842 70a767e 61841->61842 61910 70a4f38 61841->61910 61914 70a4f40 61841->61914 61846 70a7328 61845->61846 61847 70a78d0 61846->61847 61848 70a59f8 WriteProcessMemory 61846->61848 61849 70a59f0 WriteProcessMemory 61846->61849 61918 70a5938 61846->61918 61922 70a5930 61846->61922 61847->61815 61848->61846 61849->61846 61926 70a5421 61852->61926 61930 70a5428 61852->61930 61853 70a767e 61854 70a70a7 61854->61853 61857 70a4f38 ResumeThread 61854->61857 61858 70a4f40 ResumeThread 61854->61858 61857->61854 61858->61854 61860 70a7876 61859->61860 61862 70a5428 Wow64SetThreadContext 61860->61862 61863 70a5421 Wow64SetThreadContext 61860->61863 61861 70a7891 61862->61861 61863->61861 61865 70a76bf 61864->61865 61866 70a76e1 61865->61866 61934 70a5ae8 61865->61934 61938 70a5ae0 61865->61938 61870 70a747d 61869->61870 61871 70a767e 61870->61871 61872 70a4f38 ResumeThread 61870->61872 61873 70a4f40 ResumeThread 61870->61873 61872->61870 61873->61870 61876 70a5ae8 ReadProcessMemory 61874->61876 61877 70a5ae0 ReadProcessMemory 61874->61877 61875 70a76e1 61876->61875 61877->61875 61883 70a5938 VirtualAllocEx 61878->61883 61884 70a5930 VirtualAllocEx 61878->61884 61879 70a7328 61879->61878 61880 70a78d0 61879->61880 61881 70a59f8 WriteProcessMemory 61879->61881 61882 70a59f0 WriteProcessMemory 61879->61882 61880->61815 61881->61879 61882->61879 61883->61879 61884->61879 61886 70a6f14 61885->61886 61887 70a6f36 61885->61887 61886->61887 61888 70a5c80 CreateProcessA 61886->61888 61889 70a5c74 CreateProcessA 61886->61889 61887->61815 61888->61887 61889->61887 61892 70a59f8 WriteProcessMemory 61890->61892 61893 70a59f0 WriteProcessMemory 61890->61893 61891 70a6f61 61892->61891 61893->61891 61895 70a59fe WriteProcessMemory 61894->61895 61897 70a5a97 61895->61897 61897->61833 61899 70a59f8 WriteProcessMemory 61898->61899 61901 70a5a97 61899->61901 61901->61833 61903 70a5d09 61902->61903 61903->61903 61904 70a5e6e CreateProcessA 61903->61904 61905 70a5ecb 61904->61905 61905->61905 61907 70a5c80 61906->61907 61907->61907 61908 70a5e6e CreateProcessA 61907->61908 61909 70a5ecb 61908->61909 61909->61909 61911 70a4f80 ResumeThread 61910->61911 61913 70a4fb1 61911->61913 61913->61841 61915 70a4f80 ResumeThread 61914->61915 61917 70a4fb1 61915->61917 61917->61841 61919 70a593e VirtualAllocEx 61918->61919 61921 70a59b5 61919->61921 61921->61846 61923 70a5938 VirtualAllocEx 61922->61923 61925 70a59b5 61923->61925 61925->61846 61927 70a5428 Wow64SetThreadContext 61926->61927 61929 70a54b5 61927->61929 61929->61854 61931 70a542e Wow64SetThreadContext 61930->61931 61933 70a54b5 61931->61933 61933->61854 61935 70a5aee ReadProcessMemory 61934->61935 61937 70a5b77 61935->61937 61937->61866 61939 70a5ae8 ReadProcessMemory 61938->61939 61941 70a5b77 61939->61941 61941->61866 61952 bb4668 61953 bb467a 61952->61953 61954 bb4686 61953->61954 61956 bb4778 61953->61956 61957 bb479d 61956->61957 61961 bb4888 61957->61961 61965 bb4878 61957->61965 61963 bb48af 61961->61963 61962 bb498c 61962->61962 61963->61962 61969 bb44b4 61963->61969 61967 bb48af 61965->61967 61966 bb498c 61966->61966 61967->61966 61968 bb44b4 CreateActCtxA 61967->61968 61968->61966 61970 bb5918 CreateActCtxA 61969->61970 61972 bb59db 61970->61972 61972->61972 61973 bbd7c8 DuplicateHandle 61974 bbd85e 61973->61974 61975 579d480 61976 579d481 CloseHandle 61975->61976 61977 579d4e7 61976->61977 61775 56a1df0 61776 56a1e58 CreateWindowExW 61775->61776 61778 56a1f14 61776->61778 61779 70a8010 61780 70a819b 61779->61780 61782 70a8036 61779->61782 61782->61780 61783 70a4870 61782->61783 61784 70a8290 PostMessageW 61783->61784 61785 70a82fc 61784->61785 61785->61782 61942 bbd580 61943 bbd5c6 GetCurrentProcess 61942->61943 61945 bbd618 GetCurrentThread 61943->61945 61946 bbd611 61943->61946 61947 bbd64e 61945->61947 61948 bbd655 GetCurrentProcess 61945->61948 61946->61945 61947->61948 61949 bbd68b GetCurrentThreadId 61948->61949 61951 bbd6e4 61949->61951

                Executed Functions

                Function 089E4117 Relevance: 7.6, Strings: 4, Instructions: 2604COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3186510188.00000000089E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_89e0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: (o_q$4'_q$4'_q$4'_q
                • API String ID: 0-2845777604
                • Opcode ID: 4f6c50629ad96f4fc6816f761941c546577573020825d707a29ee5d8e448f5e0
                • Instruction ID: 110307030a36d8069a9a515c60270015996d1c41cf3412af791ebe82d0becd6c
                • Opcode Fuzzy Hash: 4f6c50629ad96f4fc6816f761941c546577573020825d707a29ee5d8e448f5e0
                • Instruction Fuzzy Hash: 4A43FA74A00219CFCB25DF28C988A9DBBB6BF99315F1585D9E419AB361CB31ED81CF40
                Function 089E3668 Relevance: 7.0, Strings: 5, Instructions: 722COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3186510188.00000000089E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_89e0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: (o_q$(o_q$,cq$,cq$Hcq
                • API String ID: 0-4110691418
                • Opcode ID: 7c2b7d83dd4d409392bfe58d612367b1079117b966ca8a79a09d081a6b0f0a0f
                • Instruction ID: 93ac810cea02289b1854c9a48d620453f0a6c242320c49c5157ed2c4d06d7e48
                • Opcode Fuzzy Hash: 7c2b7d83dd4d409392bfe58d612367b1079117b966ca8a79a09d081a6b0f0a0f
                • Instruction Fuzzy Hash: 8A528034A00115DFCB19EF69C898A6EBBB6BF88315F158569F806DB364CB31EC41DB90
                Function 00BB3E34 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1776 bb3e34-bb6fc2 1779 bb6fc9-bb7153 call bb5c74 call bb5c84 call bb5c94 call bb5ca4 call bb01f8 * 4 1776->1779 1780 bb6fc4 1776->1780 1812 bb7160-bb7247 1779->1812 1813 bb7155-bb715b 1779->1813 1780->1779 1826 bb724f 1812->1826 1814 bb7252-bb725f 1813->1814 1826->1814
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3181277797.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_bb0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: `Ycl$t^cl
                • API String ID: 0-2306952220
                • Opcode ID: 9f048fceabbd8e237533135f8cfebe90b935d9091f3baf7648e748da68246989
                • Instruction ID: 28c6edae0d854b446db908dfa3a7524e020e1c1e78bcde3c70ba7989d0ddd336
                • Opcode Fuzzy Hash: 9f048fceabbd8e237533135f8cfebe90b935d9091f3baf7648e748da68246989
                • Instruction Fuzzy Hash: D581D774E002099FDF18DFA9D994AEEBBB2FF88300F108529E415AB369DB345946CF50
                Function 00BB6F90 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1827 bb6f90-bb6fc2 1828 bb6fc9-bb701f call bb5c74 call bb5c84 1827->1828 1829 bb6fc4 1827->1829 1837 bb702a-bb704d call bb5c94 call bb5ca4 1828->1837 1829->1828 1841 bb7052-bb7153 call bb01f8 * 4 1837->1841 1861 bb7160-bb722e 1841->1861 1862 bb7155-bb715b 1841->1862 1874 bb7238-bb7247 1861->1874 1863 bb7252-bb725f 1862->1863 1875 bb724f 1874->1875 1875->1863
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3181277797.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_bb0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: `Ycl$t^cl
                • API String ID: 0-2306952220
                • Opcode ID: 78845b43c553c78ce71e6c66f45b37d8fe1c67128b47973206b11f92fce5529e
                • Instruction ID: 2924d9bcb267add0611255a40b809ef07a42256337756e818bf411c41f49f320
                • Opcode Fuzzy Hash: 78845b43c553c78ce71e6c66f45b37d8fe1c67128b47973206b11f92fce5529e
                • Instruction Fuzzy Hash: 9851FA70E012489FCB14DFA9D991AEEBBB2BF88300F108569E415AB269DB345D06CF50
                Function 089E1240 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1892 89e1240-89e1271 1893 89e1278-89e133d 1892->1893 1894 89e1273 1892->1894 1901 89e138b-89e139c 1893->1901 1894->1893 1902 89e139e-89e1406 1901->1902 1903 89e133f-89e1377 1901->1903 1911 89e1c60-89e1c8b 1902->1911 1906 89e137e-89e1388 1903->1906 1907 89e1379 1903->1907 1906->1901 1907->1906 1913 89e1c8d-89e1cb6 1911->1913 1914 89e1cb8-89e1cba 1911->1914 1915 89e1cc0-89e1cd4 1913->1915 1914->1915 1917 89e1cda-89e1ce1 1915->1917 1918 89e140b-89e1412 1915->1918 1919 89e1464-89e149f 1918->1919 1921 89e1414-89e142a 1919->1921 1922 89e14a5-89e14ae 1919->1922 1923 89e142c 1921->1923 1924 89e1431-89e144f 1921->1924 1925 89e14b1-89e14e5 1922->1925 1923->1924 1926 89e1456-89e1461 1924->1926 1927 89e1451 1924->1927 1929 89e14e7-89e1501 1925->1929 1930 89e1504-89e152b 1925->1930 1926->1919 1927->1926 1929->1930 1933 89e152d-89e1556 1930->1933 1934 89e1558 1930->1934 1935 89e1562-89e1570 1933->1935 1934->1935 1937 89e1576-89e157d 1935->1937 1938 89e1660-89e170d 1935->1938 1939 89e1643-89e1654 1937->1939 1962 89e170f 1938->1962 1963 89e1713-89e1715 1938->1963 1941 89e165a-89e165b 1939->1941 1942 89e1582-89e1598 1939->1942 1945 89e1c07-89e1c42 1941->1945 1943 89e159f-89e15fd 1942->1943 1944 89e159a 1942->1944 1955 89e15ff 1943->1955 1956 89e1604-89e1629 1943->1956 1944->1943 1945->1925 1950 89e1c48-89e1c5f 1945->1950 1950->1911 1955->1956 1960 89e163f-89e1640 1956->1960 1961 89e162b-89e1637 1956->1961 1960->1939 1961->1960 1964 89e1717 1962->1964 1965 89e1711 1962->1965 1966 89e171c-89e1723 1963->1966 1964->1966 1965->1963 1967 89e1725-89e172e 1966->1967 1968 89e1731-89e1762 1966->1968 1967->1968 1970 89e17b5-89e17f0 1968->1970 1972 89e17f6-89e1809 1970->1972 1973 89e1764-89e1779 1970->1973 1977 89e180b-89e19b2 1972->1977 1978 89e1811-89e1831 1972->1978 1975 89e177b 1973->1975 1976 89e1780-89e179e 1973->1976 1975->1976 1979 89e17a5-89e17b2 1976->1979 1980 89e17a0 1976->1980 1983 89e19ba-89e1a59 1977->1983 1984 89e19b4-89e19b5 1977->1984 1986 89e183a-89e18fd 1978->1986 1979->1970 1980->1979 2004 89e1a5b 1983->2004 2005 89e1a60-89e1a92 1983->2005 1985 89e1bc2-89e1bef 1984->1985 1989 89e1c06 1985->1989 1990 89e1bf1-89e1c05 1985->1990 2002 89e18ff 1986->2002 2003 89e1904-89e1917 1986->2003 1989->1945 1990->1989 2002->2003 2006 89e191e-89e192b 2003->2006 2007 89e1919 2003->2007 2004->2005 2011 89e1a99-89e1acb 2005->2011 2012 89e1a94 2005->2012 2008 89e192d 2006->2008 2009 89e1932-89e1956 2006->2009 2007->2006 2008->2009 2015 89e195d-89e1977 2009->2015 2016 89e1958 2009->2016 2017 89e1acd 2011->2017 2018 89e1ad2-89e1b2f 2011->2018 2012->2011 2019 89e1979-89e1998 2015->2019 2020 89e19a2-89e19a3 2015->2020 2016->2015 2017->2018 2025 89e1b81-89e1ba3 2018->2025 2026 89e1b31-89e1b7b 2018->2026 2021 89e199f 2019->2021 2022 89e199a 2019->2022 2020->1985 2021->2020 2022->2021 2030 89e1bad-89e1bc0 2025->2030 2026->2025 2030->1985
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3186510188.00000000089E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_89e0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: d
                • API String ID: 0-2564639436
                • Opcode ID: 3d7481ba3676e124ef9ec2b23fa40efedabdb70c843e2c111b4e869652c271da
                • Instruction ID: cfa154d554602ba8ef1a3e40c1cd578354b259f5e04b549ddcf5e2bfab2b86df
                • Opcode Fuzzy Hash: 3d7481ba3676e124ef9ec2b23fa40efedabdb70c843e2c111b4e869652c271da
                • Instruction Fuzzy Hash: 9B62D074E01229CFDB25DF69C984BDDBBB2BB89302F1085E9E409A7255DB309E85CF50
                Function 070A87F8 Relevance: .4, Instructions: 350COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 385ec26aa99c1ddde0abd5a1749d88d6279c622866e365070d8a14973cc480b9
                • Instruction ID: 9f7decb16e88506d11d3721c81f49ddcc884d15078259ff88da85fe2d66fc38f
                • Opcode Fuzzy Hash: 385ec26aa99c1ddde0abd5a1749d88d6279c622866e365070d8a14973cc480b9
                • Instruction Fuzzy Hash: C2D1E1B0B00345AFDB26DBB5C8507AE7BF6AF89300F1485ADD086CB691DB74D901CB52
                Function 056A0BD4 Relevance: .3, Instructions: 253COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185036527.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_56a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6209fb30a55fc250453999acbe7729d69cd39544bc0d9d25f39cb6a646b87a4e
                • Instruction ID: 6f3e485b0ca554d8806e9302fea59886fb238f0fe2f2e7e7a6bf2e3766de334d
                • Opcode Fuzzy Hash: 6209fb30a55fc250453999acbe7729d69cd39544bc0d9d25f39cb6a646b87a4e
                • Instruction Fuzzy Hash: 3CA16036E0031A9FCB04DFA4D8949DDB7B6FF8A310F548615E516AB264DB30AD86CF50
                Function 056A20F0 Relevance: .2, Instructions: 215COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185036527.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_56a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d4c13383459699b5eb97283c9d7364059f261b73dfa64171cd2af4bd872d7da
                • Instruction ID: 7bf0e85705d5e9090f8994864821269ba8be73f71ac8efb35a30c1c265ee0f9e
                • Opcode Fuzzy Hash: 7d4c13383459699b5eb97283c9d7364059f261b73dfa64171cd2af4bd872d7da
                • Instruction Fuzzy Hash: A7917136E0031A9FCB05DFA0D8949DDF7B6FF8A310B548615E516AB264EB30AD86CF50
                Function 00BBD580 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1528 bbd580-bbd60f GetCurrentProcess 1532 bbd618-bbd64c GetCurrentThread 1528->1532 1533 bbd611-bbd617 1528->1533 1534 bbd64e-bbd654 1532->1534 1535 bbd655-bbd689 GetCurrentProcess 1532->1535 1533->1532 1534->1535 1537 bbd68b-bbd691 1535->1537 1538 bbd692-bbd6aa 1535->1538 1537->1538 1541 bbd6b3-bbd6e2 GetCurrentThreadId 1538->1541 1542 bbd6eb-bbd74d 1541->1542 1543 bbd6e4-bbd6ea 1541->1543 1543->1542
                APIs
                • GetCurrentProcess.KERNEL32 ref: 00BBD5FE
                • GetCurrentThread.KERNEL32 ref: 00BBD63B
                • GetCurrentProcess.KERNEL32 ref: 00BBD678
                • GetCurrentThreadId.KERNEL32 ref: 00BBD6D1
                Memory Dump Source
                • Source File: 00000000.00000002.3181277797.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_bb0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: 14229e239607bb73e0a60be6f79a3c99a043b7fbdcc46dcf6012d5be9b7d49ba
                • Instruction ID: 9139fc65c233f7643dc0dbe9a8163a9fc1b5ddf6ffe13dd6d5e9d3cce147071b
                • Opcode Fuzzy Hash: 14229e239607bb73e0a60be6f79a3c99a043b7fbdcc46dcf6012d5be9b7d49ba
                • Instruction Fuzzy Hash: E95135B09002499FDB54DFA9D648BEEBBF1FF48304F208459E019B7260D7749948CB65
                Function 06D59250 Relevance: 3.9, Strings: 3, Instructions: 105COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1598 6d59250-6d5925d 1599 6d592c4-6d592d5 1598->1599 1600 6d5925f-6d59276 1598->1600 1601 6d592d7-6d592da 1599->1601 1602 6d592dc-6d592e9 1599->1602 1603 6d59333-6d59342 1600->1603 1604 6d592eb-6d592fa 1601->1604 1602->1604 1607 6d5934d-6d593ae 1603->1607 1609 6d59312 1604->1609 1610 6d592fc-6d59302 1604->1610 1629 6d5932a 1607->1629 1615 6d59315-6d59329 1609->1615 1612 6d59304 1610->1612 1613 6d59306-6d59308 1610->1613 1612->1609 1613->1609 1631 6d59287-6d59331 1629->1631 1632 6d59280 1629->1632 1631->1629 1632->1603 1632->1615 1632->1631 1633 6d592b7-6d592bc 1632->1633 1633->1599
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: 8cq$8cq$8cq
                • API String ID: 0-1458523781
                • Opcode ID: 0af0b6fe88076e2b91072bbf7bb5400cbe6de3740953f834ba22d7eae7c878a0
                • Instruction ID: 7220fe552558221d0105404e8158ea53d7dd3312ece6e227607f013b108d8fbb
                • Opcode Fuzzy Hash: 0af0b6fe88076e2b91072bbf7bb5400cbe6de3740953f834ba22d7eae7c878a0
                • Instruction Fuzzy Hash: F931B474E08285EFFF909B94C4645BE7776EBC5210F524016DE8BAFA85DA31C90287E2
                Function 06D5839F Relevance: 3.8, Strings: 3, Instructions: 39COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1659 6d5839f-6d583d7 1661 6d583e0-6d583e2 1659->1661 1662 6d583e4-6d583ea 1661->1662 1663 6d583fa-6d58417 1661->1663 1664 6d583ec 1662->1664 1665 6d583ee-6d583f0 1662->1665 1667 6d58582-6d58587 1663->1667 1668 6d5841d-6d58513 1663->1668 1664->1663 1665->1663
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: 8$$_q$$_q
                • API String ID: 0-336898379
                • Opcode ID: e90c28b7b6ed9d07e336df8046199127eb47402567d8d576a86a6a0993664be5
                • Instruction ID: 59aa94aa9f899acfea010d072796578a18939c7c2cef90bf93e8d7c853f18094
                • Opcode Fuzzy Hash: e90c28b7b6ed9d07e336df8046199127eb47402567d8d576a86a6a0993664be5
                • Instruction Fuzzy Hash: FF01D670B40215DBFBA49B24CC6A7AA3772AB00704F5988569D46DEA81EAA4CD50C791
                Function 06D52AD8 Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1671 6d52ad8-6d52ae7 1672 6d52aef-6d52af1 1671->1672 1673 6d52af3-6d52b08 1672->1673 1674 6d52b0b-6d52b78 call 6d520d8 1672->1674 1683 6d52c24-6d52c3b 1674->1683 1684 6d52b7e-6d52b80 1674->1684 1697 6d52c41 1683->1697 1698 6d52c3d-6d52c3f 1683->1698 1685 6d52b86-6d52b91 call 6d522f0 1684->1685 1686 6d52cb0-6d52d57 1684->1686 1692 6d52b93-6d52b95 1685->1692 1693 6d52bae-6d52bb2 1685->1693 1726 6d52d60-6d52d81 1686->1726 1727 6d52d59-6d52d5f 1686->1727 1699 6d52b97-6d52b9e 1692->1699 1700 6d52ba0-6d52bab call 6d516cc 1692->1700 1694 6d52bb4-6d52bc8 call 6d52418 1693->1694 1695 6d52c11-6d52c1a 1693->1695 1709 6d52bde-6d52be2 1694->1709 1710 6d52bca-6d52bdb call 6d516cc 1694->1710 1702 6d52c46-6d52c48 1697->1702 1698->1702 1699->1693 1700->1693 1706 6d52c7d-6d52ca9 1702->1706 1707 6d52c4a-6d52c76 1702->1707 1706->1686 1707->1706 1714 6d52be4 1709->1714 1715 6d52bea-6d52c03 1709->1715 1710->1709 1714->1715 1721 6d52c05 1715->1721 1722 6d52c0e 1715->1722 1721->1722 1722->1695 1727->1726
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: (cq$Hcq
                • API String ID: 0-4250889185
                • Opcode ID: c659283f78f7dbf8b1e486187b460e0b26de5c88d4531b6eefa1cf97a3241904
                • Instruction ID: 5343b875c2ff0007d66b7b05aafc9a829fa41651ab7a61c0bcbee55b1796bd21
                • Opcode Fuzzy Hash: c659283f78f7dbf8b1e486187b460e0b26de5c88d4531b6eefa1cf97a3241904
                • Instruction Fuzzy Hash: 2C71C071A002188FDF54EF69D9447AEBBF6EFC8310F118429E805A7741DB399E09CBA5
                Function 06D582D0 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1876 6d582d0-6d58335 call 6d5839f 1880 6d5833b-6d5833d 1876->1880 1883 6d582e6-6d582ec 1880->1883 1884 6d582fc-6d5830b 1880->1884 1885 6d582f0-6d582f2 1883->1885 1886 6d582ee 1883->1886 1887 6d5830d-6d5831a 1884->1887 1888 6d5833f-6d58357 1884->1888 1885->1884 1886->1884 1887->1888 1889 6d5831c-6d58332 1887->1889
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: $_q$$_q
                • API String ID: 0-458585787
                • Opcode ID: 192f2245c1783982ba4279db7eed462fdfe6dbb906ea7d1005e93e23e24f5654
                • Instruction ID: 408c7bee329e59eeba298d3ffbb75f01a963190bd6637f7b41c21a2ef48764db
                • Opcode Fuzzy Hash: 192f2245c1783982ba4279db7eed462fdfe6dbb906ea7d1005e93e23e24f5654
                • Instruction Fuzzy Hash: 2A01D830A0E351DFEBA5CB14D8146257FB5BB06344F0642EAD849CB952DB34C845D7EA
                Function 070A5C74 Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                Download Yara Rule
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070A5EB6
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 7fdb0be3dc13afd49e18b188cd25521267dcccf6140865fb31cb7b52447c336f
                • Instruction ID: 81552bc91f7b70c3bcd1580a7121e65515d76ac4108291064cc23b67b76ac4ae
                • Opcode Fuzzy Hash: 7fdb0be3dc13afd49e18b188cd25521267dcccf6140865fb31cb7b52447c336f
                • Instruction Fuzzy Hash: 2AA16AB1D0021ADFDB20CFA8CC457EDBBF2BB48314F0482A9E818A7240DB749995CF91
                Function 070A5C80 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070A5EB6
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 2efef770d17d300adc757a395ec13d600e3cb9e264a3009f70492a8dc69b344b
                • Instruction ID: 0c512402bc8c6068018343a4a0fc470e4b554b441d168650c97f0d2b9eed52fe
                • Opcode Fuzzy Hash: 2efef770d17d300adc757a395ec13d600e3cb9e264a3009f70492a8dc69b344b
                • Instruction Fuzzy Hash: BC916AB1D0021ADFDB64DFA8CC447EDBBF2BB48314F0486A9E819A7240DB749995CF91
                Function 00BBB30F Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00BBB566
                Memory Dump Source
                • Source File: 00000000.00000002.3181277797.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_bb0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 584f0c601977cb382acea3807800fcd574dc284690dd040f0d224ef49484c375
                • Instruction ID: fc3f1e33fb1408e8d4c39724f27a78e2e1afbd3295fe9f3cd892dad14fad9bd1
                • Opcode Fuzzy Hash: 584f0c601977cb382acea3807800fcd574dc284690dd040f0d224ef49484c375
                • Instruction Fuzzy Hash: 95712470A00B059FDB24DF29D451BAABBF1FF88304F10896DE48697B50D7B4E949CB91
                Function 056A1DE4 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                Download Yara Rule
                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 056A1F02
                Memory Dump Source
                • Source File: 00000000.00000002.3185036527.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_56a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: 3ce109680a94422f216318cebd42f799f8d9a6345ed864ef210edc0c9e231110
                • Instruction ID: 31cdbff6f7f6543b6c01972861154c48d02aa311630d92f9d3416d48f03f2ee3
                • Opcode Fuzzy Hash: 3ce109680a94422f216318cebd42f799f8d9a6345ed864ef210edc0c9e231110
                • Instruction Fuzzy Hash: F151BDB1D003599FDB14CFA9C984ADEBBB5BF49310F64812AE819AB210D7709985CF90
                Function 056A1DF0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                Download Yara Rule
                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 056A1F02
                Memory Dump Source
                • Source File: 00000000.00000002.3185036527.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_56a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: 1ef18c33c38c1ad01144d22ea560a5a54019db5cd5dc526fa14b71919164023e
                • Instruction ID: 7d88e12d79c41e13406e43eb451962bf06e2a84a93006122e135517abcda1ed0
                • Opcode Fuzzy Hash: 1ef18c33c38c1ad01144d22ea560a5a54019db5cd5dc526fa14b71919164023e
                • Instruction Fuzzy Hash: 5441AEB1D003499FDB14CFA9C984ADEBBB5BF49310F64812AE819AB310D7719845CF90
                Function 00BB590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                Download Yara Rule
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00BB59C9
                Memory Dump Source
                • Source File: 00000000.00000002.3181277797.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_bb0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 77e79a311fd3c5c9a70331c886513691693987aa7e739a8aec420d595bc63c54
                • Instruction ID: 2bb7263bcb179fac945121c333baf4c549a6023607132eec54aa4ef2e5a9d0ab
                • Opcode Fuzzy Hash: 77e79a311fd3c5c9a70331c886513691693987aa7e739a8aec420d595bc63c54
                • Instruction Fuzzy Hash: 544100B0C00619CFDB24CFA9C8847DDBBF1BF49304F2080AAC448AB255DBB1994ACF50
                Function 056A0CD4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                Download Yara Rule
                APIs
                • CallWindowProcW.USER32(?,?,?,?,?), ref: 056A4471
                Memory Dump Source
                • Source File: 00000000.00000002.3185036527.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_56a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: CallProcWindow
                • String ID:
                • API String ID: 2714655100-0
                • Opcode ID: 638cf4e6a7aa93b7d08b0879b210c64237333d5e1b016373432c38e059c2e8ed
                • Instruction ID: 1ccf71387d81f5d9047bf9bae333c41cb6fdfe93227da93f0a00895570b3fb7f
                • Opcode Fuzzy Hash: 638cf4e6a7aa93b7d08b0879b210c64237333d5e1b016373432c38e059c2e8ed
                • Instruction Fuzzy Hash: 544119B59002099FCB14CF99C888AAEFBF5FF88314F25C559D519A7321D774A845CFA0
                Function 00BB44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00BB59C9
                Memory Dump Source
                • Source File: 00000000.00000002.3181277797.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_bb0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 62dd05eb15341fb61374fc87d5026cc0cc451bd49586090998dfeb9819cb0edb
                • Instruction ID: fad223e5f18670e7ee3b6cd423ffb3ac09132f645002f64dee50996a0f2263a4
                • Opcode Fuzzy Hash: 62dd05eb15341fb61374fc87d5026cc0cc451bd49586090998dfeb9819cb0edb
                • Instruction Fuzzy Hash: 2441E1B0C0061DCBDB24DFAAC8847DEBBF5BF48304F20806AD409AB255DBB5A945CF91
                Function 070A59F0 Relevance: 1.6, APIs: 1, Instructions: 76injectionCOMMON
                Download Yara Rule
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070A5A88
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 6baca48aefe1ba443b355a8038e3a619b6026c62b78778b787a3d3e4c1c9d04f
                • Instruction ID: 64499956245ef2a70617dd31e1140ab3d4ebcdcf13271330ba565a59fcd47b1d
                • Opcode Fuzzy Hash: 6baca48aefe1ba443b355a8038e3a619b6026c62b78778b787a3d3e4c1c9d04f
                • Instruction Fuzzy Hash: D2217AB2900319DFCB10DFA9D981BEEBBF5FF48320F10842AE519A7240D7749954CBA1
                Function 0579EFC3 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                Download Yara Rule
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0579F05F
                Memory Dump Source
                • Source File: 00000000.00000002.3185376280.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: e257b6941ca3dc8804b1758c61196050cb49eb620993efe5c5072cd440838c56
                • Instruction ID: 14a42bde498c210c32406e0dc382f6a3632fdd593af5ad15bf2fb4730b574e8b
                • Opcode Fuzzy Hash: e257b6941ca3dc8804b1758c61196050cb49eb620993efe5c5072cd440838c56
                • Instruction Fuzzy Hash: 1521C0B5D002499FDB14CF9AE884A9EFBF9FB48310F14842AE919A7310D775A944CFA0
                Function 0579EFC8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                Download Yara Rule
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0579F05F
                Memory Dump Source
                • Source File: 00000000.00000002.3185376280.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: a9bb9b6a60da0175ed3b88b2173315dcf11d529e6b68f916d0189a7060d4aafc
                • Instruction ID: ddf1d4091eab6eb65f43bbdf8a8017ecda92adadfe9aedeeccbacfed6a3068c7
                • Opcode Fuzzy Hash: a9bb9b6a60da0175ed3b88b2173315dcf11d529e6b68f916d0189a7060d4aafc
                • Instruction Fuzzy Hash: 0721D2B5D002099FDB14CF9AD884ADEFBF9FB48310F14842AE919A7310D775A944CFA0
                Function 070A59F8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070A5A88
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 2fc24dfb76dde5f98e9d98a7a696294b5701f8dc699423784aa5dc176bd1a11f
                • Instruction ID: a0aa65e5399d5d0b57686378891d4ede78b999b6fd66c9b262578b2d113ce943
                • Opcode Fuzzy Hash: 2fc24dfb76dde5f98e9d98a7a696294b5701f8dc699423784aa5dc176bd1a11f
                • Instruction Fuzzy Hash: DD2136B19003599FCB10DFA9C985BDEBBF5FF48310F10842AE919A7240D7789954CBA0
                Function 070A5421 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 070A54A6
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 9115e3ad765661c6425f020d38823b5249098939da032bfb2d6a0ceb23ac8a35
                • Instruction ID: 26deace902a1785d8de83e60f397303280f881f8f6319cca7b1649d181e680e4
                • Opcode Fuzzy Hash: 9115e3ad765661c6425f020d38823b5249098939da032bfb2d6a0ceb23ac8a35
                • Instruction Fuzzy Hash: D12159B1D002099FDB50DFAAC8857EEBBF4FB48324F10842AD419A7240D7789944CFA1
                Function 070A5AE0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070A5B68
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: fe715b8f310eea462c2b444a584bc179eaeaf6f836b84535d4e72925fb99db38
                • Instruction ID: dc4dbfa556cdac717accbcecfc6f1fd420bb877c2c4fdb08d79c7a515feae5e8
                • Opcode Fuzzy Hash: fe715b8f310eea462c2b444a584bc179eaeaf6f836b84535d4e72925fb99db38
                • Instruction Fuzzy Hash: DF2159B1D003599FCB10DFAAC985ADEFBF5FF48310F10842AE519A7240C7789945CBA0
                Function 070A5AE8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070A5B68
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 1c7d83ebeb132a249f7130c77f7d898fe6446c1130a1af72a89bfa1c377a8d08
                • Instruction ID: 2fdae6fc5ea1beb389366cd45dd6f4ab28e3f04f814b22142c298ea71ee364f5
                • Opcode Fuzzy Hash: 1c7d83ebeb132a249f7130c77f7d898fe6446c1130a1af72a89bfa1c377a8d08
                • Instruction Fuzzy Hash: A52138B1C003599FCB10DFAAC985AEEFBF5FF48310F50842AE519A7240C7799945CBA0
                Function 070A5428 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 070A54A6
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 6fb065b1b9044090b56799bdaea23062ae5cbbe0d43053290f9e3b7178c5d6c8
                • Instruction ID: 5b27a8111619265279051729bef7b9345ed942b49ec2273e3584b7705f47295a
                • Opcode Fuzzy Hash: 6fb065b1b9044090b56799bdaea23062ae5cbbe0d43053290f9e3b7178c5d6c8
                • Instruction Fuzzy Hash: 4A2138B1D002099FDB50DFAAC8857EEBBF4FF48324F10842AD419A7240D7789945CFA0
                Function 00BBD7C8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BBD84F
                Memory Dump Source
                • Source File: 00000000.00000002.3181277797.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_bb0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 18824cd452135d75671b98d6a6efad3189e1c5b530f919bf5482c4d3f65a6a13
                • Instruction ID: ac231a4c252bb53684e25fc0eb587cd72ebdc1696f68a23a988fae1aaaa61b94
                • Opcode Fuzzy Hash: 18824cd452135d75671b98d6a6efad3189e1c5b530f919bf5482c4d3f65a6a13
                • Instruction Fuzzy Hash: B721B3B59002489FDB10CFAAD984ADEBBF4FB48310F14845AE918A3350D378A944CFA5
                Function 070A5930 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070A59A6
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: b688db3ef153e0209508a92990a62381b8d66a8cd9ae5bf6442b0c71cc214094
                • Instruction ID: 39c9c8346c6c282c0dac4510e29a4d9db7d1d61c853ca2799cd590a9b0ca81cc
                • Opcode Fuzzy Hash: b688db3ef153e0209508a92990a62381b8d66a8cd9ae5bf6442b0c71cc214094
                • Instruction Fuzzy Hash: 721159B5800249AFCB10DFAAD845ADEBFF5FF88324F10841AE519B7250C7759954CFA1
                Function 070A4F38 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 5309a6a01afa24efbe5d985b6c01868ed8541ef2658c962207fbfa7811cf7e36
                • Instruction ID: 75365f45a414b031d64193672036134646c37910beda7be6324fa8a2acdeb48e
                • Opcode Fuzzy Hash: 5309a6a01afa24efbe5d985b6c01868ed8541ef2658c962207fbfa7811cf7e36
                • Instruction Fuzzy Hash: EE1158B5D002498FCB20DFAAD8457EEFBF4EF88324F20841AD419A7640CB759945CBA1
                Function 070A5938 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070A59A6
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 43e97b8012a4c23e96e4dc08922bacfd9d83a11e0f74278122a9bc68a3f1ea2f
                • Instruction ID: 3a40936c1b8fdf4f8763e0a472b000f9a426c99a50975cd93310f10bb0adc0b9
                • Opcode Fuzzy Hash: 43e97b8012a4c23e96e4dc08922bacfd9d83a11e0f74278122a9bc68a3f1ea2f
                • Instruction Fuzzy Hash: 9E1134B19002499FCB20DFAAD845ADEFFF5FF88320F10881AE519A7250C775A954CFA1
                Function 070A4F40 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 8b82400e387d4f1f490309dc470e2a41b79e3a4a598ee58f8b95fd9a55bb1de0
                • Instruction ID: 6e6e06762fc32f628c91a5c1c7dfc773d496d9ec92e5b80e95fac1b97e1ffc9d
                • Opcode Fuzzy Hash: 8b82400e387d4f1f490309dc470e2a41b79e3a4a598ee58f8b95fd9a55bb1de0
                • Instruction Fuzzy Hash: 921136B1D002498FCB20DFAAC9457DEFBF4EF88324F20841AD419A7240CB75A945CBA0
                Function 070A8288 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 070A82ED
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 2ac0578cb02cdf188d38cbf66b578fda626aa5ddc193bcac6b9dd9bc38ef48c6
                • Instruction ID: c6c961baabe149d473e62695fe03c1de4d38218b4fcf08cf725563a5a76ced32
                • Opcode Fuzzy Hash: 2ac0578cb02cdf188d38cbf66b578fda626aa5ddc193bcac6b9dd9bc38ef48c6
                • Instruction Fuzzy Hash: 6911F5B58002499FCB10DF9AD949BDEFBF8EB48320F10845AE558B7240C375A584CFA5
                Function 00BBB500 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00BBB566
                Memory Dump Source
                • Source File: 00000000.00000002.3181277797.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_bb0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 99ae39b23c216fa930881432110d8531eafdb22b6b6f747660a9b183c8bdf83f
                • Instruction ID: 76682dcd1f723fe0fa3c3982534266ca1a1f1f7f473a1cead8495b474d7d08c7
                • Opcode Fuzzy Hash: 99ae39b23c216fa930881432110d8531eafdb22b6b6f747660a9b183c8bdf83f
                • Instruction Fuzzy Hash: E111E0B6C002498FCB20DF9AD444ADEFBF4EB89314F10845AD429B7210D3B5A545CFA1
                Function 070A4870 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 070A82ED
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 331be41a21ff9e2b97c73f364821b5b4e1967404fc4ca6cd2933e368741a3460
                • Instruction ID: 4486e348189beece91632bb54bcbaa8b5a6456e8ddfa0c0cfc33f62dfb5bb6b3
                • Opcode Fuzzy Hash: 331be41a21ff9e2b97c73f364821b5b4e1967404fc4ca6cd2933e368741a3460
                • Instruction Fuzzy Hash: DA11F2B5800349AFCB50DF9AD989BEEBBF8EB48310F108459E518B7240D375A944CFA5
                Function 06D52D98 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: (cq
                • API String ID: 0-301743287
                • Opcode ID: dcc51188c275127c108b72173e4a76398a382c0a00553beaf67a6a34419853e1
                • Instruction ID: 6c0f79db229dbf8b25f395621910fe99eda817b27d8af6996ebd2a7f56f61146
                • Opcode Fuzzy Hash: dcc51188c275127c108b72173e4a76398a382c0a00553beaf67a6a34419853e1
                • Instruction Fuzzy Hash: 5271E330A003059FDB64DF69D854BAEBBA6EFC8340F11842AED06976A4DF34DD45CB90
                Function 06D5778F Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: %*&/)(#$^@!~-_
                • API String ID: 0-3325533558
                • Opcode ID: f4e6929e13d501823dd82be9246ce39d32cbf68fc82c7fbc645885fa04a97bdc
                • Instruction ID: 42e0acc423ca4546a99092c17892c2055cb050d049303ce14be3fa2da84a3fca
                • Opcode Fuzzy Hash: f4e6929e13d501823dd82be9246ce39d32cbf68fc82c7fbc645885fa04a97bdc
                • Instruction Fuzzy Hash: D5710234B042449FDB00AF64D454AAEBBB2FF89300F1585E9E9859F39ACB709D49C7D1
                Function 06D577C8 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: %*&/)(#$^@!~-_
                • API String ID: 0-3325533558
                • Opcode ID: a7aff7320b71620210e127a9afcad809945f2fea1f9eb17efb96e14290104574
                • Instruction ID: 59f13cfbe4580289ce8abceb4e67d999cedd7b6939110c43fd4f06f2a88b99d0
                • Opcode Fuzzy Hash: a7aff7320b71620210e127a9afcad809945f2fea1f9eb17efb96e14290104574
                • Instruction Fuzzy Hash: 2661A334B002059FDB04AF64D545BAEB7B2FF88300F1489A9D9859F39ACB70AD49C7C1
                Function 06D5EE00 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: Te_q
                • API String ID: 0-823545363
                • Opcode ID: c56a16b8772644b9dd94c614cda20ffbc2a6ec8f3e0ce75f7c75936f54f2ac2d
                • Instruction ID: 6d1ca778df91da6b1fec023d0f37fcb877b339bbc81c5dc2b14ab8b2c7834ce1
                • Opcode Fuzzy Hash: c56a16b8772644b9dd94c614cda20ffbc2a6ec8f3e0ce75f7c75936f54f2ac2d
                • Instruction Fuzzy Hash: A831C774E142088FDB48DFEAC9446EEBBF6BF89300F14902AD819AB355DB705945CB90
                Function 06D58E58 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: $_q
                • API String ID: 0-238743419
                • Opcode ID: d38e6264d5ff219e33310ea266f867ed7dcc7cedbeccd20502598bbabcaed39a
                • Instruction ID: 9429259c8a01ece176d4dd8f4df787a65e7255886345bdbc08fa82775fcc8c02
                • Opcode Fuzzy Hash: d38e6264d5ff219e33310ea266f867ed7dcc7cedbeccd20502598bbabcaed39a
                • Instruction Fuzzy Hash: 3001D81050E2A0EFEBD2A6A49C128B73FB989861143034487FDC3C6DA7D5228445A3F7
                Function 0579D478 Relevance: 1.3, APIs: 1, Instructions: 52COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?), ref: 0579D4D8
                Memory Dump Source
                • Source File: 00000000.00000002.3185376280.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: 14d8a683005a4d55f702b70260aa7700aeb11c1dd8db2c2498eccd2f039d018c
                • Instruction ID: 8e74be484749fa7f6cbbbca4f85647fcb1a25ba08d3d23501fba1ee26e31d091
                • Opcode Fuzzy Hash: 14d8a683005a4d55f702b70260aa7700aeb11c1dd8db2c2498eccd2f039d018c
                • Instruction Fuzzy Hash: 531166B58002488FCB20DFA9D549BDEBBF4EB48320F10842AD818B7350C338A545CFA1
                Function 0579D480 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?), ref: 0579D4D8
                Memory Dump Source
                • Source File: 00000000.00000002.3185376280.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: c581a49cb26879816a4013afc543fc0a081c2638f6be6f6e4d5670851874bb39
                • Instruction ID: f3eb551ee37dd2dc1683a43881f03744f402f9e62f37e106fea91374fdd43734
                • Opcode Fuzzy Hash: c581a49cb26879816a4013afc543fc0a081c2638f6be6f6e4d5670851874bb39
                • Instruction Fuzzy Hash: D11133B18002498FCB60DF9AD545BDEBBF4EB48320F10842AD919A7340D378A544CFA5
                Function 06D58E68 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: $_q
                • API String ID: 0-238743419
                • Opcode ID: d9de33bad264438a545e08132405eeeec90b14cdc6f99300c4401aedf06f6d3d
                • Instruction ID: c9f4125d86881e99060ba5632769b3a384230ddc2cba5f00569f4f4eae76afce
                • Opcode Fuzzy Hash: d9de33bad264438a545e08132405eeeec90b14cdc6f99300c4401aedf06f6d3d
                • Instruction Fuzzy Hash: F6F0222090D2B4EFEFE1A6A49812C767FB9994A2047030487ADC3C7D96C932C800B3F7
                Function 06D582C1 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: $_q
                • API String ID: 0-238743419
                • Opcode ID: 297f36426f7301ab6d461b1b54a402d9b7181c80a990f03402623f7e2afc6baf
                • Instruction ID: 02c4a75b7297734eb5a530b04756a20dc3169c44fde854c4e7e0d2500d163bfa
                • Opcode Fuzzy Hash: 297f36426f7301ab6d461b1b54a402d9b7181c80a990f03402623f7e2afc6baf
                • Instruction Fuzzy Hash: ED018670906761DFEBE08B04D4056A1BBB6B745280F0683A6DC89CBD51D774C441E7DA
                Function 06D57D58 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: W
                • API String ID: 0-655174618
                • Opcode ID: 30e6f2e440d67fa6a163ebacafcebc336cdcb6c4fd3e9f9eb7bd955e5d351cb5
                • Instruction ID: 5102335a91cb83452be61d34cdf60909ec7f0418c8c55f223a09c8527449f8d6
                • Opcode Fuzzy Hash: 30e6f2e440d67fa6a163ebacafcebc336cdcb6c4fd3e9f9eb7bd955e5d351cb5
                • Instruction Fuzzy Hash: C901F530D5D384CFDB829734C4146B97FB29BC2309F2880AFD4858BA86C77A8457D762
                Function 06D5B8EB Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: 3
                • API String ID: 0-1842515611
                • Opcode ID: 6c7c424f0bf2e93a71ab222c7e2c89fea4f0eb74efcdf4a183f775fc88f89915
                • Instruction ID: 2ae3d70d96aecda4717e519beff44ef1d3548d899acf3bd0c34de1cab990c1c7
                • Opcode Fuzzy Hash: 6c7c424f0bf2e93a71ab222c7e2c89fea4f0eb74efcdf4a183f775fc88f89915
                • Instruction Fuzzy Hash: EAF0B42490E24CEFEFD0DA909C7147A7BB89715111B0211C7DCCB87E05D5218A009BF3
                Function 06D56D20 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: G
                • API String ID: 0-985283518
                • Opcode ID: ad7e66212cd9fc1e48169353bdf3d6c5135d6eb3c982f2f81c20f870b1d9ed98
                • Instruction ID: dae1c22bcd1873488f08833932f5f75856308ca2bbb5e331b23bd2b3ef3fb64f
                • Opcode Fuzzy Hash: ad7e66212cd9fc1e48169353bdf3d6c5135d6eb3c982f2f81c20f870b1d9ed98
                • Instruction Fuzzy Hash: C6D02E7000E388AFC740CE50CC044EA7B3C87C3200F0106D3E84A8A012DB6B5E0083E2
                Function 06D56D30 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: G
                • API String ID: 0-985283518
                • Opcode ID: 7d95220a82052b8bfd24dce7bd09d4cb2f6703f1aef091d2b94b5bb4c9ca9cf1
                • Instruction ID: 96669f5968e583ab85beb4da54e7d477733e4487de958ef21db74720e49a3280
                • Opcode Fuzzy Hash: 7d95220a82052b8bfd24dce7bd09d4cb2f6703f1aef091d2b94b5bb4c9ca9cf1
                • Instruction Fuzzy Hash: DEC012B0508208EBDB44CE80D90666CB7BCD780201F610486DC4E42A10DB759E10AA82
                Function 06D53478 Relevance: .4, Instructions: 449COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9633221d5912da49c3ac2fa0ad094c74215ae4dc86424a0da086f51cf76225c7
                • Instruction ID: 5e7774071385bbc3f34174acf1f3147f88be60bc6c170b7cf68f45eaa0b25e79
                • Opcode Fuzzy Hash: 9633221d5912da49c3ac2fa0ad094c74215ae4dc86424a0da086f51cf76225c7
                • Instruction Fuzzy Hash: 09D1C2B0F00205DFDF55AB68C8486AEBFB1EF44280F5744A9D846A77A5EB30C865CB91
                Function 06D50480 Relevance: .3, Instructions: 332COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3124d5b33db610316d8e7b3916553e7beb26e4bd66baf0472166ba4cd660e3f8
                • Instruction ID: 1d575b6b6215c02466941f5dcfc295d92120843c5372da4404c3d0b9bcce6aed
                • Opcode Fuzzy Hash: 3124d5b33db610316d8e7b3916553e7beb26e4bd66baf0472166ba4cd660e3f8
                • Instruction Fuzzy Hash: 45F1A775D1061A8FCF10DFA8C854AEDB7B5FF48300F1186A9E949B7254EB70AA85CF90
                Function 06D50471 Relevance: .3, Instructions: 303COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8091f4973815a484ef711d10fdff5f31b8c9645ad1b9bffb7cc3c0831c56c4f
                • Instruction ID: 0af678bf78c26f05b999744456d631c2c42e1139cd7eda7a1a5bf729ed130838
                • Opcode Fuzzy Hash: b8091f4973815a484ef711d10fdff5f31b8c9645ad1b9bffb7cc3c0831c56c4f
                • Instruction Fuzzy Hash: EFE1C775D1061A8FCF10DFA8C854AEDB7B5FF48300F1186AAD949B7254EB70AA85CF90
                Function 06D54AA1 Relevance: .2, Instructions: 235COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c9841bf0770588a9f17a0e3382cd68c8e307d553c035b3152b74f1d1f36ec4a
                • Instruction ID: b749a01047722dc29b39670d8ffeb1ee2076279bcb5fb631154e61ee664b8a35
                • Opcode Fuzzy Hash: 4c9841bf0770588a9f17a0e3382cd68c8e307d553c035b3152b74f1d1f36ec4a
                • Instruction Fuzzy Hash: D5B1E475910619CFDF10EF68D844A98FBB1FF49304F05C299E949BB215EB30AA89CF91
                Function 06D50C38 Relevance: .1, Instructions: 147COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c7cb4c20275b6ff836034b998974b56c9cf68539d6f91ed7ceaa41e60b777ac
                • Instruction ID: c3a4e48f3c5630949bfcaa36b91a006630e2f5b217a82f14dfd6a74482a650f6
                • Opcode Fuzzy Hash: 4c7cb4c20275b6ff836034b998974b56c9cf68539d6f91ed7ceaa41e60b777ac
                • Instruction Fuzzy Hash: D7511A35E106098FCF44EFA8C8848ADF7B1FF89310B119669E856B7714EB30E985CB90
                Function 06D51800 Relevance: .1, Instructions: 132COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3367a631878f1881dc71c906486b5cd1ddde73b6b3c8860cf985e010713e5c04
                • Instruction ID: 8c2f0f6cefec863cfc66f1f3861f5da8f1cec4b9e7665fd19d13e3e319213ccf
                • Opcode Fuzzy Hash: 3367a631878f1881dc71c906486b5cd1ddde73b6b3c8860cf985e010713e5c04
                • Instruction Fuzzy Hash: BD419F34B00209DFDF68DF68D944BAEBBB2FF88301F154029E816A7690DA34D941CB91
                Function 06D50E40 Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e2df1fdd3e868f1def29ca2782b866d224e1c59bcebafa81ab3cfe5645b78b6
                • Instruction ID: bc496f7207eb75f4e737917df660dd1c52ce937e61c3ad98f006a1834e68fcee
                • Opcode Fuzzy Hash: 0e2df1fdd3e868f1def29ca2782b866d224e1c59bcebafa81ab3cfe5645b78b6
                • Instruction Fuzzy Hash: BF518331A10609CFCF00EFA8D8849EDF7B5FF89300F00856AE506AB321EB71A945CB91
                Function 06D59DFB Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d271ea171c09372161efd077c254182dfe4d7bcf21fea6274a548986b45360c2
                • Instruction ID: d035e8f11fed77de6d0c3d1ca537ec5348b7ed481aa69830fd9422c401470c04
                • Opcode Fuzzy Hash: d271ea171c09372161efd077c254182dfe4d7bcf21fea6274a548986b45360c2
                • Instruction Fuzzy Hash: B641F030E14215CFEF91CFA9C890AAEB7B1FF40301F49802BEA429BA45C735D905CB42
                Function 06D50C2A Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 83287ace2e4ef8ea13c60a330ae696288573ff705bd66754a7954db28d4c35a9
                • Instruction ID: 9897b5dcb595174f4b7bb445ea54c0026995d2dda8aa3e0c305d2a0b8da8eed3
                • Opcode Fuzzy Hash: 83287ace2e4ef8ea13c60a330ae696288573ff705bd66754a7954db28d4c35a9
                • Instruction Fuzzy Hash: 6F417C75E006098FCF50DFA8C8849ADF7B1FF89310B118669E856BB715EB30E985CB90
                Function 06D56AFC Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8dcaf56dee135c666ccf06f27e3338cc2e795032bb26a1e5077f1b09d8c88c0b
                • Instruction ID: 175070d6c350f4c54a45395bc82eed0b443ecc5ca8f3c336bf5c3056789a9aa7
                • Opcode Fuzzy Hash: 8dcaf56dee135c666ccf06f27e3338cc2e795032bb26a1e5077f1b09d8c88c0b
                • Instruction Fuzzy Hash: 87413470604184CFDF94DF58D45067ABBF2EB89314F95841AE8169BB61DB35DC42CBD0
                Function 06D57A46 Relevance: .1, Instructions: 112COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e6b0ca5ab0d339073470881c13c1c9a6c871019a5890bc99f91850fa27d3d634
                • Instruction ID: a7c576e34ad59c9183f92ae50a78024e6a7b12d178164ffbd78eb4e5a05088bc
                • Opcode Fuzzy Hash: e6b0ca5ab0d339073470881c13c1c9a6c871019a5890bc99f91850fa27d3d634
                • Instruction Fuzzy Hash: A8411630A0C3918FDB05AF74D82856E7FB1ABC6210F2204A7DC87C7696DA388D45C7E2
                Function 06D51198 Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0307c934913f469927b64ceadbd20f141ba2e1c6e10d91504725b7d176b1dccb
                • Instruction ID: d70bceb321107926824d740cbf5fa549ace61420118f867bc06d98277d9708d8
                • Opcode Fuzzy Hash: 0307c934913f469927b64ceadbd20f141ba2e1c6e10d91504725b7d176b1dccb
                • Instruction Fuzzy Hash: 93318B71E10219EFDF14DFA8D944A9DBBB2FF89301F11826AE805AB264DB309845CB91
                Function 06D5C308 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d79419bfc683b1d5a62bfd1a287769175ff291c17e977f93fcc62b2d25391f2
                • Instruction ID: 640eb13f7de887181719113796c065b7f2f37da2437d36320272fbb3776505df
                • Opcode Fuzzy Hash: 4d79419bfc683b1d5a62bfd1a287769175ff291c17e977f93fcc62b2d25391f2
                • Instruction Fuzzy Hash: AB312630B29308DFFF955B19C840A7977B7ABC5710F56846FD8834BA99CA60DC42C392
                Function 06D517DF Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61f412d6306afb8f2cc7791d40ac81c96804a69c2a93a698a308d57da134479e
                • Instruction ID: 7954de79a755690dbf51f5122c8789602345a6e14da1371adb78d7a84941e3a5
                • Opcode Fuzzy Hash: 61f412d6306afb8f2cc7791d40ac81c96804a69c2a93a698a308d57da134479e
                • Instruction Fuzzy Hash: 2931E034A01305AFDF65CF64D918BAD7FB6AF89301F194069D802D7B91CA74CD41CBA2
                Function 06D5A2E0 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 456343a22ea9bb26ff60e1226352c26761d7b8435cc6f3e8a03a0364bb8d6fd7
                • Instruction ID: 535007f160c19850d42a4863040b3b9e4369c43dfdc07bc3aa653f446ddcf1a5
                • Opcode Fuzzy Hash: 456343a22ea9bb26ff60e1226352c26761d7b8435cc6f3e8a03a0364bb8d6fd7
                • Instruction Fuzzy Hash: 1C3167B1A00209AFCF50DFA9D884ADEBFF5EF48310F14812AE819A7310D774A944CFA0
                Function 06D522F0 Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d3796c95ff81a374916caa8dbf323999a908790e5e6e2dedab3da244a4ee66c
                • Instruction ID: 954210ca26d706fd8d031562824e9e442da5d1207bb004c0139beabad77180c5
                • Opcode Fuzzy Hash: 7d3796c95ff81a374916caa8dbf323999a908790e5e6e2dedab3da244a4ee66c
                • Instruction Fuzzy Hash: 8D319C71700200DFEB54DF69E880B6A73E6EF88310F118479E90ACB765DB70EC068B61
                Function 06D52D88 Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af475dc604a18431a40534210a6d79a49de220b4bdc8f8d14354ba94d9a393ca
                • Instruction ID: c492b110529a37b9434fdbc5daaf3bf09a2258d9b621b61e92b8a751d174824b
                • Opcode Fuzzy Hash: af475dc604a18431a40534210a6d79a49de220b4bdc8f8d14354ba94d9a393ca
                • Instruction Fuzzy Hash: 7931AE71A01204AFDB54DF65C844BAEBBF6EF88300F108529E916EB690DB74DE44CB90
                Function 06D5C15B Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4789880a80b819093003625d189a8c3389907e6461f5d4de501d269f2d720431
                • Instruction ID: 5210c3686fda217e8a75401e994459b05ce09402e095b768064e7fdb28c60e9a
                • Opcode Fuzzy Hash: 4789880a80b819093003625d189a8c3389907e6461f5d4de501d269f2d720431
                • Instruction Fuzzy Hash: 2721D770B2C354CFEFB08BED888067577B1AB46250B06906FDD92C6E45C634C9058BD6
                Function 06D56568 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62b61a2e07f13329b28898d2dc904a071789051d5bed0cdb162ef94f70e64f73
                • Instruction ID: a87b63ca8e2727dfd9fa34300b1d6f066983f3fd538a841b4f1c54f5af855e7f
                • Opcode Fuzzy Hash: 62b61a2e07f13329b28898d2dc904a071789051d5bed0cdb162ef94f70e64f73
                • Instruction Fuzzy Hash: EE31F674E102499FDF80DFA9D9805EEBBF2EF48310F504465E915E7764EB309A45CBA0
                Function 06D56B51 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b5cc27e55f65985d7f12108160cbf1f84cd9c12886af45029c6b4b61f2f85ec
                • Instruction ID: c94201c9a81b2f59f61a8fbc5d7a7ecd8ef6066bf9e05647744ac4b5ba7aa60d
                • Opcode Fuzzy Hash: 9b5cc27e55f65985d7f12108160cbf1f84cd9c12886af45029c6b4b61f2f85ec
                • Instruction Fuzzy Hash: 87314170A08284CFDF80DF48D45167A7BF1EB85314F96841AD9569BB61CB35DD46CB80
                Function 06D50FC0 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 170cbcfb0e5a07e25298703426b96319d3843c909fee6977289cb963f133a979
                • Instruction ID: 08473cdf8aea7c6d1d28e41c6ac33474a7d02eb5f89463ed0aa92224e78eec78
                • Opcode Fuzzy Hash: 170cbcfb0e5a07e25298703426b96319d3843c909fee6977289cb963f133a979
                • Instruction Fuzzy Hash: 33314331A10649DFCF05EFA8D4948EDFBB5FF89310F018699E5056B224FB70A989CB91
                Function 06D56C11 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e6350dcee512bd392afd65e31543f0a971c2c64b1a362670eaa340a23672381
                • Instruction ID: a12b3ce3c32c9562b6749be1e85bcb079e7efae92860bdfaec5f5cf7f6e6eb6c
                • Opcode Fuzzy Hash: 2e6350dcee512bd392afd65e31543f0a971c2c64b1a362670eaa340a23672381
                • Instruction Fuzzy Hash: E5312F30A04188CFDF80DF58D44067ABBB2EB85314F95842AD9169BB61CB35DD46CB80
                Function 06D50FD0 Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84d62a45e816c10b164b6a1faa1599b8d61dcf73d9a73314096d372d895d0e38
                • Instruction ID: 8ea686157049c36e2367f7dcbfa14162c829c3a1fb439371274c99a818d8b88c
                • Opcode Fuzzy Hash: 84d62a45e816c10b164b6a1faa1599b8d61dcf73d9a73314096d372d895d0e38
                • Instruction Fuzzy Hash: FA31EC35A10609DFCB05EFA8D8948EDFBB5FF89310F018659E5056B224FB70A989CB91
                Function 06D56559 Relevance: .1, Instructions: 76COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 688de550021948f78cc45e7410a8b5d0dd47591a20a6a898428b8a0a5c61969b
                • Instruction ID: b1591f23ffc7431bed22f3b7bfe673248988348be665d83ff49126c24ca6bd79
                • Opcode Fuzzy Hash: 688de550021948f78cc45e7410a8b5d0dd47591a20a6a898428b8a0a5c61969b
                • Instruction Fuzzy Hash: 41312470E002499FCF81DFA9C8906EEBBF1AF48300F1045A6E801E7364EB349A448BA1
                Function 06D529E0 Relevance: .1, Instructions: 76COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 041ffda151d2f3a560e696eaef58ae3d888f76a72fd05518323953d2942f6162
                • Instruction ID: 13d8994600e4820604f2943ad4ab1c01d773fc8aa853f6209e2dbd63dea1fdca
                • Opcode Fuzzy Hash: 041ffda151d2f3a560e696eaef58ae3d888f76a72fd05518323953d2942f6162
                • Instruction Fuzzy Hash: 1B219834B00505CFDF20EBA4EA48BAAB7F5FB48345F004029E819C7A51DB34DA1ACBA1
                Function 00A4D1B4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3181084922.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_a4d000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c5e5d2ce4e31bc3abfee4a055f46822461297a11ea1d04d098b2c7f4522dc1b0
                • Instruction ID: af91fb188ec5753f97fc01d391c8d6a981bbb5947c0be5439ebce281141ec0a9
                • Opcode Fuzzy Hash: c5e5d2ce4e31bc3abfee4a055f46822461297a11ea1d04d098b2c7f4522dc1b0
                • Instruction Fuzzy Hash: 39212679604304EFCB05DF18C5C0B26BFA5FBC4314F20C6ADE8095B256C3B6D846CA61
                Function 00A4D36C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3181084922.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_a4d000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7046f916a2e79a1d7dd60ffa8e7dfc8526186903f726ce51a354fe176600b4df
                • Instruction ID: ca597a6bfdae99a491e970de90001d2416b8e68a557deab46989959f75ad9417
                • Opcode Fuzzy Hash: 7046f916a2e79a1d7dd60ffa8e7dfc8526186903f726ce51a354fe176600b4df
                • Instruction Fuzzy Hash: 3F212679644204DFCB05DF14D5C4B26BFA5FBC8314F24C5ADE8094F296C376E846CA62
                Function 06D50290 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1bc951aceb6648851fcd828aea010285131774d9c1d56d5a6105f646ca70db0c
                • Instruction ID: 8c2c784bfbabc29bc01a981346c8263ea6426385ce3b8ea973e1cf4e496bebe6
                • Opcode Fuzzy Hash: 1bc951aceb6648851fcd828aea010285131774d9c1d56d5a6105f646ca70db0c
                • Instruction Fuzzy Hash: 1D213D75B002058FCF44EF69C8948AEBBB5FF89300B514569E906EB351EB30A945CBA0
                Function 06D502A0 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5fe3b02a7a2604c2641b9076a9495e1dfe2b857fc268f71d936048afd331825c
                • Instruction ID: 8f036e6c4c021e48ef9308ce3f0fb7b6290ab3a458db0d607a341aed26ba6d5f
                • Opcode Fuzzy Hash: 5fe3b02a7a2604c2641b9076a9495e1dfe2b857fc268f71d936048afd331825c
                • Instruction Fuzzy Hash: FC212175E1020A9FCF44EF69C8848EEF7B5FF89300B518569D905B7355EB30A945CBA0
                Function 06D5C536 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8b0665d8aaea97300ea48bc38864633fdeeadbfe6f39b00380595c4d9003d05
                • Instruction ID: 60549cc63856ba957c33eb175164d4406c9a7e4a405413db7de34d4e3beb76cf
                • Opcode Fuzzy Hash: e8b0665d8aaea97300ea48bc38864633fdeeadbfe6f39b00380595c4d9003d05
                • Instruction Fuzzy Hash: 31216530F38714CFEFD486A9C840A79B3B0AB49355F02412FAD92C6F90C774E5908AD6
                Function 06D522E2 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcc60e7117c8e27be3bba4c8567b9be4a5e6c0e88a6fb1e18443449a50e3d2b7
                • Instruction ID: 20c1c2160920536f5404f3c0f304fc4b6ce778cd9a1aa4243e6502bea9fdef64
                • Opcode Fuzzy Hash: fcc60e7117c8e27be3bba4c8567b9be4a5e6c0e88a6fb1e18443449a50e3d2b7
                • Instruction Fuzzy Hash: 2D21DFB17042008FEB54DF68E880B6A37A6EBC9300F11447DEC19CB769EB709C068B61
                Function 06D5F3A8 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 801f8f834cb85b24b6568e361f1a1f938669316e1bf0cf10dcbc50614fd0c627
                • Instruction ID: 82feaeb159ddb8dd6d6c889c6dfb06e6f5a4c4191dc37bee0fc32cb54b26460b
                • Opcode Fuzzy Hash: 801f8f834cb85b24b6568e361f1a1f938669316e1bf0cf10dcbc50614fd0c627
                • Instruction Fuzzy Hash: E7215C70D0520A8BDF40EFA8C6006EEB7B9FF88300F118625D419BB745DB70AE45CBA1
                Function 06D53FC8 Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a8cb19d5e3a098f23fbe319a8467cfbc96303161ea78a56a960603c87e2f819
                • Instruction ID: f472676f9aedf893b60990bfc7d9a9d91df46c7f04a08fad6ff0159f56da49f9
                • Opcode Fuzzy Hash: 2a8cb19d5e3a098f23fbe319a8467cfbc96303161ea78a56a960603c87e2f819
                • Instruction Fuzzy Hash: 13110271B043446BCB299ABD98549AF7FFADF85650F05846AE909D7782ED309C0283E1
                Function 06D529D0 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9bbc75e80cbf48b5ab70ab8888add7522a044960a063ba3515e31851fc919180
                • Instruction ID: 83add964673850aa1196837611ac08eaab3bd9cbda461241cdffd6ff144b3fee
                • Opcode Fuzzy Hash: 9bbc75e80cbf48b5ab70ab8888add7522a044960a063ba3515e31851fc919180
                • Instruction Fuzzy Hash: F1118175701505CFDF20DB64EA44FAABBB5EB45341F014029E819D7745DB30DA19CBA1
                Function 06D559F4 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c7420aa0172af3a433a4feb6ac005819e88fe962e76457a9150080b363060c24
                • Instruction ID: dc0cb82a092fa6627cdb939c260a9723b2f356d0794ec28623bb6b9b891a7529
                • Opcode Fuzzy Hash: c7420aa0172af3a433a4feb6ac005819e88fe962e76457a9150080b363060c24
                • Instruction Fuzzy Hash: E821EEB58002499FDB50DF9AD888ADEBBF4EB48314F54841AE919A7210C374A944CFA1
                Function 00A4D367 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3181084922.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_a4d000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                • Instruction ID: bde5d5a1ca709cde8ca0cb9ec8c3f6914b35fadfc1dcb553001fa59817cd63d5
                • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                • Instruction Fuzzy Hash: FC119D79544284DFDB06CF14D5C4B15BFB1FB84318F24C6ADD8494B696C33AE84ACB62
                Function 00A4D1AF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3181084922.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_a4d000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                • Instruction ID: acd1d08f273ec7ddb25880759c61d73db693021a8e35badef34f6d7dd42c8a56
                • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                • Instruction Fuzzy Hash: 4111DD79504280CFCB02CF10C5C4B15BBA1FB84314F24C6A9E8494B256C37AD80ACBA1
                Function 00A3D76D Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3181038427.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_a3d000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7ed8a34e557bd639c9f1fbdc36dd478e6d822091ab3ecf89e82621ec1a0f16a
                • Instruction ID: e2b14cb23689c9e6b09fcc378d7eae71654744bfe939218c50c3cf907cb67d5c
                • Opcode Fuzzy Hash: e7ed8a34e557bd639c9f1fbdc36dd478e6d822091ab3ecf89e82621ec1a0f16a
                • Instruction Fuzzy Hash: 6A01D671104344EAE7208B19ED84B67FFE8EF55324F18C46AFD095B286C2789C45C671
                Function 06D54DD0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 92460daae3bb0a8070b24942e81761573d24fdfa4b3f0f5281ed6de2fc124a76
                • Instruction ID: c34358f38fa4771d2c0e370632ab2b55b5978c015b05ce00f7336f3c5d70d1e1
                • Opcode Fuzzy Hash: 92460daae3bb0a8070b24942e81761573d24fdfa4b3f0f5281ed6de2fc124a76
                • Instruction Fuzzy Hash: EEF03C76704259AFDF059F55E8058AEBFAAFB8C220F148026FD1A83350DF768D21DB91
                Function 06D58F1C Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1917bc506f06d5c87c306d71134fb54935956fde9ddbffb650a6e09ef879274
                • Instruction ID: d256202763d9f27410e8514d2057d7e0c881696ed3b2ae0db08e170ba724bd55
                • Opcode Fuzzy Hash: a1917bc506f06d5c87c306d71134fb54935956fde9ddbffb650a6e09ef879274
                • Instruction Fuzzy Hash: 0CF0242150E2B0DFEB81A6A49C214B23FB6998A10134701C7ECC3CBD56E122C404E3E3
                Function 06D52800 Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30f8b7d793a11c787e9b3afef7a85c3980c537f541e14acef5836279bf6c5396
                • Instruction ID: 1cd1297fe9d175d8657887faba1a853b56129e2184d153511d030e39439a5753
                • Opcode Fuzzy Hash: 30f8b7d793a11c787e9b3afef7a85c3980c537f541e14acef5836279bf6c5396
                • Instruction Fuzzy Hash: B2F090327002049BD7249F69F408BD67BA5EBD8321F10C03AE94AC7344DA35C816CFA0
                Function 00A3D76C Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3181038427.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_a3d000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f56b5fd11ee781a42b78df7b1123047e2d0b70199aeaf104f40415c891c4942
                • Instruction ID: f3468ca95f145f309a5282321f8f1beb6b5096c833d36a272467fd1037d23b2f
                • Opcode Fuzzy Hash: 1f56b5fd11ee781a42b78df7b1123047e2d0b70199aeaf104f40415c891c4942
                • Instruction Fuzzy Hash: 26F09671404344EEE7208B16ED88B62FF98EF55734F18C45AFD485B286C2799C45CA71
                Function 06D5A2D0 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aeb742f48ba43611b094f3f1df13ae5272f569cd8ae8b34dbbe2e1f1f7df1868
                • Instruction ID: adc2ec42a271fc06679f26d51522df751ab711c4f05c6d17910000b2a1fa7584
                • Opcode Fuzzy Hash: aeb742f48ba43611b094f3f1df13ae5272f569cd8ae8b34dbbe2e1f1f7df1868
                • Instruction Fuzzy Hash: 24F05232A082087FDF45DB64EC01C9F7FBADF48220B0481ABF408CB222E2309900C7A0
                Function 06D54DE0 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da9b17815be85ab4378a008a41c659e288b42fd9c71ee6d743fe519473bf1f40
                • Instruction ID: 826dadf3ee9a9d388ed1c261f529a8f3968e1153ea23de3d631e9a00e9c7ed20
                • Opcode Fuzzy Hash: da9b17815be85ab4378a008a41c659e288b42fd9c71ee6d743fe519473bf1f40
                • Instruction Fuzzy Hash: ADF01235700219AFDF059F55E8458AEBFAAFBCC210B148026FD16C3350DF768D219B90
                Function 06D52AC7 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6cc624f4236d109e1aa9701a1b9e2947ccbd46267cb3ffacf5b536613725b557
                • Instruction ID: e9133ef2bcaf68e0dcb782de00da3fe6cd405eae07297c7531c6ec9e1ee30373
                • Opcode Fuzzy Hash: 6cc624f4236d109e1aa9701a1b9e2947ccbd46267cb3ffacf5b536613725b557
                • Instruction Fuzzy Hash: F5F0A0367002044BC7209F0AF880A9AFBA8EFC8372B00C53BEC5DC7A04DA30D905CB90
                Function 06D5BBED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5168e7c7b75981a20b3ff9c8750bc273fdde2762549850b5e6cacc6f5026c76
                • Instruction ID: 151eeb2b6a9331e919ae2368f353f9bbab1177046088fa3df3dd2be3a4a642e3
                • Opcode Fuzzy Hash: d5168e7c7b75981a20b3ff9c8750bc273fdde2762549850b5e6cacc6f5026c76
                • Instruction Fuzzy Hash: 97F06234A001089FCB48EFD9C590AADBBF2FF88310F208455A445DB348CB30AC42CB80
                Function 06D5AEEA Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a884342e2fbd8c5092db0524d7ccd3751a2cb2998cb4c7228cdb6edc425a658d
                • Instruction ID: bab20e0ab3c59bad1d7b5f1493fc17b2dcfcfca1f92054c7a3ac1056ef3fabcd
                • Opcode Fuzzy Hash: a884342e2fbd8c5092db0524d7ccd3751a2cb2998cb4c7228cdb6edc425a658d
                • Instruction Fuzzy Hash: 87F0B430A45345EFDF419FB4CC5A9ADBB72AF4A300F018256EA26666D1CB309855CB61
                Function 06D59E5B Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62bedf00fe68ab8a46243b83daf38aaa16e90274bae78374ee74c10f19a1f6f0
                • Instruction ID: 010a980d91ebd9304f02f3f32449b84126bb6f4b61e3e879002c8a8bd0d946a9
                • Opcode Fuzzy Hash: 62bedf00fe68ab8a46243b83daf38aaa16e90274bae78374ee74c10f19a1f6f0
                • Instruction Fuzzy Hash: CEF0E9609093D28FD7538F7D8C605A57FB1AF42100B29459BC5D28B293C6254C09C752
                Function 06D59D78 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df81252d156ce7f9d6c0dbb5cd0bdc914bdee3db7d50f3e651750c85e4e28815
                • Instruction ID: 71e86b4240c1c03cca198faf50c57ca557e07435648c19c723826da5a84e2ca6
                • Opcode Fuzzy Hash: df81252d156ce7f9d6c0dbb5cd0bdc914bdee3db7d50f3e651750c85e4e28815
                • Instruction Fuzzy Hash: A9E01262A0C2C0CFEFCD25745935675BF7757D1610B0750A39C8B8ED96D935C84146D2
                Function 06D57D51 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8b9b55aa7558bb5437d5998bf5e9511727f515075ef4f64a57ce780ac5fd9818
                • Instruction ID: a6af9ac0aa1bbe8fc122a5d8528a1c258ed14951f67063c58260333685450865
                • Opcode Fuzzy Hash: 8b9b55aa7558bb5437d5998bf5e9511727f515075ef4f64a57ce780ac5fd9818
                • Instruction Fuzzy Hash: 02E0E534CD9154CED790572094046B57F2797C330AF68C0AAD8980FA82C77FC883C6A1
                Function 06D520C8 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c3ed676da02a904b9276b4e29949183d1139a919fac03ffef4834e6ae21d4c3
                • Instruction ID: 231c160cdb37c4d972b82fc2295c56e6f8a8018500df19082101537e9e5b8e3b
                • Opcode Fuzzy Hash: 2c3ed676da02a904b9276b4e29949183d1139a919fac03ffef4834e6ae21d4c3
                • Instruction Fuzzy Hash: 62E0CD3171A2448BD7013B716E1A6B73B6DDFC25057074066F549C7683DE1CCD178762
                Function 06D5C091 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c8286bd86cf270e128ede92e58705c2b463aa7edf5190f729b989f7a23faca4c
                • Instruction ID: 0eeb3b63dd43b36f7b22b0e053e6a19e7c3b307d6eac91a71c41baf96b71a821
                • Opcode Fuzzy Hash: c8286bd86cf270e128ede92e58705c2b463aa7edf5190f729b989f7a23faca4c
                • Instruction Fuzzy Hash: 6AD02EC212C388CFFF80A17E1C280BC3F3D95A9200703048FCC8B86C56D911D80202E3
                Function 06D5C0D6 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dabf2a6b5a00cf995d65d87e5aec25809cf832d0e470440ee157c16097966fbe
                • Instruction ID: 7df5c46aafe3b2fc21ce42f3e641649e10d507b311447db44df8e37a10fd43b0
                • Opcode Fuzzy Hash: dabf2a6b5a00cf995d65d87e5aec25809cf832d0e470440ee157c16097966fbe
                • Instruction Fuzzy Hash: 9BE0C2B066C318EFABA09A5E641197537BEA788341F02814FED87E6E08C921C80106D2
                Function 06D58140 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d90a5d93de01729dcdf118d4771d7b3ca5116776fcff3c398f97ff50e0885920
                • Instruction ID: 80657c16aac0366801067d23665f59f4f810c3520ec1c20773e371b6948c190d
                • Opcode Fuzzy Hash: d90a5d93de01729dcdf118d4771d7b3ca5116776fcff3c398f97ff50e0885920
                • Instruction Fuzzy Hash: 5EE06874109201CFD351DB78C8246267BB0EF02300F05C487D8928B6A3CB30EC0BD791
                Function 06D59D88 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce20221906a79a012d69d64c3babd385a41856dfe61acbc616ed59bbf5ca68ce
                • Instruction ID: e1ac2aae2904df816313f4816e88a1219b693398ba8822b570a62f57e4629052
                • Opcode Fuzzy Hash: ce20221906a79a012d69d64c3babd385a41856dfe61acbc616ed59bbf5ca68ce
                • Instruction Fuzzy Hash: 35D0172060C284CFFFC83A745539639A5B69BD0610B0244A35CCB8EE86DA36D81046D6
                Function 06D5B8F8 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4accd161fbeb3e9a6a8f29c51251f5a44fc22b7246b6fc371b2376a7a56419bb
                • Instruction ID: 446593c7c72b0361929b7d05a6044313cfe8a450194184f7bca1a9abf2df624a
                • Opcode Fuzzy Hash: 4accd161fbeb3e9a6a8f29c51251f5a44fc22b7246b6fc371b2376a7a56419bb
                • Instruction Fuzzy Hash: A1D05E28E0D14CDFAFE4EA99547553976F8A778222B0258879CCB87F08DA21C9005FF3
                Function 06D5C2E0 Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c301da4ad7419f26eef12424b6e5ef4d7ba2603e12469e80c39e721b577d2656
                • Instruction ID: 6e5892e12b79368080dcfc8b353c0e5ad67a557d7b6caadc4440a36fafa83905
                • Opcode Fuzzy Hash: c301da4ad7419f26eef12424b6e5ef4d7ba2603e12469e80c39e721b577d2656
                • Instruction Fuzzy Hash: 72D0A72001E38CDFDBA121A0182A5F23F38D88600030611CFB8CB56C03D549C48587E3
                Function 06D5AE9B Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd31e615f6893525c6d13d7f92e1821c40494922a527030012c75e602691e490
                • Instruction ID: c3550c690a91b5818e696c8d4adf3c20377762f6a0476fe0c877ebf7d074e404
                • Opcode Fuzzy Hash: fd31e615f6893525c6d13d7f92e1821c40494922a527030012c75e602691e490
                • Instruction Fuzzy Hash: A5E09A71D097848FCB05CF79CCE25AAFFF1BE42200B0984ABD0A487516C334A416CB82
                Function 06D50DE8 Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcc1ef6d0441d28c5536d5d53abcb0afde68845f9a70a9938feda426d06a0d13
                • Instruction ID: f7f048a3acf415c4c1763388421091ac7925f21c32de0c8f1a343d6cee7a93eb
                • Opcode Fuzzy Hash: bcc1ef6d0441d28c5536d5d53abcb0afde68845f9a70a9938feda426d06a0d13
                • Instruction Fuzzy Hash: 4BE01A31820A0CDECB55EF74D9086AA7BE4AB11214F04C529E84DCA510E630D294CF90
                Function 06D50DF8 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ecd6870d73d506eb224c2be8f0f0189fe57651f890ade2cc8ddfd455c8fac9d
                • Instruction ID: e9e9cd28ca4ddeaae4f86456ee2f7c4761a4721aca3174e05d3e874471878eb8
                • Opcode Fuzzy Hash: 3ecd6870d73d506eb224c2be8f0f0189fe57651f890ade2cc8ddfd455c8fac9d
                • Instruction Fuzzy Hash: 60E0E23182060C9E8F80EF79D90859A7BE8AB06221F10C52AE949DA510EA30D2E8DB90
                Function 06D56681 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6aebdcff4264e04d98b53af317194bca9019b5918e88c794ae9a92197d4cfe74
                • Instruction ID: 1d240860234c48a48201297def21f323fbec6c721a1f257297078915c2274b13
                • Opcode Fuzzy Hash: 6aebdcff4264e04d98b53af317194bca9019b5918e88c794ae9a92197d4cfe74
                • Instruction Fuzzy Hash: E3D0126800E3C97FD75716707C068B37F3D554211178B04D7FCC5895679505A8B082F3
                Function 06D520D8 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c16c8e9e38419dc778ff6bb29e0ce12f693ca15697a4093eabf1c5d977db0e20
                • Instruction ID: 69864be718edd93b552fe2b1860e001ee8079eb19c0df61212b2166f52eeea68
                • Opcode Fuzzy Hash: c16c8e9e38419dc778ff6bb29e0ce12f693ca15697a4093eabf1c5d977db0e20
                • Instruction Fuzzy Hash: 73D0A720704208879B042FB6B60677633DEEB806067418025A509C3581CF2CD9159751
                Function 06D5A2A8 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1a63a45ae75ffdf5a7d1e05e1afa7dbad4333b45a37194bb27bc2b4b56b550d
                • Instruction ID: a1405217b3644b1d40f2264f10b0f73ab0f19078dc212c12ada48f0d18dcd15a
                • Opcode Fuzzy Hash: f1a63a45ae75ffdf5a7d1e05e1afa7dbad4333b45a37194bb27bc2b4b56b550d
                • Instruction Fuzzy Hash: B9C08C2051AAC02FE782A230BE36AA61B2095E310031EC293A9C4C0553C250021E8233
                Function 06D5C0A0 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a85c80e4604e97289509fa683126e129f4f0c06f4db43d164693525bb1afddd
                • Instruction ID: fd92a736a68e76c22a7296a2fa51579b724c2cded1d3c6050ec6cb750c5cc386
                • Opcode Fuzzy Hash: 4a85c80e4604e97289509fa683126e129f4f0c06f4db43d164693525bb1afddd
                • Instruction Fuzzy Hash: F3C012D023C308CEBFC4A5AF191443C36BE65A8204712440F8D8B42D48CA12C80105E3
                Function 06D5E428 Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b1025f4500bc67e87b8632e29c2bfd457f0fc25cdf491fedb12329acd4b5667
                • Instruction ID: 38628ce68ae27dca80134ffd7d38d0b5ca14985d928f097d9262fed57e011955
                • Opcode Fuzzy Hash: 0b1025f4500bc67e87b8632e29c2bfd457f0fc25cdf491fedb12329acd4b5667
                • Instruction Fuzzy Hash: E9C08C300427088BC2106FD9B90C32837A95704302F440011EB0844AA18BA088A0C6A2
                Function 06D5BCB0 Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3c60d66be63805761a39b14d13bfa7a073e6a90244851bd8411dbe0b0916f02
                • Instruction ID: 6816d0f195f985137bfc9d240f50ca463ed197bb0754a60e235950fe055bdd1c
                • Opcode Fuzzy Hash: b3c60d66be63805761a39b14d13bfa7a073e6a90244851bd8411dbe0b0916f02
                • Instruction Fuzzy Hash: 9ED012754081A0DFD701CF55DD95C597FF0BE1E201305099AD4465B722D330E411CF80
                Function 06D5C2F0 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca4cc4385353fc75217c395d1ac09f80350b3dd3e96cee42fc6620e7e6d0bf44
                • Instruction ID: ea021790fa43669121f1caca513165f3d5dffb36bcd314c8ebc9b0f27bb39127
                • Opcode Fuzzy Hash: ca4cc4385353fc75217c395d1ac09f80350b3dd3e96cee42fc6620e7e6d0bf44
                • Instruction Fuzzy Hash: E3B0122403C30CCE7FF025D4202B139363C3044A00B03301EADCF70C00D941D45100D3
                Function 06D5770C Relevance: .0, Instructions: 8COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 00760308931da31318df239c68938ec9a5caab797ed1b28e0c6f529bfff24962
                • Instruction ID: 07b2b2d67b97d61464f7dff9a2874179983a42ff1495efa5a9ead9308843f806
                • Opcode Fuzzy Hash: 00760308931da31318df239c68938ec9a5caab797ed1b28e0c6f529bfff24962
                • Instruction Fuzzy Hash: ADB012355D9500AB5A8067A44D89B3E9860EBB1700B519E123B494083CC5318428D327
                Function 06D5B9C1 Relevance: .0, Instructions: 8COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0ef447c40b128626f449a8cd9b4a476d3d51a2e42f18b69a1414802b8e37e3ad
                • Instruction ID: b4d1edbc31c4ac6fd7b816aa11ef15f7f1468e75f0693bfdd010e4eeb8e775c7
                • Opcode Fuzzy Hash: 0ef447c40b128626f449a8cd9b4a476d3d51a2e42f18b69a1414802b8e37e3ad
                • Instruction Fuzzy Hash: 4EC08C30B40209BFEF408A11DF5297C36726B21A00F010012AA0236284C3A0C9008A80
                Function 06D56690 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185815205.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d50000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c6b7d7415d3cef80dddb0e0dffd2c5fa4d955484cf14dda1d5e6ee87bc82117
                • Instruction ID: 052765ac37160c0c865fc360c12c1b312261ab061e9c6a085cac0e46b4f63295
                • Opcode Fuzzy Hash: 9c6b7d7415d3cef80dddb0e0dffd2c5fa4d955484cf14dda1d5e6ee87bc82117
                • Instruction Fuzzy Hash: D0A0112800838CCF2B802A80A80803A3B3C2000208B820080EE8A08A282A22F8A000CA

                Non-executed Functions

                Function 089E6D08 Relevance: 8.0, Strings: 6, Instructions: 490COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3186510188.00000000089E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_89e0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: 4'_q$4'_q$4'_q$4|dq$4|dq$$_q
                • API String ID: 0-271859681
                • Opcode ID: 0a1038cbe875822d14851610c9beb76b6feafa8c2c6bf96aa75e98c11b61d004
                • Instruction ID: 951284e4aa3f8c9c7f794a1d5690de9c447174539defdc6624892b60b5616f12
                • Opcode Fuzzy Hash: 0a1038cbe875822d14851610c9beb76b6feafa8c2c6bf96aa75e98c11b61d004
                • Instruction Fuzzy Hash: 6AF1D031704211AFCB2AEFA8C594A2A7FE6BF95706B15486DF406CB361DB31DC42C792
                Function 089E1230 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3186510188.00000000089E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_89e0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: d
                • API String ID: 0-2564639436
                • Opcode ID: d5b68db1b23eb1f5bc4b7aae20d07ee439abb434a4d4a7865ac70abf5639349f
                • Instruction ID: 848f5e8ff94ca4008e8d5b64c5b7fdcd21f4e8b39953d859a371e72b2dd61945
                • Opcode Fuzzy Hash: d5b68db1b23eb1f5bc4b7aae20d07ee439abb434a4d4a7865ac70abf5639349f
                • Instruction Fuzzy Hash: 4951C375E04228CFDB29DF66CC407DEBBB2AB89301F4081AAA41DA7254DB345A86CF50
                Function 089E11F8 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3186510188.00000000089E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_89e0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: d
                • API String ID: 0-2564639436
                • Opcode ID: 4598c92ec4cdb295e403e7a98699819f5d29647769c3406e333fb22e0af264af
                • Instruction ID: 6e8a2888db9a9731317af48bfb0a6d2ceeb05648f0a39303057fbc6aa7a70e81
                • Opcode Fuzzy Hash: 4598c92ec4cdb295e403e7a98699819f5d29647769c3406e333fb22e0af264af
                • Instruction Fuzzy Hash: 3551C575D04229DFDB25DF66CC406DEBBB2AB89302F40C1EAD41CA7264DB355A86CF40
                Function 070A2C18 Relevance: .3, Instructions: 331COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 839137ca9e6665b91007dd00dce8656fe266b77950d6eb7a2bbe4b0b10772e43
                • Instruction ID: 6acd36cfc60538da281f2b01a0190f117a0c9dd7c47df2017d9b5b1273716b6d
                • Opcode Fuzzy Hash: 839137ca9e6665b91007dd00dce8656fe266b77950d6eb7a2bbe4b0b10772e43
                • Instruction Fuzzy Hash: 13E109B4E011199FCB14DFA9C5909AEFBF2BF89304F24C269D414AB35AD734A942CF61
                Function 056A0130 Relevance: .3, Instructions: 315COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185036527.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_56a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a5a22140e330ecc52c7fdd947c3bcd7d30e0135f7290769adb30e5c4c60f0cc7
                • Instruction ID: 9aeb64ed6990f34b08c1dee947a9b285f41e1a2a603777bcdb85bf3fa48bdea4
                • Opcode Fuzzy Hash: a5a22140e330ecc52c7fdd947c3bcd7d30e0135f7290769adb30e5c4c60f0cc7
                • Instruction Fuzzy Hash: 001284B0521F458AD730CF65EE4C39E3BB1BB89328F904609D2616AAF5EBB4114BCF44
                Function 070A4310 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a82f422715920f9aefd2310da7f7459f0a58b43a8d29b1ff4c2257f06fe3765c
                • Instruction ID: 10ac35a7f358c12f37b63b5f278f6ae6e18b01d5e2cca0c82c9a34baf31e6953
                • Opcode Fuzzy Hash: a82f422715920f9aefd2310da7f7459f0a58b43a8d29b1ff4c2257f06fe3765c
                • Instruction Fuzzy Hash: 59E129B4E011599FCB14DFA9C5809AEFBF2BF89305F248269E414AB359C770A942CF61
                Function 070A4FF0 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f4a5ed047f1d602e1dfb8c87ac004705b14a47f542ab93020a3483ab62ad2da2
                • Instruction ID: cb2853022d8438752382906f1ea7e3cbac867dd2b08ea1c2b0e08d04005972f1
                • Opcode Fuzzy Hash: f4a5ed047f1d602e1dfb8c87ac004705b14a47f542ab93020a3483ab62ad2da2
                • Instruction Fuzzy Hash: B5E109B4E111199FCB14DFA9C9809AEFBF2BF89305F24C269D414AB359D730A942CF61
                Function 070A5500 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb20a07ea85305903255735c97bbe03d9de8466985e621c251fa51a554d8b186
                • Instruction ID: 91861afacd9c7d43e1b15f8500d1db5b705d399063a82bd09e4513f12d1c0821
                • Opcode Fuzzy Hash: bb20a07ea85305903255735c97bbe03d9de8466985e621c251fa51a554d8b186
                • Instruction Fuzzy Hash: B4E11AB4E111199FCB14DFA9C9909AEFBF2BF89304F24C269D414AB359D730A942CF61
                Function 070A3070 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 99d532fcbe1fca7c46ac76843dc0a4e316a6cd52ff6bb5553c79e1f3096a9b4a
                • Instruction ID: 678ed71f5eab24d1f6ecfdf1c1e7cca85d4d99eb5331d0a0f788bacdb76ddd24
                • Opcode Fuzzy Hash: 99d532fcbe1fca7c46ac76843dc0a4e316a6cd52ff6bb5553c79e1f3096a9b4a
                • Instruction Fuzzy Hash: 24E1F9B4E011199FCB14DFA9C5909AEFBF2BF89305F24C269D414AB359DB30A942CF61
                Function 057967A3 Relevance: .3, Instructions: 267COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185376280.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 32df4bbfc307821ccade366f8900e7dfec9496d567cf57cf61a487eb0331ae0d
                • Instruction ID: 60ae8a307de43df2e760ed6336e582d476f32bde05e778dfdc28980dcd27da49
                • Opcode Fuzzy Hash: 32df4bbfc307821ccade366f8900e7dfec9496d567cf57cf61a487eb0331ae0d
                • Instruction Fuzzy Hash: AED10A35D2075A8ACB10EFA4D991A9DB771FF96300F50C79AE0497B224FB706AC9CB41
                Function 00BBE124 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3181277797.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_bb0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d298a2507f184384bb7db4b38e775bd61d2de9081e0038ab74c4bea67a613afb
                • Instruction ID: a1d51caa097b57f53d065067b5104e586a4cb22e7f228e334065131f2eff9b4f
                • Opcode Fuzzy Hash: d298a2507f184384bb7db4b38e775bd61d2de9081e0038ab74c4bea67a613afb
                • Instruction Fuzzy Hash: 04A14C36A002068FCF15DFA5C8405EEB7F2FF85300B2585AAE815BB265DB71ED16CB80
                Function 057967B0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185376280.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5790000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50bac20f98484bca986ba7e1f7c5ededa87822a98b2a582674ee26db7d8bfcca
                • Instruction ID: 8c5b45b74fe0d1d8c782d19bd11a8991701832a8274ec078d3d9a7a77341493e
                • Opcode Fuzzy Hash: 50bac20f98484bca986ba7e1f7c5ededa87822a98b2a582674ee26db7d8bfcca
                • Instruction Fuzzy Hash: B8D1FA31D2075A8ACB10EFA4D991A9DB771FF96300F50C79AE44977224FB706AC9CB81
                Function 056A0120 Relevance: .2, Instructions: 235COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185036527.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_56a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e09ef6a7931defe3ff9d08b450155139c6293935d48b460caffd5c6c405ae9b4
                • Instruction ID: a4586cadafa3ae9685fa9464ddce9cbc3e0df5c382299f2668cf9b204cde7149
                • Opcode Fuzzy Hash: e09ef6a7931defe3ff9d08b450155139c6293935d48b460caffd5c6c405ae9b4
                • Instruction Fuzzy Hash: 7FC108B1921B458BD720CF69EE4C39E7BB1BB89324F504609D1616BAF4EBB4148BCF44
                Function 070A4FE0 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3185999904.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_70a0000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1debb49699af721f163e63179da6baebc6a5474fb59bf174c678903fcfe72df4
                • Instruction ID: 3de313ddbdde3d2c9a434b703be20b67f7ac93a74780742af6c6db5810072802
                • Opcode Fuzzy Hash: 1debb49699af721f163e63179da6baebc6a5474fb59bf174c678903fcfe72df4
                • Instruction Fuzzy Hash: 58512CB4E012199FDB14CFA9C9809AEFBF2BF89305F24C169D418A7355D7309942CFA1

                Execution Graph

                Execution Coverage:0.8%
                Dynamic/Decrypted Code Coverage:4.8%
                Signature Coverage:8.7%
                Total number of Nodes:104
                Total number of Limit Nodes:8
                execution_graph 93373 42c2c3 93374 42c2e0 93373->93374 93377 10b2df0 LdrInitializeThunk 93374->93377 93375 42c308 93377->93375 93382 42fd93 93383 42fda3 93382->93383 93384 42fda9 93382->93384 93387 42edd3 93384->93387 93386 42fdcf 93390 42cfb3 93387->93390 93389 42edee 93389->93386 93391 42cfcd 93390->93391 93392 42cfde RtlAllocateHeap 93391->93392 93392->93389 93429 424fa3 93430 424fbf 93429->93430 93431 424fe7 93430->93431 93432 424ffb 93430->93432 93433 42ccb3 NtClose 93431->93433 93439 42ccb3 93432->93439 93435 424ff0 93433->93435 93436 425004 93442 42ee13 RtlAllocateHeap 93436->93442 93438 42500f 93440 42cccd 93439->93440 93441 42ccde NtClose 93440->93441 93441->93436 93442->93438 93499 425333 93500 42534c 93499->93500 93501 425394 93500->93501 93504 4253d4 93500->93504 93506 4253d9 93500->93506 93502 42ecf3 RtlFreeHeap 93501->93502 93503 4253a1 93502->93503 93505 42ecf3 RtlFreeHeap 93504->93505 93505->93506 93378 417d83 93379 417da7 93378->93379 93380 417de3 LdrLoadDll 93379->93380 93381 417dae 93379->93381 93380->93381 93393 41ea93 93394 41eab9 93393->93394 93398 41ebad 93394->93398 93399 42fec3 93394->93399 93396 41eb4e 93396->93398 93405 42c313 93396->93405 93400 42fe33 93399->93400 93401 42edd3 RtlAllocateHeap 93400->93401 93403 42fe90 93400->93403 93402 42fe6d 93401->93402 93409 42ecf3 93402->93409 93403->93396 93406 42c32d 93405->93406 93415 10b2c0a 93406->93415 93407 42c359 93407->93398 93412 42d003 93409->93412 93411 42ed0c 93411->93403 93413 42d01d 93412->93413 93414 42d02e RtlFreeHeap 93413->93414 93414->93411 93416 10b2c1f LdrInitializeThunk 93415->93416 93417 10b2c11 93415->93417 93416->93407 93417->93407 93443 4019e4 93444 401a01 93443->93444 93447 430263 93444->93447 93450 42e8b3 93447->93450 93451 42e8d9 93450->93451 93460 407353 93451->93460 93453 42e8ef 93454 401a65 93453->93454 93463 41b6a3 93453->93463 93456 42e90e 93457 42e923 93456->93457 93458 42d053 ExitProcess 93456->93458 93474 42d053 93457->93474 93458->93457 93462 407360 93460->93462 93477 416a33 93460->93477 93462->93453 93464 41b6cf 93463->93464 93488 41b593 93464->93488 93467 41b714 93470 41b730 93467->93470 93471 42ccb3 NtClose 93467->93471 93468 41b6fc 93469 42ccb3 NtClose 93468->93469 93472 41b707 93468->93472 93469->93472 93470->93456 93473 41b726 93471->93473 93472->93456 93473->93456 93475 42d06d 93474->93475 93476 42d07e ExitProcess 93475->93476 93476->93454 93478 416a4d 93477->93478 93480 416a66 93478->93480 93481 42d6d3 93478->93481 93480->93462 93483 42d6ed 93481->93483 93482 42d71c 93482->93480 93483->93482 93484 42c313 LdrInitializeThunk 93483->93484 93485 42d776 93484->93485 93486 42ecf3 RtlFreeHeap 93485->93486 93487 42d78c 93486->93487 93487->93480 93489 41b689 93488->93489 93490 41b5ad 93488->93490 93489->93467 93489->93468 93494 42c3b3 93490->93494 93493 42ccb3 NtClose 93493->93489 93495 42c3cd 93494->93495 93498 10b35c0 LdrInitializeThunk 93495->93498 93496 41b67d 93496->93493 93498->93496 93418 4142d7 93419 414263 93418->93419 93420 4142cc 93419->93420 93423 41b9b3 RtlFreeHeap LdrInitializeThunk 93419->93423 93422 4142c2 93423->93422

                Executed Functions

                Function 00417D83 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 84 417d83-417dac call 42f8d3 87 417db2-417dc0 call 42fed3 84->87 88 417dae-417db1 84->88 91 417dd0-417de1 call 42e383 87->91 92 417dc2-417dcd call 430173 87->92 97 417de3-417df7 LdrLoadDll 91->97 98 417dfa-417dfd 91->98 92->91 97->98
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417DF5
                Memory Dump Source
                • Source File: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_ztcrKv3zFz.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                • Instruction ID: 88b9ef28133dc456cab6c81c5f600716b01c30102915f9fd8f3ec612534eff34
                • Opcode Fuzzy Hash: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                • Instruction Fuzzy Hash: 23011EB5E0020DABDF10DAE5DC42FEEB3789F54308F0081AAE90897241F635EB598B95
                Function 0042CCB3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 109 42ccb3-42ccec call 404623 call 42dea3 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCE7
                Memory Dump Source
                • Source File: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_ztcrKv3zFz.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                • Instruction ID: d46bfabfc098e6d5a2aad821b6b2a61ea91c21e50ceafb7c4f345b9124cf626d
                • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                • Instruction Fuzzy Hash: 98E026366006043BC210FA6ADC01FD7776CDFC5B10F000819FA0867242C7B4B90087F4
                Function 010B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 124 10b2df0-10b2dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 14bfb4b98eea2bb725118bb3995e6d2d17dd178e80c176303800af32a0eb712c
                • Instruction ID: d494b62f8a4a75c8af145a03f4b061e128e0508742c98265d285004cf900c577
                • Opcode Fuzzy Hash: 14bfb4b98eea2bb725118bb3995e6d2d17dd178e80c176303800af32a0eb712c
                • Instruction Fuzzy Hash: 8890023120140413E111725D850470B000997D0641F95C417A0824558DD6578A52A625
                Function 010B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 123 10b2c70-10b2c7c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 60b17ee1839685763c39f691c9d0b5941ad38deafb49d26447bd87a91795b748
                • Instruction ID: 9cf5f6c0125ef08dc970f3040e2aac927e0235e133028214b1708c713fbf2150
                • Opcode Fuzzy Hash: 60b17ee1839685763c39f691c9d0b5941ad38deafb49d26447bd87a91795b748
                • Instruction Fuzzy Hash: 5890023120148802E110725DC40474E000597D0701F59C416A4824658DC69689917625
                Function 010B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 125 10b35c0-10b35cc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 1499324efee3e10576f0351a1349f8635e72d885fe471f0e6ad05975aa1781f3
                • Instruction ID: d48d55543a601774dd0d0cf4dcb99f4ad63480a4b25c4c8befc33a77bbdd3f84
                • Opcode Fuzzy Hash: 1499324efee3e10576f0351a1349f8635e72d885fe471f0e6ad05975aa1781f3
                • Instruction Fuzzy Hash: 0B90023160550402E100725D851470A100597D0601F65C416A0824568DC7968A516AA6
                Function 0042D003 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 104 42d003-42d044 call 404623 call 42dea3 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D08CFFD5,00000007,00000000,00000004,00000000,004175E7,000000F4), ref: 0042D03F
                Memory Dump Source
                • Source File: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_ztcrKv3zFz.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                • Instruction ID: 480c2476483c24a98dc1ccd4d3f8387b92b9bc50a10ea559d801330f157754dd
                • Opcode Fuzzy Hash: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                • Instruction Fuzzy Hash: CCE065B66046147FE710EFA9EC41E9B33ACEFC9710F00041AFA08A7241D778B9108AB9
                Function 0042CFB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 99 42cfb3-42cff4 call 404623 call 42dea3 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,0041EB4E,?,?,00000000,?,0041EB4E,?,?,?), ref: 0042CFEF
                Memory Dump Source
                • Source File: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_ztcrKv3zFz.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                • Instruction ID: dc73a00d5b2d417b2c46dafea40d9adc71060332ee157e8bfc2b2fc429177c5c
                • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                • Instruction Fuzzy Hash: 2DE06DB66042047BD610EE59EC41E9B33ACDFC9710F000819F908A7241D675BA118BB9
                Function 0042D053 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 114 42d053-42d08c call 404623 call 42dea3 ExitProcess
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1935334888.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_ztcrKv3zFz.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                • Instruction ID: 7a9833e9e4d947a3999cb396ff3879e5195884ea37e196f788b44d0b0899353c
                • Opcode Fuzzy Hash: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                • Instruction Fuzzy Hash: D2E04F722406147BC210FA5ADC02F9B775CDBC5715F10845AFA086B241D7B9791587A8
                Function 010B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 119 10b2c0a-10b2c0f 120 10b2c1f-10b2c26 LdrInitializeThunk 119->120 121 10b2c11-10b2c18 119->121
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 02aac11c0dd9e9bc94c589756977342e6dc860fd52e15f3ad6e0b841b35300e7
                • Instruction ID: 289062aa2858b3f1d43d4544bfd97240088cefeda93e5933df706c5af5c61b19
                • Opcode Fuzzy Hash: 02aac11c0dd9e9bc94c589756977342e6dc860fd52e15f3ad6e0b841b35300e7
                • Instruction Fuzzy Hash: DDB09B719015C5C5EA51E764460871B7A4077D0701F15C066D2430641F4739D5D1E675

                Non-executed Functions

                Function 01128D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                Download Yara Rule
                Strings
                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01128F34
                • write to, xrefs: 01128F56
                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01128D8C
                • <unknown>, xrefs: 01128D2E, 01128D81, 01128E00, 01128E49, 01128EC7, 01128F3E
                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01128F2D
                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01128E3F
                • *** An Access Violation occurred in %ws:%s, xrefs: 01128F3F
                • *** enter .exr %p for the exception record, xrefs: 01128FA1
                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01128DB5
                • a NULL pointer, xrefs: 01128F90
                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01128DA3
                • read from, xrefs: 01128F5D, 01128F62
                • an invalid address, %p, xrefs: 01128F7F
                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01128E86
                • The resource is owned exclusively by thread %p, xrefs: 01128E24
                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01128E4B
                • *** enter .cxr %p for the context, xrefs: 01128FBD
                • The critical section is owned by thread %p., xrefs: 01128E69
                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01128F26
                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01128DD3
                • *** Resource timeout (%p) in %ws:%s, xrefs: 01128E02
                • *** then kb to get the faulting stack, xrefs: 01128FCC
                • *** Inpage error in %ws:%s, xrefs: 01128EC8
                • The instruction at %p tried to %s , xrefs: 01128F66
                • Go determine why that thread has not released the critical section., xrefs: 01128E75
                • The instruction at %p referenced memory at %p., xrefs: 01128EE2
                • This failed because of error %Ix., xrefs: 01128EF6
                • The resource is owned shared by %d threads, xrefs: 01128E2E
                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01128FEF
                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01128DC4
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                • API String ID: 0-108210295
                • Opcode ID: 26cc4b18af9690b18497677b9dc830417a8ca391d656a2004d865552762a911a
                • Instruction ID: 9f241e3289b0115e95995de52de766a3dbd64d18ff3c666078999e4b52fd551f
                • Opcode Fuzzy Hash: 26cc4b18af9690b18497677b9dc830417a8ca391d656a2004d865552762a911a
                • Instruction Fuzzy Hash: 5381187AA00225BFDB299B19CC46DAB3F79EF56B14F01004CF3486F212E3B58421D7A2
                Function 010F2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: 333383aacd691bf6be4bd4b74d256af253d10bab2a56ba72b7f67709a3264807
                • Instruction ID: 41567ad956482fcb3a6f1386c7ca9d865cc5ae60f9db42ef91eb5846485c180d
                • Opcode Fuzzy Hash: 333383aacd691bf6be4bd4b74d256af253d10bab2a56ba72b7f67709a3264807
                • Instruction Fuzzy Hash: 44929F716087429FE725DE18C882BABB7E8BB84754F04492DFBD4DB690D770E844CB92
                Function 010A8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • Critical section address, xrefs: 010E5425, 010E54BC, 010E5534
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010E54CE
                • Critical section address., xrefs: 010E5502
                • double initialized or corrupted critical section, xrefs: 010E5508
                • Address of the debug info found in the active list., xrefs: 010E54AE, 010E54FA
                • Thread identifier, xrefs: 010E553A
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010E54E2
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010E540A, 010E5496, 010E5519
                • corrupted critical section, xrefs: 010E54C2
                • Critical section debug info address, xrefs: 010E541F, 010E552E
                • Thread is in a state in which it cannot own a critical section, xrefs: 010E5543
                • 8, xrefs: 010E52E3
                • Invalid debug info address of this critical section, xrefs: 010E54B6
                • undeleted critical section in freed memory, xrefs: 010E542B
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: a9063faa527f026224abac76fc5ec88b074d220c938a6e8e900790e3575dc3b0
                • Instruction ID: 9deffe47453d49a6a9aec0f0edc1e4287e277975449bfc57a1bf4ec0612d59f4
                • Opcode Fuzzy Hash: a9063faa527f026224abac76fc5ec88b074d220c938a6e8e900790e3575dc3b0
                • Instruction Fuzzy Hash: 9D819075A00349AFDB60CF9ACC45BAEBBF5BB08708F10855AF984BB251D771A940CB50
                Function 010A29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                Download Yara Rule
                Strings
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 010E2506
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010E22E4
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 010E2498
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 010E2409
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 010E2412
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 010E2624
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 010E2602
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010E24C0
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 010E261F
                • @, xrefs: 010E259B
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010E25EB
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: 3a17b9195343d3fd84a799d76c8c03cdeb019b3896807887472adc1cb8eb32ae
                • Instruction ID: d0ee472448a5acd5970e6bd5854724a1b0e0e4e9fc0ebfbd8d19b75b83bbd281
                • Opcode Fuzzy Hash: 3a17b9195343d3fd84a799d76c8c03cdeb019b3896807887472adc1cb8eb32ae
                • Instruction Fuzzy Hash: 5E027FF2D0022D9FDB71DB55CC84BDEB7B8AB54304F4041EAA689A7241DB70AE84CF59
                Function 01118B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                • API String ID: 0-2515994595
                • Opcode ID: 1115986a469ec031e4d007b6d2dda8faf72071f4149ab89c2a79714deb1452bd
                • Instruction ID: f7eecc6778730caf5b4cbc10b8a6d9ccc53db35223b1710fc67960b6eec5843e
                • Opcode Fuzzy Hash: 1115986a469ec031e4d007b6d2dda8faf72071f4149ab89c2a79714deb1452bd
                • Instruction Fuzzy Hash: AC51CEB16043069BD729DF18C884BEBBBE8FF94240F54893DE999C7244E770D608CB92
                Function 0108AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                • API String ID: 0-3197712848
                • Opcode ID: 67ab747d9f4240e61672590a6e07192e2b7502ca0099314c4c8a054205665bdc
                • Instruction ID: 752e8b5305e92e7044bff9da6d9c61ba39fffff1fa4f2b33eb29baf94af4e2bc
                • Opcode Fuzzy Hash: 67ab747d9f4240e61672590a6e07192e2b7502ca0099314c4c8a054205665bdc
                • Instruction Fuzzy Hash: E712F071609342CFD764EF28C480BAAB7E4BF84704F04496EF9C58B292EB34D945CB92
                Function 01120274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 1ff58473bf2f5af24522f0c1a619b01bb8ad83252a3216692a3c5ae301769528
                • Instruction ID: 43d6374578bba1e2b38ec73ece577e202b03efeb3c1c112e8258807c39bcf6fe
                • Opcode Fuzzy Hash: 1ff58473bf2f5af24522f0c1a619b01bb8ad83252a3216692a3c5ae301769528
                • Instruction Fuzzy Hash: FCD10131600696DFDB2ADF68C440AADBBF1FF4E704F088269F4859B662C735D9A0CB54
                Function 010F89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                Download Yara Rule
                Strings
                • VerifierFlags, xrefs: 010F8C50
                • VerifierDlls, xrefs: 010F8CBD
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 010F8A67
                • AVRF: -*- final list of providers -*- , xrefs: 010F8B8F
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 010F8A3D
                • HandleTraces, xrefs: 010F8C8F
                • VerifierDebug, xrefs: 010F8CA5
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: 28956cea2026247a367f7861be8c9d40c67da91ab6ac01bcf5a708ce45bcbb4d
                • Instruction ID: 7ad384ebacabbd41c76c6b7c699a29b4ec3b057c6e7dc7c9c9a172bbd610a804
                • Opcode Fuzzy Hash: 28956cea2026247a367f7861be8c9d40c67da91ab6ac01bcf5a708ce45bcbb4d
                • Instruction Fuzzy Hash: 07913472605306EFD365EF288882BDA7BE9AF54754F04846EFBC0ABA51D7319C40C791
                Function 0107EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                • API String ID: 0-1109411897
                • Opcode ID: 0240f4628fe480c41088df90d20a78c77fb76f37b191e1cef5a92fc39d1dbe27
                • Instruction ID: 291367234a16c3eac1011f767273bc68aa923fc4c96fdff4a46c96eb9c82b4b3
                • Opcode Fuzzy Hash: 0240f4628fe480c41088df90d20a78c77fb76f37b191e1cef5a92fc39d1dbe27
                • Instruction Fuzzy Hash: 79A23774E0562A8FDB64DF18C8887ADBBB5BF49304F1442E9D999A7690DB309EC1CF04
                Function 010A63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: f66848d4d6d472781795895547e98976e4a48724a906473c99c2c12dae03a6fd
                • Instruction ID: af92524129eab1ef0a3d3785c6d270fcf8722296d68c64a4db4bb5597fd93327
                • Opcode Fuzzy Hash: f66848d4d6d472781795895547e98976e4a48724a906473c99c2c12dae03a6fd
                • Instruction Fuzzy Hash: 19913570A00715DFEB69DF99D848BAE3BF1BF50B54F48006CE9D0AB291DB769841C790
                Function 0106645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • apphelp.dll, xrefs: 01066496
                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 010C99ED
                • LdrpInitShimEngine, xrefs: 010C99F4, 010C9A07, 010C9A30
                • minkernel\ntdll\ldrinit.c, xrefs: 010C9A11, 010C9A3A
                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 010C9A2A
                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 010C9A01
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: 5ec236a82187be33a70f275b706f1ab81108935a9b75a9d721e6a85e16e21cef
                • Instruction ID: 102ab04bb63ff44699de45522424eccd577fb14cdc150850b0c01140b5fbcf02
                • Opcode Fuzzy Hash: 5ec236a82187be33a70f275b706f1ab81108935a9b75a9d721e6a85e16e21cef
                • Instruction Fuzzy Hash: DC518EB1218705DFE724DF28C891AAF77E9FB84B48F00492DF5D59B160DA32E944CB92
                Function 010A2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 010E2180
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010E21BF
                • RtlGetAssemblyStorageRoot, xrefs: 010E2160, 010E219A, 010E21BA
                • SXS: %s() passed the empty activation context, xrefs: 010E2165
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 010E219F
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 010E2178
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: af9d2374170b212e5257767ab36a537ef917dec7d64a0fe59ffe8eeaf5aa08f2
                • Instruction ID: 7a5ea6871b417c08da550196a8394d6c2fd675bbf777ed2e3e7756ee59d4c753
                • Opcode Fuzzy Hash: af9d2374170b212e5257767ab36a537ef917dec7d64a0fe59ffe8eeaf5aa08f2
                • Instruction Fuzzy Hash: 1C31EB36B40215BBE7218AD68C45FAF7BBCEB65A50F4500ADFB846B240D270DB00D7A1
                Function 010AC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • Loading import redirection DLL: '%wZ', xrefs: 010E8170
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 010E81E5
                • minkernel\ntdll\ldrinit.c, xrefs: 010AC6C3
                • LdrpInitializeProcess, xrefs: 010AC6C4
                • minkernel\ntdll\ldrredirect.c, xrefs: 010E8181, 010E81F5
                • LdrpInitializeImportRedirection, xrefs: 010E8177, 010E81EB
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: fcef4d96e7971f96c98d1b4eb39a022289b8f8aae39521db40e8b730e128d27f
                • Instruction ID: a806e68a48b60949653fd4b40c81319c141ddbfca7baee123f3ee29156f171f5
                • Opcode Fuzzy Hash: fcef4d96e7971f96c98d1b4eb39a022289b8f8aae39521db40e8b730e128d27f
                • Instruction Fuzzy Hash: 613123B1744706AFD324EF69D94AE5BB7D4EF94B10F00456CF9C5AB291E620EC04C7A2
                Function 010B096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 010B2DF0: LdrInitializeThunk.NTDLL ref: 010B2DFA
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010B0BA3
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010B0BB6
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010B0D60
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010B0D74
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                • String ID:
                • API String ID: 1404860816-0
                • Opcode ID: 4c79be18589fde6b877f4658700ce5ae98516b0dd396fd5e7bbad9fefd00edca
                • Instruction ID: d429577bb060eded655a702c1842ffe9d36670ee6780bfc14c22591e06f6e6b1
                • Opcode Fuzzy Hash: 4c79be18589fde6b877f4658700ce5ae98516b0dd396fd5e7bbad9fefd00edca
                • Instruction Fuzzy Hash: A4425A71900715DFDB61CF28C884BEAB7F5BF04314F1485AAE999EB245E770AA84CF60
                Function 0107A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: 3c1c82eb5ce054d53017360216fc3b74a6702de40fa8a318d5fd3f9c9122ac5e
                • Instruction ID: 9279f782241d5a8be96e5ca918f00274eb699f60e5d613f0f864b2f6e05bb015
                • Opcode Fuzzy Hash: 3c1c82eb5ce054d53017360216fc3b74a6702de40fa8a318d5fd3f9c9122ac5e
                • Instruction Fuzzy Hash: 01C19A71A08386CFD711DF58C044BAEB7E4BF88704F08496AF9D58B250E735CA45CB5A
                Function 010A8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrinit.c, xrefs: 010A8421
                • @, xrefs: 010A8591
                • LdrpInitializeProcess, xrefs: 010A8422
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 010A855E
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: 2d9d6e39b24ebc95783cfd1396809ec503f35156f3fd714f1f09f9c777f4810a
                • Instruction ID: 896c3660c586948aba879460fbea363b0ef51252526ea5be2563f16bfd8ed740
                • Opcode Fuzzy Hash: 2d9d6e39b24ebc95783cfd1396809ec503f35156f3fd714f1f09f9c777f4810a
                • Instruction Fuzzy Hash: 85918F71548345AFD721EF65CC80FABBAE8BF84784F80492EFAC496151E731E944CB62
                Function 010A273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • .Local, xrefs: 010A28D8
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010E21D9, 010E22B1
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010E22B6
                • SXS: %s() passed the empty activation context, xrefs: 010E21DE
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: 1fa15c5c0bb817f56c9c57babefc16e23dcdec7bea0bc6b58710ab712f5a89a9
                • Instruction ID: 2f335a55f9aa11ef7066a28f7e3ec001c563db553634b4158f2364453d23ff88
                • Opcode Fuzzy Hash: 1fa15c5c0bb817f56c9c57babefc16e23dcdec7bea0bc6b58710ab712f5a89a9
                • Instruction Fuzzy Hash: 02A1BF3190022A9FDB64CFA9CC88BA9B7F4BF58714F5541F9D988AB251D7309E80CF90
                Function 010A4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                Download Yara Rule
                Strings
                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 010E342A
                • RtlDeactivateActivationContext, xrefs: 010E3425, 010E3432, 010E3451
                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 010E3456
                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 010E3437
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                • API String ID: 0-1245972979
                • Opcode ID: 9e31de5fdf158abd28be27710067f217706d94a0b3d8f4a362adf341caff0412
                • Instruction ID: 611344936ba115e22f1e74a30964fab7ae99dfdd590e09736219668996472953
                • Opcode Fuzzy Hash: 9e31de5fdf158abd28be27710067f217706d94a0b3d8f4a362adf341caff0412
                • Instruction Fuzzy Hash: 3461237A6006129FD7628F1DC845B6ABBE4BF90B10F588569E8D5DF241CBB0F800CB91
                Function 010764AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 010D10AE
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 010D0FE5
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 010D106B
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 010D1028
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: 48f342fb97f5167aeb65236a0da5bf8eabf9eca1970658f31493d8aaa9870a06
                • Instruction ID: f03819f5ec2425a477c82ff776168ff4c1c3629ef3e6fda41a53d13c11445e07
                • Opcode Fuzzy Hash: 48f342fb97f5167aeb65236a0da5bf8eabf9eca1970658f31493d8aaa9870a06
                • Instruction Fuzzy Hash: 84710FB19043069FDB60EF18C884BDB7FE8AF54760F0004A9F9898B246D735D188DBD6
                Function 0109245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • apphelp.dll, xrefs: 01092462
                • minkernel\ntdll\ldrinit.c, xrefs: 010DA9A2
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 010DA992
                • LdrpDynamicShimModule, xrefs: 010DA998
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: 8384efa567c5d9067d58ec254cdb358c0b025fb7f113057408743683587ca3bf
                • Instruction ID: b78c4ec3c350d04ef11b4e78e2ba8c56fd8a734646e5ea9dba0a1e9e57c9d004
                • Opcode Fuzzy Hash: 8384efa567c5d9067d58ec254cdb358c0b025fb7f113057408743683587ca3bf
                • Instruction Fuzzy Hash: A9315D75B00301EBDB399F6DD881AAEB7F8FB84B00F150169E9A56B255C7B158C1C740
                Function 010829A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                Download Yara Rule
                Strings
                • HEAP[%wZ]: , xrefs: 01083255
                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0108327D
                • HEAP: , xrefs: 01083264
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                • API String ID: 0-617086771
                • Opcode ID: 09ba488b6eac5c33f3589c782432325a562233ab036facccc6a936f4d34d6e4d
                • Instruction ID: b16daff59cd4b1aa2ea6628c0734ceef973ac17d0991ad442770f2c3de167516
                • Opcode Fuzzy Hash: 09ba488b6eac5c33f3589c782432325a562233ab036facccc6a936f4d34d6e4d
                • Instruction Fuzzy Hash: 7592AC70A082499FDB65DF68C4407AEBBF1FF48704F1880A9E9D5AB392D735A941CF50
                Function 01080770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 9950436faacd25ebf36c33248908beb57973417127050dc44866e4bbe055be90
                • Instruction ID: 0aa9c9aaebd8160a4f580558dcace510fc52a05097e9ee4e33fe054384d7eeaa
                • Opcode Fuzzy Hash: 9950436faacd25ebf36c33248908beb57973417127050dc44866e4bbe055be90
                • Instruction Fuzzy Hash: 60F1BD30A04606DFEB25DF68C894B6ABBF5FF45304F1481A8E8D69B395D730E985CB90
                Function 01096962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: $@
                • API String ID: 0-1077428164
                • Opcode ID: 25779d386f3fdc12db98999d1e09643bf10c3da7e9c4d16433da8e3bf1d3602e
                • Instruction ID: 4d28b9bcd8dc3c7b2066f448dbfb5431f38ae1658ce53ff43198fcd8a3ad2ba1
                • Opcode Fuzzy Hash: 25779d386f3fdc12db98999d1e09643bf10c3da7e9c4d16433da8e3bf1d3602e
                • Instruction Fuzzy Hash: 5FC29B726183419FEB65CF28C891BABBBE5BF88704F04896DF9C987241D735D804DB92
                Function 0106A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 5c8515bc32e9dc06906567e34100b2afe00bfefea4116a5e00609bc5031fa8f2
                • Instruction ID: 8c025f8495467d7879dd28b92fa61421ac6bff161d617e8e23193d6d45799e1e
                • Opcode Fuzzy Hash: 5c8515bc32e9dc06906567e34100b2afe00bfefea4116a5e00609bc5031fa8f2
                • Instruction Fuzzy Hash: 53A16C719112299BEB71AF68CD88BEEB7B8EF44B10F0041E9E94DA7250D7359E84CF50
                Function 01090BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                Download Yara Rule
                Strings
                • Failed to allocated memory for shimmed module list, xrefs: 010DA10F
                • LdrpCheckModule, xrefs: 010DA117
                • minkernel\ntdll\ldrinit.c, xrefs: 010DA121
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                • API String ID: 0-161242083
                • Opcode ID: 8a0a4920a5d26f735369098572e7a9a0b12de1ddbde07b63d5ff40e33b37374a
                • Instruction ID: a3746c03f6b1a00887724649d85ddfb51e11443c173f28b7303ddfb80e985cd5
                • Opcode Fuzzy Hash: 8a0a4920a5d26f735369098572e7a9a0b12de1ddbde07b63d5ff40e33b37374a
                • Instruction Fuzzy Hash: D77100B0A00309DFDF29DF68C891AAEB7F8FB44304F14406DE596AB255E735A981CB40
                Function 01080A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-1334570610
                • Opcode ID: 08a91a7062c706cde0787d803a563b8ce70cd2de8796d07cba1eb52eded94c70
                • Instruction ID: b644ab93b1273d0e4b49a879c2a44bfc9483a224685ecf04e1b2b3c16ffa1571
                • Opcode Fuzzy Hash: 08a91a7062c706cde0787d803a563b8ce70cd2de8796d07cba1eb52eded94c70
                • Instruction Fuzzy Hash: 5B618F70604341DFDB69DF28C840B6ABBE1FF45704F1485A9E8D58F29AD770E885CB91
                Function 010AC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                Download Yara Rule
                Strings
                • Failed to reallocate the system dirs string !, xrefs: 010E82D7
                • minkernel\ntdll\ldrinit.c, xrefs: 010E82E8
                • LdrpInitializePerUserWindowsDirectory, xrefs: 010E82DE
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: 2f47e296cbe2842f04745f363a76f6710a80d4ada4b48c4b2e29505a11ab1a03
                • Instruction ID: 7bd837644dbbc95515aed366c0e6356e24f36490f2029689d05437f185d1cbc3
                • Opcode Fuzzy Hash: 2f47e296cbe2842f04745f363a76f6710a80d4ada4b48c4b2e29505a11ab1a03
                • Instruction Fuzzy Hash: D6411FB1244305AFD725EBA8EA44B9B7BE8BF44710F01483AF9D8D7260EB71D840CB91
                Function 0112C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • @, xrefs: 0112C1F1
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0112C1C5
                • PreferredUILanguages, xrefs: 0112C212
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: 4eda4cbe31da3922ec69f2995cdc05f1b599f9abf97ae199711d909842fc484b
                • Instruction ID: 91e9db962cd85b063f2b1526c4dbd29d365bd2e9a03ae53b7b9e35ee9c5bb2f3
                • Opcode Fuzzy Hash: 4eda4cbe31da3922ec69f2995cdc05f1b599f9abf97ae199711d909842fc484b
                • Instruction Fuzzy Hash: A9416271E00219EBDF15DAD8C891FEEBBB9AB15700F14406AEB49F7240EB749A448B90
                Function 01104144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: 98ee24d88e29de0d294fa31437a7a23ac4a5f4414a5162d427a8fa8bd9810588
                • Instruction ID: deeb7cfd861d865e9772fe7040251afe5764e02a5315a82cf8f4e4b44ae76a87
                • Opcode Fuzzy Hash: 98ee24d88e29de0d294fa31437a7a23ac4a5f4414a5162d427a8fa8bd9810588
                • Instruction Fuzzy Hash: FE410571E042498BEB2AEB98D880BEDBBB4FF55740F150459DA81EBBC1D7B49901CB11
                Function 010F4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • LdrpCheckRedirection, xrefs: 010F488F
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 010F4888
                • minkernel\ntdll\ldrredirect.c, xrefs: 010F4899
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: 34af2f6e7bd0628b3695601b83f47f85e3587b7e2621f1dad64b572a57e200e2
                • Instruction ID: 4b3a1bed75849de87a1370301adfc5252a2c8f1c9bfac731824ced7f25e0ae7f
                • Opcode Fuzzy Hash: 34af2f6e7bd0628b3695601b83f47f85e3587b7e2621f1dad64b572a57e200e2
                • Instruction Fuzzy Hash: 1041D072A007519FCB61CE18D842A6B7BE4FF89A50F0505ADEED8DBB21D731E801CB81
                Function 01080BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: 33eb9a3f796ce447fc86bdf5d6ee10525a32d59d321661f6e52d6bf5319606f5
                • Instruction ID: a62216990a8ce7bfb54468133a7f91633d945f58f5f6abbdb1c3fe0830aafc77
                • Opcode Fuzzy Hash: 33eb9a3f796ce447fc86bdf5d6ee10525a32d59d321661f6e52d6bf5319606f5
                • Instruction Fuzzy Hash: 291106313192429FD759DA18CC40BBAB7F4EF41629F188169F8C6CB255DF30D844C751
                Function 010F20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrinit.c, xrefs: 010F2104
                • Process initialization failed with status 0x%08lx, xrefs: 010F20F3
                • LdrpInitializationFailure, xrefs: 010F20FA
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: 542d594fe2419339a0a6fd20ad8b4aae43bb6ee78b1ea1bfc171c29fe10ed388
                • Instruction ID: 8a8816f8e66fd0d7e8ad9b5984422e627044e4b35cec1d864a714407d168be0b
                • Opcode Fuzzy Hash: 542d594fe2419339a0a6fd20ad8b4aae43bb6ee78b1ea1bfc171c29fe10ed388
                • Instruction Fuzzy Hash: 4CF022B8640308BFE728E64CCC43FEA37ACFB40B44F10006CFB80AB681D2B0A940C680
                Function 010803E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: fa36c433a1f4f90be73a91ea57098d0e0aa789087890e45b96146ef4d194ec0f
                • Instruction ID: aed88f734cdfa4e1fca912136833a167939b039412361e71899d54cfa4d1ab2b
                • Opcode Fuzzy Hash: fa36c433a1f4f90be73a91ea57098d0e0aa789087890e45b96146ef4d194ec0f
                • Instruction Fuzzy Hash: D7715A71A0124A9FDB01EFA8C990BEEB7F8BF48704F144065E985EB251EB34ED05CB64
                Function 0107A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Exit, xrefs: 0107AA25
                • LdrResSearchResource Enter, xrefs: 0107AA13
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: fec08abcf18eb66a48352476fdf127e2854132bcc53f658f69422360462a9cd2
                • Instruction ID: 468f10939565c67b115c68ae4000e081b4b977b06c10d19618aa466d08d71744
                • Opcode Fuzzy Hash: fec08abcf18eb66a48352476fdf127e2854132bcc53f658f69422360462a9cd2
                • Instruction Fuzzy Hash: ECE17071F04319EFEB22DF98C980BAEBBB9BF14310F1844A6E981EB251D7749940CB55
                Function 0113A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: d756e42588bdeaf4798b5bbfe0c09f92a9c51a08609e84775788dceb8b02fef0
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: F6C1D2712043469BEB29CF28D841B6BBBE5AFD4318F084A2CF6D6CB294D775D505CB82
                Function 010EE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: e48403afa1e6a36c266b13979fcfaeeff4881793ee4856e6a388cae3231be3b5
                • Instruction ID: 8d9204547782c928520cb80d01fb310ccf275ad20975ebd0a08548d4dadf18e5
                • Opcode Fuzzy Hash: e48403afa1e6a36c266b13979fcfaeeff4881793ee4856e6a388cae3231be3b5
                • Instruction Fuzzy Hash: 9A615B71E403099FDB25DFA9C984BAEBBF9FB48700F14406DE689EB291D731A900CB50
                Function 011143D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: 43899eac832eb1d2c59ad468e7f2728d25de0d372cc6afaa60e61434ed3c54aa
                • Instruction ID: 9d5f19aaf6c66ca714b312cf87e1885dc3bfe0cd460e72cc9e9807fc3a502974
                • Opcode Fuzzy Hash: 43899eac832eb1d2c59ad468e7f2728d25de0d372cc6afaa60e61434ed3c54aa
                • Instruction Fuzzy Hash: 575129B1E0021EAFDF15DFA9CC90EEEBBB8EB44B54F100529E651B7694D7309905CB60
                Function 010704E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                Download Yara Rule
                Strings
                • kLsE, xrefs: 01070540
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0107063D
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                • API String ID: 0-2547482624
                • Opcode ID: 264151b1e805edc35a44f1bd7a899bd98d24222ecdec6a5fab6a9f22df35afd8
                • Instruction ID: c8d983b15c5121a18ec178b04744a3a23b549fd76adbd2d3ec961fc9acef3dd2
                • Opcode Fuzzy Hash: 264151b1e805edc35a44f1bd7a899bd98d24222ecdec6a5fab6a9f22df35afd8
                • Instruction Fuzzy Hash: 8751C171A047428FD724DF28C4806E7BBE4AF8A304F108A7EF6E987245E770E545CB99
                Function 0107A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Exit, xrefs: 0107A309
                • RtlpResUltimateFallbackInfo Enter, xrefs: 0107A2FB
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: 171d5f5e7d09bc4dd2be9af2c59cc245daf309591879a403a4455be4c7dd1b54
                • Instruction ID: cd133c233686cb76dbeab02145f21afd2030c249328ec20e3fe425a131f7e9ab
                • Opcode Fuzzy Hash: 171d5f5e7d09bc4dd2be9af2c59cc245daf309591879a403a4455be4c7dd1b54
                • Instruction Fuzzy Hash: B0416831B04749DBDB219F69C880BAE7BF4BF84710F2880A9E990DB291E2B5D940CB54
                Function 010AA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: 0550eb9d24ad50c6d74e949188c0891fc5ace41936fec08c706024fb6b2d32cc
                • Instruction ID: e36de9fdf7b8229e88544f6ba9d36448e215440d33ed58a5930570919d890446
                • Opcode Fuzzy Hash: 0550eb9d24ad50c6d74e949188c0891fc5ace41936fec08c706024fb6b2d32cc
                • Instruction Fuzzy Hash: D601DCB2240700EFD321DF64CE85B66B7E8E798B25F008939A698CB1D0E374E844CB46
                Function 0107C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 0b8f7b7c0b37b2de0193a33cfc78f150b5f60a7c9d9c127529ea721229147dc1
                • Instruction ID: c4bca443d2dacf43116c93c0c502768a4c3f0fedca774502d5a3ca7426adc1c7
                • Opcode Fuzzy Hash: 0b8f7b7c0b37b2de0193a33cfc78f150b5f60a7c9d9c127529ea721229147dc1
                • Instruction Fuzzy Hash: 18827E75E002199FEB65CFA9C9807EDBBF1BF44310F1481A9E999AB350D7309D81CB58
                Function 010F6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: ed76955661423ce535f525072001f2f9845806bb55eb9b14b5289367e398d69c
                • Instruction ID: 9b36af55db1a557e82c98962591a8e8df39f54321d2913c0472b10f0e99eea38
                • Opcode Fuzzy Hash: ed76955661423ce535f525072001f2f9845806bb55eb9b14b5289367e398d69c
                • Instruction Fuzzy Hash: 58917071A00219AFEB21DB95CC95FEEBBB8EF19B50F104069F740BB590D775A900CBA0
                Function 0111E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 8ae9d409ae414e2d0b403c08be374c433fbf27db4c02947e80915b3411cc254a
                • Instruction ID: 61c5805285435ad2025d55405e3e25f1042e0c64f17bf96516dac98bca19e0cb
                • Opcode Fuzzy Hash: 8ae9d409ae414e2d0b403c08be374c433fbf27db4c02947e80915b3411cc254a
                • Instruction Fuzzy Hash: A591BE31902609AEDB2BABE5DC94FEFFBB9EF85740F000029F901A7255DB749901CB91
                Function 010AA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: 0e08e006366e2439296ef4b31013ba9571575bc6c38fa04cda3620ccfad301b1
                • Instruction ID: 005c700fc9d3dd4602d170895a59b3592d0c9e4d1ad4ff2b04125de97cd18443
                • Opcode Fuzzy Hash: 0e08e006366e2439296ef4b31013ba9571575bc6c38fa04cda3620ccfad301b1
                • Instruction Fuzzy Hash: 99718FB5E0021ACFDF68CF9EE5946EDBBF1BF68700F14816AE485A7241E7329841CB50
                Function 01114978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: .mui
                • API String ID: 0-1199573805
                • Opcode ID: 99f1baa2eb828a2981804d5afb9e955ac28cae6a04c488f9bbc7ef822962c87e
                • Instruction ID: 062096361d27b3899246c38b36ccfcd24f62c0496b2295ce8733aa5ddbfd25e2
                • Opcode Fuzzy Hash: 99f1baa2eb828a2981804d5afb9e955ac28cae6a04c488f9bbc7ef822962c87e
                • Instruction Fuzzy Hash: 0B516072D0022A9BDF18DF99D840AEEFAB4BF18F50F064139E952BB654D7349901CBE4
                Function 0108E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: f2c399b93a88ce06913570d97a11ba03122969b29e45d6bc9d8816460a4a85fe
                • Instruction ID: 4a9ba4bdcdf11b1c89263fd04ab1fa9d30015cc3621f1ba750f416d045c49d7d
                • Opcode Fuzzy Hash: f2c399b93a88ce06913570d97a11ba03122969b29e45d6bc9d8816460a4a85fe
                • Instruction Fuzzy Hash: B941707250C3129BD711FA75C880BABBBE8BF88B14F04097DF5D4D7180E674D9048796
                Function 010EC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 4f5157ff73de36672590590a1bcf442130129cbe9ba55dc592f37c97b3b245a9
                • Instruction ID: 1aa633cbaa1b2d62a031aa74914920b5970b5b73c726bc731b6980083222ed6f
                • Opcode Fuzzy Hash: 4f5157ff73de36672590590a1bcf442130129cbe9ba55dc592f37c97b3b245a9
                • Instruction Fuzzy Hash: E84141B1D0012DAFEB21DB51CE84FDEB7BCAB45714F0045E5AB48AB140DB719E898FA4
                Function 01106B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: 33bd7f2008d287e58289aeb61eca5b0c6ac3e388cb33e2c22696b6f275f02729
                • Instruction ID: 295c6ea984bdb7693cc20b15dc5176d479037aeff73524806bcc8a633178e0fb
                • Opcode Fuzzy Hash: 33bd7f2008d287e58289aeb61eca5b0c6ac3e388cb33e2c22696b6f275f02729
                • Instruction Fuzzy Hash: 67315731E007199BEB2BDF69C950BEE7BB8DF05704F104028E941AB2C2CBB5D955CB50
                Function 010ECA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: 5453780b06022ff6dc99d665d7e49dd3d583a2c2d49bf01978aed2155c317a20
                • Instruction ID: 47e317a34c0cab8753abd13d5f0adb5a5462e710fff8dcd7fa1c43f814891550
                • Opcode Fuzzy Hash: 5453780b06022ff6dc99d665d7e49dd3d583a2c2d49bf01978aed2155c317a20
                • Instruction Fuzzy Hash: A9310536900519AFFF15DA5ACA59EAFBBF4EB80710F014169A951AB250D7329E00D7E0
                Function 010F892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 010F895E
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: 3613cf1b1517971efdf99462df126066b92713ef864f1a1b6f26a8ab16c97582
                • Instruction ID: f11d1921435329f8aa08e0c9d1306ae1b88627793edaa5e7eaddbd3e2ff7f31d
                • Opcode Fuzzy Hash: 3613cf1b1517971efdf99462df126066b92713ef864f1a1b6f26a8ab16c97582
                • Instruction Fuzzy Hash: 3F012B31308201DFE7685B55DC86FDA7FA9EF91294B0C507EF7C116951CF226880C796
                Function 01112000 Relevance: .8, Instructions: 757COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ccd79191c01b837b78f2ab4c1384dbba142c0aa43fca7d8affe5b45ad7bc2cb
                • Instruction ID: 14b1a6801dafdb0b686995a54fd71455e0f6b229c0be8ee63e278ad527587074
                • Opcode Fuzzy Hash: 3ccd79191c01b837b78f2ab4c1384dbba142c0aa43fca7d8affe5b45ad7bc2cb
                • Instruction Fuzzy Hash: B242C1356083419BD729DF68C890A6FFBE5BF98700F28093DFA8297258D770D945CB52
                Function 01108158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 58892018ab6d184f704bc65d62ac25e62f84b01afb333bd46399bb6b59cc4e19
                • Instruction ID: 932d68636d65d3a48ce9d2cd0b96126d6af7648a14249a44d22be26b9a9f8a82
                • Opcode Fuzzy Hash: 58892018ab6d184f704bc65d62ac25e62f84b01afb333bd46399bb6b59cc4e19
                • Instruction Fuzzy Hash: 0E426075E142198FEB29CF69C841BEDBBF5BF88300F158099E989EB281D7749981CF50
                Function 01082840 Relevance: .6, Instructions: 605COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b059bcbb0d94254899372e486169009ce3ba025996c2c2213d94b5b9a21af954
                • Instruction ID: bb3813ecbedee4bae88703fb6543c8c675cdee6adf5e9bc404db29d2705f312c
                • Opcode Fuzzy Hash: b059bcbb0d94254899372e486169009ce3ba025996c2c2213d94b5b9a21af954
                • Instruction Fuzzy Hash: 3532EE70A047598BDB69CF69C8447BEBBF2BF84304F24416DE4D69B285DB36A842CF50
                Function 0111A118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee93004c149aededbcd4ce1423c449024114001919c196161c1af5a3a0238ec4
                • Instruction ID: 6fd16b5e68d1c73b84a26622b123fbb9e60b29c0c786609b390b16d3c59196c0
                • Opcode Fuzzy Hash: ee93004c149aededbcd4ce1423c449024114001919c196161c1af5a3a0238ec4
                • Instruction Fuzzy Hash: 7322B0702166E18BE72DCF2DE054372FFF1AF45300F09886AD9968B68AD335E552CB61
                Function 01076A50 Relevance: .5, Instructions: 548COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ceca333b291657a9dad16594a0aa2e22e008152e61a671ba4e765d499db0505
                • Instruction ID: d727345a7285cf26ffc75b812a13c9660c9209f75dc40c0c384726938e09bb3a
                • Opcode Fuzzy Hash: 3ceca333b291657a9dad16594a0aa2e22e008152e61a671ba4e765d499db0505
                • Instruction Fuzzy Hash: 2632AF71A04605CFEB65CF68C480BAEBBF1FF48300F1485A9E996AB351DB35E841CB94
                Function 01094A35 Relevance: .4, Instructions: 423COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction ID: deab7f173744beb3a1b9c31e2394c626475ec88f8f9cdd6f17472004e781d71b
                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction Fuzzy Hash: CCF18E70E0120A9FDF55DF99CAA0BAEBBF5AF48314F058169E985EB340E734D842DB50
                Function 0110892B Relevance: .4, Instructions: 386COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 951bea33a9a3a0e37312a53ae5ad74e217da322cc32e0aa85f2d7b8cfa687bad
                • Instruction ID: 4ccfb55c33a80a3c0828b19d22db462eba57ee7505f8a7e2962450b470112159
                • Opcode Fuzzy Hash: 951bea33a9a3a0e37312a53ae5ad74e217da322cc32e0aa85f2d7b8cfa687bad
                • Instruction Fuzzy Hash: 99D1F271E04A1ACBDF0ECF58C841AFEBBF1AF88314F198169D955A7281E775E901CB60
                Function 010765D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0294f13ba1322bb9b7fad9dc3fa457dd564b5ba2fab07a1e51820f4f520c409b
                • Instruction ID: 77b0d927affe7b894678286d2853b1e0d4ec7f9dcc170881b9028d0c9f7479e6
                • Opcode Fuzzy Hash: 0294f13ba1322bb9b7fad9dc3fa457dd564b5ba2fab07a1e51820f4f520c409b
                • Instruction Fuzzy Hash: 1CE19071A08742CFD755DF28C090A6ABBE0FF89314F048AADE5D687351DB32E905CB95
                Function 01068397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: acb5e22c2d8107022d7f612c67847c1640bafdf88f81dceca3c59d1814a1bea3
                • Instruction ID: 3237328c2dc722549a689540db34b818dc1399b84de82017121c391e04c01b96
                • Opcode Fuzzy Hash: acb5e22c2d8107022d7f612c67847c1640bafdf88f81dceca3c59d1814a1bea3
                • Instruction Fuzzy Hash: 3DD1D471A003069BDB14DF68C881ABE77E9BF58744F04866EE995DB280EB38D954CB50
                Function 010F8243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: 4fb4a9c9803b7bd55339f16a65dd03f1122a0bd9d3cc13016c103d65d0f35a7f
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: 17B14175A006059FDF64DB99C941AEBBBB9FF84304F14845EAB82A7B90DB34F905CB10
                Function 01080535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: 0a766b352a7c4834301d1c0c8f71b943fa98d49f73357a623455a94e6cc9579c
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: D7B1E731604746AFDB25EB68C850BBFBBF6AF88304F140195E6D2DB295DB30E945CB90
                Function 010783C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 460f2d8b482ad41e3051bc9fd73566bd3adffc9d483ee9ddf067a5eb777f7d10
                • Instruction ID: 9217df35473d56daaaff2b2c6786f6c835ee2620543f3c9731b67d3a7eb81f43
                • Opcode Fuzzy Hash: 460f2d8b482ad41e3051bc9fd73566bd3adffc9d483ee9ddf067a5eb777f7d10
                • Instruction Fuzzy Hash: 01C148746083418FD764CF19C488BAAB7E5BF88304F44896EE9C987291EB74E905CF96
                Function 0106C427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 161b0b4c0b0e9f92bb9fdcabfaa456a95b27e324adf9d07700737f2aa0453a94
                • Instruction ID: ab88f9f300ab1b88eeb8427c795ca67845ade238e593a0dbfa7a328de516b7b3
                • Opcode Fuzzy Hash: 161b0b4c0b0e9f92bb9fdcabfaa456a95b27e324adf9d07700737f2aa0453a94
                • Instruction Fuzzy Hash: 4AB16070B0026A8BEB64DF58C990BADB3F5AF44740F1485EAD58AE7241EB319DC5CF24
                Function 0109E5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1f5555bf7763890582148017bc4ecc5ad3bca68e07571fb09686ed67268f930
                • Instruction ID: 289843dda8de78906ae3ea774a24bb4102a036e1e092af4086370aac98a984d7
                • Opcode Fuzzy Hash: a1f5555bf7763890582148017bc4ecc5ad3bca68e07571fb09686ed67268f930
                • Instruction Fuzzy Hash: 68A14431E0031AAFEF21DB9CC854BAEBBE4BB04754F044165EAD1AB291D774AD41CBD1
                Function 010B0185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d3f5b90a9e9bc6aad9782d8b241abe4f7419ff8af2118a8d0841853c7bf2a68
                • Instruction ID: a245cb869859efeea5ef56bc6b456207843b19737d4499c72369397775d316f2
                • Opcode Fuzzy Hash: 2d3f5b90a9e9bc6aad9782d8b241abe4f7419ff8af2118a8d0841853c7bf2a68
                • Instruction Fuzzy Hash: E6A1DEB0B016169FDB25DF69C9D0BEAB7F4FF44314F00402AEA85A7285EB38E841CB40
                Function 01144500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1363fd2134af02571f2f646cd68148afc14a954e3f31ac638ec6e19770cc3e8e
                • Instruction ID: 3c84c8f43153610435d1ae4c017679d2860645afe88827cffecb196d9b6e314a
                • Opcode Fuzzy Hash: 1363fd2134af02571f2f646cd68148afc14a954e3f31ac638ec6e19770cc3e8e
                • Instruction Fuzzy Hash: 8FA1FF72A04612EFD729DF58C980B9AB7E9FF48B04F054528F589DBA61C734EC41CB91
                Function 01142B57 Relevance: .3, Instructions: 266COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction ID: 3335688f7bcaefe8b3439b8b9b07a75eaa615b53f89261df0c68a22a2a2f8a0c
                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction Fuzzy Hash: 4AB14971E0061ADFDF29CFA9D880AEDBBB5FF88710F148129E954A7350D730A981CB94
                Function 010F60E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce6a6b8b18ece293a1ea3daf041157a202b33d6f92dedafc77499836747222f4
                • Instruction ID: 85960ae01d0e4098ee07aadbde0d7240e2e55b2c970ca3934b5dad723496a530
                • Opcode Fuzzy Hash: ce6a6b8b18ece293a1ea3daf041157a202b33d6f92dedafc77499836747222f4
                • Instruction Fuzzy Hash: 3791C171D0021AAFDF15CFA8D891BAEBBB5EB48710F14816DE790EB741D736D9009BA0
                Function 0108E3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0fbe1ea44bfa9d7f9baf06d37e96d1ea933a96062ffd9b0379d2e00b453bc65c
                • Instruction ID: dae352a32ce4b194b15e420db6613482614f7c37cec3e84258efc847ecb236ab
                • Opcode Fuzzy Hash: 0fbe1ea44bfa9d7f9baf06d37e96d1ea933a96062ffd9b0379d2e00b453bc65c
                • Instruction Fuzzy Hash: 6C911431A046168BEB24AB5CC440BBEBBE1EF94714F0540A9E9C59B281EB34DD41CBA1
                Function 010C6ACC Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6bbab1550228bf27b2e16fce206fab5450ee6cb8b4d7ee2d688515f30115bb3d
                • Instruction ID: 62ed6fcde0128103e4c32c35a9c3b393fbcc4ab0c8a7805fe9137d9b0d4cee5a
                • Opcode Fuzzy Hash: 6bbab1550228bf27b2e16fce206fab5450ee6cb8b4d7ee2d688515f30115bb3d
                • Instruction Fuzzy Hash: 7D8183B1A0061A9BDB28DF69C980AFEBBF5FB48B00F04852EE485D7740E735D940CB94
                Function 0113AB40 Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction ID: 71a032e8b263654220c490a5eab3796482087c92df6e04e974b1f3c5b2fffd2f
                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction Fuzzy Hash: 81818F31A002099FDF1DCF98D890AAEBBB6BFC4310F198569D956DB348D734E901CB50
                Function 010AE284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 450b0131715265c77d59e3ac0b090aedc0fa61ab5363aea465075b7c071dfc17
                • Instruction ID: a6dc2e0629ae7b6c695c9d10d1c97cf364641ba2ff367c3cbf7e0097ff026515
                • Opcode Fuzzy Hash: 450b0131715265c77d59e3ac0b090aedc0fa61ab5363aea465075b7c071dfc17
                • Instruction Fuzzy Hash: ED817171A00609EFDB65CFA9C884BEEBBF9FF88354F508429E595A7250D730AC45CB60
                Function 0108C640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 58d07f75ae46c05acfd0119d5e7f4a2c5cb0345ab8078c1e59c85c74c0193796
                • Instruction ID: 6c3ca183414ec8efc3ad02471daadece5ee9a150451befc74d731dc8e4bc7971
                • Opcode Fuzzy Hash: 58d07f75ae46c05acfd0119d5e7f4a2c5cb0345ab8078c1e59c85c74c0193796
                • Instruction Fuzzy Hash: C171BD75D042659BDB25AF58C9907FEBBF0FF58710F14816AE9D2AB390E3309840CBA0
                Function 011247A0 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2aa6c8e355193bf082ab765a8c08b05c603715c5d8ac25fab2b165c307d9d1a8
                • Instruction ID: 0b622a5f6e2727520622921b539dc399a32236651634dd1fd440fe14010550af
                • Opcode Fuzzy Hash: 2aa6c8e355193bf082ab765a8c08b05c603715c5d8ac25fab2b165c307d9d1a8
                • Instruction Fuzzy Hash: C771C5B0D00215EFDB2CDF59DA40A9EBBF8FF94300F01816AE651A7668D7728990CB94
                Function 010F035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: fe79fa4bda5decb3b2affac30e1dc438f4cc6c704931a8dc4a08d62f2aad7247
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: 64718F71A00619EFCB10DFA9C985EDEBBB9FF88700F104569E685EB651DB34EA01CB50
                Function 011062A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb8d4f37d23eed5ee301b604222e9b172404cf389cebaf8306aadf522582902c
                • Instruction ID: 45f25a878840edf314b0c178eb2525a0925eb1d566222b44d73cc58af0b272f5
                • Opcode Fuzzy Hash: eb8d4f37d23eed5ee301b604222e9b172404cf389cebaf8306aadf522582902c
                • Instruction Fuzzy Hash: EA71E432A00705AFE73B9F18C844F9ABBE6FF44760F164418E2958B2E1D7B5E954CB50
                Function 01078AA0 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dd93d7d460db03e11d8ebb11119691fe650f9d4a9c6191ed64ffb134f7405e63
                • Instruction ID: 36998741c8c06068b2d7bbd8e05130ed11d0cb8f97a22065206790f62e1dc1b6
                • Opcode Fuzzy Hash: dd93d7d460db03e11d8ebb11119691fe650f9d4a9c6191ed64ffb134f7405e63
                • Instruction Fuzzy Hash: 3F81BF72A04315CFDB29CF9CC588BADB7F1BF88310F1581AAE950AB691C7759D40CB94
                Function 0112A250 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87822ffa1d175f1c84ed68ca47e7de3badaa54578cadb213918b099fc2bef05f
                • Instruction ID: e17674cc08f93615af16c3cd2e6c66abdf280727756921b3484e0827c471a7f5
                • Opcode Fuzzy Hash: 87822ffa1d175f1c84ed68ca47e7de3badaa54578cadb213918b099fc2bef05f
                • Instruction Fuzzy Hash: 36511272508362AFD315DE68D884E9BB7E8EFC4714F050929FA80DB110D730ED14C7A2
                Function 01118350 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abce31dd94bdab38b181bfc1dffe632439996e40116609060b1fcc1338915d91
                • Instruction ID: 6a1643a581f976291146f8135962db09923be211b1899dad38e805a1480cfcc2
                • Opcode Fuzzy Hash: abce31dd94bdab38b181bfc1dffe632439996e40116609060b1fcc1338915d91
                • Instruction Fuzzy Hash: 1451E370900705DFD729DF5AC880BABFBF8BF94714F10862ED29657AA4DB70A541CB50
                Function 010AE443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82d1affeafeb18688258ac13d4ed750b4a4209c5df96449baadf674eaf473829
                • Instruction ID: f5c1dad7818f501ffafc60b0b17ddcf7a423d98cbc786313c81f3c19ef2b64b2
                • Opcode Fuzzy Hash: 82d1affeafeb18688258ac13d4ed750b4a4209c5df96449baadf674eaf473829
                • Instruction Fuzzy Hash: F2515C71200A19DFDB22EFA9C984EAAB7FDFF54784F8004A9E5D197660DB34E940CB50
                Function 01114180 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4da45fa8f03fbef72867f8611815f2889c158e2cb51c7a9c4349add5dbc2a4f
                • Instruction ID: 2f0b40ee8a5107960ad24f3d91311c94dd7f6db88100b0a232c7cc876f9dfb69
                • Opcode Fuzzy Hash: c4da45fa8f03fbef72867f8611815f2889c158e2cb51c7a9c4349add5dbc2a4f
                • Instruction Fuzzy Hash: AE5165712183128FD748DF29C880AABF7E5BBC8B08F44493DF585C7654D730DA058B52
                Function 010945B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: 12caa9928573b928da8608fc341ec59ff0f44f3bfc23f4ae10b84c4ce2a85945
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: BC51AE71E0020EABDF15DF98C960BEEBBB5BF49710F04406AEA80EB250D734D945CBA0
                Function 010FE9E0 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction ID: 02ee3f99f17aa03359233483e285eb1ed6cd3287949da6ff7bd80f2b14f368bb
                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction Fuzzy Hash: FF519531D0020EEFEF21DE94C886BEFBBB5AB00324F16466DD792675A1D7359E4487A0
                Function 01138B28 Relevance: .2, Instructions: 152COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 471622468af96a345c903b306ca14193a104de2615a1b2c888fdb4351090d0a9
                • Instruction ID: d7e37b231f971c7359f6749481bebd863cc494c3a6f30264b9850bf7dfbc0be0
                • Opcode Fuzzy Hash: 471622468af96a345c903b306ca14193a104de2615a1b2c888fdb4351090d0a9
                • Instruction Fuzzy Hash: 9F41F4707056129BEB2DDB2DC894BBBBB9AEFD0220F148318F9598728CDB34D901C791
                Function 010FCBF0 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: acf6fac32a9ba63f9c8bdbee1c8317e72c196df450c3317ad46a0a2af8bc9d53
                • Instruction ID: 84674f74fdf1ac6af3a524f4a087d42242ca628c423211c3ebafbaf7300d8c2a
                • Opcode Fuzzy Hash: acf6fac32a9ba63f9c8bdbee1c8317e72c196df450c3317ad46a0a2af8bc9d53
                • Instruction Fuzzy Hash: 5151B07190021DDFDB20DF69CA82E9EBBF9FF48214B108569D696A7B40D731AD41CBD0
                Function 010AA430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8097648bad367ffa95d742cfe11277b5b255f46ec3c3e0d7f6b3107db17eb6a1
                • Instruction ID: 40610da66c00bd1a0491ca154c4dc426d69b21c56f81dccdcc8128634f55c03a
                • Opcode Fuzzy Hash: 8097648bad367ffa95d742cfe11277b5b255f46ec3c3e0d7f6b3107db17eb6a1
                • Instruction Fuzzy Hash: 9741F871741215DFDF29EFA9E880BAE37A5AB68B08F41007DFAD19B251DB739840CB50
                Function 0113A9D3 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction ID: 75979502fcb46a8f0cfe360665584a62a1694359ad98a904806b57641664b85c
                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction Fuzzy Hash: A441F6326047169FDB2DCF28D880A6AB7A9FFC0214B05462EE992D7748EB30FD15C790
                Function 010A01F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 932b585895bf63be72a4b5f01ac30fc6b500ac3af7fb282a2757f9f983687ff1
                • Instruction ID: ef50ead402ea0d489ac57f009766a749de65e8e011e66be378b5fb1c5e21005d
                • Opcode Fuzzy Hash: 932b585895bf63be72a4b5f01ac30fc6b500ac3af7fb282a2757f9f983687ff1
                • Instruction Fuzzy Hash: C441DD36A00219DBDB14DFD8C440AEEBBB4BF48B10F54816AF895FB244E7359D41CBA4
                Function 0109EBFC Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 953f0fd149cb5ec5910047da52f8104a749c14bd9c400a37da29f4d5c7b9aa72
                • Instruction ID: ff57ccea52af6157099efa673fc6b132c9d86f8b68b336c227992d0058b1fe9d
                • Opcode Fuzzy Hash: 953f0fd149cb5ec5910047da52f8104a749c14bd9c400a37da29f4d5c7b9aa72
                • Instruction Fuzzy Hash: 5B41C3B12043469FDB24EF28C890A5BB7E6FF88224F048879E9D7C7611DB31E845DB51
                Function 010B2750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: 918a70e8d2146f0414fce5bd187130b0389d2b96e0983eb869d93b95d55f2de1
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: 9B517B75A00215CFCB55CF99C484AAEF7F2FF88710F2481A9D995A7351D770AE42CB90
                Function 01076154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2fdfa3a73e1224f0c9e98e5819457ae294d7b0cd1d8bbcd8633af43e6edee823
                • Instruction ID: 79d534fb2f0e241d655f8118acb7c1f571f4c39d42a6b0732d55a753c690ae09
                • Opcode Fuzzy Hash: 2fdfa3a73e1224f0c9e98e5819457ae294d7b0cd1d8bbcd8633af43e6edee823
                • Instruction Fuzzy Hash: FC510670D00A069FEB659B28CD00BE8BBF5FF11314F0482E5D5AAA72D1DB369981CF44
                Function 01070BCD Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0677e5e8c24c1bd5f2b4a83273a748e77f63372fc8629d059df609cfe37a12bf
                • Instruction ID: 8aef82399074af77bca568a7a833650ffec25bd78a674203629307c2ba15a32a
                • Opcode Fuzzy Hash: 0677e5e8c24c1bd5f2b4a83273a748e77f63372fc8629d059df609cfe37a12bf
                • Instruction Fuzzy Hash: CE418171E0026D9BDB61EF68C940BEE7BB4EF45B40F0101A9E988AB241D774DE80CF95
                Function 0113866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: 6d05138f62c2518e54d3ae82b2365e8ce67ce6b5d0886534dc8892a7eaaae5f5
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: 3541D6B5B00205ABEF19DF99CC80AAFBBBAAFC8204F144169F50097349D774DD01C760
                Function 01070887 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: afa26d592fb71d65ccc3fd968cb7f8f32fcbdad0b0743a0d6f0f551341026192
                • Instruction ID: c8e342145ee69d82223192911c8bcf3c608dcab4f5e38b8d4798c94825f14dd9
                • Opcode Fuzzy Hash: afa26d592fb71d65ccc3fd968cb7f8f32fcbdad0b0743a0d6f0f551341026192
                • Instruction Fuzzy Hash: F741C4B1A007029FE325DF28C480A66B7F5FF4A314B148A6DE5C787A55E731F845CB54
                Function 0109A470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb821fb01bcf9b76e667d45e9a90c52711e62ce08636ea0c502e83d7fde65b37
                • Instruction ID: c90fd3e31035147864a7c878360f7eb880268178fcbdf9f72eed8ed896fe409d
                • Opcode Fuzzy Hash: eb821fb01bcf9b76e667d45e9a90c52711e62ce08636ea0c502e83d7fde65b37
                • Instruction Fuzzy Hash: 3A419B32B42215CFDF25DF6CC8A47ED7BB0FB58324F1401A9D4A1AB292DB359940DBA1
                Function 01078BF0 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8c105350435a4fd3f6fbafcaf8118fea84c126b48d82626200e6ca898c16eb9e
                • Instruction ID: 69ab57b1ba4c9586b64373320f8be1a495f18ed40b0a11d52b44707e72bbdbaf
                • Opcode Fuzzy Hash: 8c105350435a4fd3f6fbafcaf8118fea84c126b48d82626200e6ca898c16eb9e
                • Instruction Fuzzy Hash: B3411132E00206CBD7299F5CC888A9EBBB6FB94704F14C06AD9519B665C736D882CFD5
                Function 01068918 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 35922b88d3a96113ba22457951e1c211ca001b5835a26a3ad3232acf7ab3f91d
                • Instruction ID: 577a2b310cdbc86aa697aaa39870bd12d870f85f147d0f652917ec3d64ecd94f
                • Opcode Fuzzy Hash: 35922b88d3a96113ba22457951e1c211ca001b5835a26a3ad3232acf7ab3f91d
                • Instruction Fuzzy Hash: DD4146315083069AD312DF698841AAFB7E8BF88A94F44092FF9C0D7250E761DE058BA3
                Function 0106A020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: aca5c24345a93ea2caf23b58d8090f777e3d30a522e671c074ccb5bb6be013b0
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: 4E412B31B04212DBEB51FF6884417BEB7A5EB50BA4F1580AEF9C5AB341D6329D41CF90
                Function 010709AD Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cdf04322b8436a6102bf04683eeb7b79320f9327755746d36147242c54439bb
                • Instruction ID: f7647b28ca2c7ea6e6ef1caa96ad52660519cba845ba7de545dfde03e3bfe183
                • Opcode Fuzzy Hash: 8cdf04322b8436a6102bf04683eeb7b79320f9327755746d36147242c54439bb
                • Instruction Fuzzy Hash: 30417CB1A40701EFD721EF18C840B6ABBF4FF59714F24866AE489CB251E771E942CB94
                Function 010A0710 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction ID: b52ed663810faad43607309d57d5ba5c84c7edab56b9d49be03d12c73f10be46
                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction Fuzzy Hash: 87411671A00609EFDB24CF98C990AAEBBF4FF18700B50496DE596DB694D730AA44CF94
                Function 0107262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a87493f421e95783076a53afc8f8ed76c75bd82784eea934b735627e8fef8aa7
                • Instruction ID: 6861cf24aebc3843674cc4d2098f5a7e41b791a44f07e1d25837b4a34d5d8341
                • Opcode Fuzzy Hash: a87493f421e95783076a53afc8f8ed76c75bd82784eea934b735627e8fef8aa7
                • Instruction Fuzzy Hash: B241D3B1901705CFCB65EF28CA40B99B7F6FF48710F1081AEC5969B2A1EB30A981CF55
                Function 010AC8F9 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 93f98e80112c4a0a8e38f7163f7386bc6d54fc2985fc9909546cbbe0db666fe0
                • Instruction ID: d2fef704d013463614ffdc873369ca79a2654860e94fa1588883076b519aeb12
                • Opcode Fuzzy Hash: 93f98e80112c4a0a8e38f7163f7386bc6d54fc2985fc9909546cbbe0db666fe0
                • Instruction Fuzzy Hash: AF318BB2A01345DFEB56CF98C540799BBF0FB09728F2181AED159EB251D7369902CF90
                Function 010F07C3 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb5a7f82d0d01541383732aaf7f6e02db9bb11750352732844c6b21ce8a91e78
                • Instruction ID: 4c4793bddcd295dc94675e9567db54fc00f8f07a3f5f1123e07dcddb191d4b90
                • Opcode Fuzzy Hash: eb5a7f82d0d01541383732aaf7f6e02db9bb11750352732844c6b21ce8a91e78
                • Instruction Fuzzy Hash: 3841B0715083059FD760DF28C845B9BBBE8FF88664F004A2EF6E8C7251D7309905CB92
                Function 010680A0 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6cc62e4de55ea8a2f66af58b603136ecee526f4eff65a747f9eb0cbf7d94cc0a
                • Instruction ID: 63e4d79ea4012c039f64788ac077da7ad6abcffb087af8a2e144bf2403af78b8
                • Opcode Fuzzy Hash: 6cc62e4de55ea8a2f66af58b603136ecee526f4eff65a747f9eb0cbf7d94cc0a
                • Instruction Fuzzy Hash: A841CE71E0561AEFDB11DF58C880AACB7FDBF54760F14C26AD895AB280DB34ED418B90
                Function 010F05A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97e13384f1441370200500e1f0c5e217d649ce91c74afacbd0211acfcbc24ce1
                • Instruction ID: e6e0faad365d406b4ded48c1bd8f6912f5024d25d0f6ebadcc2b391591feb556
                • Opcode Fuzzy Hash: 97e13384f1441370200500e1f0c5e217d649ce91c74afacbd0211acfcbc24ce1
                • Instruction Fuzzy Hash: 6E41C6726086469FC310DF68C851AAAB7E6FFC8700F14465DFAD4D7685E730E904C7A5
                Function 01074859 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 020f3ebba68867284bfe541a6f00df9f12e1535d2ff0f9c2ee27d1e80ec72272
                • Instruction ID: 992d05f9011bdc1691277e1f50cb2d583f0467b368da07f16d73bbdebfb44002
                • Opcode Fuzzy Hash: 020f3ebba68867284bfe541a6f00df9f12e1535d2ff0f9c2ee27d1e80ec72272
                • Instruction Fuzzy Hash: 5E410270A043068BD725DF2CD884B6ABBE9FF80360F1444ADE6D5CB2A1DB30D851CB95
                Function 01068B50 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d38ae874d085cfc269e72cedb764ab80d5e95b893fc5ca11a04d8cf70f98b439
                • Instruction ID: 9d347838b9d55a915e1fb8febfd33f6477dff17dabb9e8fdb9f901bcf04458f7
                • Opcode Fuzzy Hash: d38ae874d085cfc269e72cedb764ab80d5e95b893fc5ca11a04d8cf70f98b439
                • Instruction Fuzzy Hash: 89418CB1A01709CFCB15CF69C98099DBBF5BF98720B20C66ED5A6A72A0DB349941CF40
                Function 010802E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: 048107fb5a11fa865c3555a5ff8531ff73de0f2c70a8a4715344fbfd495b854a
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: 25312571A08245AFDB52AB68CC40BDFBBECAF14350F0481B5F8D5D7356C6749888CBA4
                Function 0111E3DB Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 994f23a9876ba6cc0a2d58b291fa02088821c1ede3dcf6088d0656828e9ab71e
                • Instruction ID: 60cecf7d263c01f43cd39f7e60302247b1cbe80ef039551d02f110658cecf7d1
                • Opcode Fuzzy Hash: 994f23a9876ba6cc0a2d58b291fa02088821c1ede3dcf6088d0656828e9ab71e
                • Instruction Fuzzy Hash: CF31B87578171AABDB26AF958C40FEBB6A8AB59B50F000034FA40EB695CB64DC0087A0
                Function 01124B4B Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa0251d9f1d46ccba763eb4c42f04528a9a402c978c880805679ee7ed51c4a85
                • Instruction ID: 316af019ea201292a8d0ba21380a717129bca9bd376e131926fd148abf9033ff
                • Opcode Fuzzy Hash: fa0251d9f1d46ccba763eb4c42f04528a9a402c978c880805679ee7ed51c4a85
                • Instruction Fuzzy Hash: F0310472205621CFC329DF1DD880E6ABBE5FB81360F0A447DE9958BA65D731E860CB91
                Function 01074260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e3f567d7d65865bac3ee1c92c158a262c3f8192a3df001f9097f9264e9187c0
                • Instruction ID: e178bb8e25f5cd6c73c77630dc041136f510d2ed9e884a6e99fe4d2bef38fd09
                • Opcode Fuzzy Hash: 2e3f567d7d65865bac3ee1c92c158a262c3f8192a3df001f9097f9264e9187c0
                • Instruction Fuzzy Hash: CA41B971601B059FC722CF28C880FEABBE9AB49314F018469E6DA8B250CB70E840CB90
                Function 01124BB0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c203b85af01bedca48e303ac2e328d391a4b248789bad23ac7114cd5659b6d9
                • Instruction ID: 3181ad5d8429de49412fc0391619a83f144c91d6fc4b6d3f1dd8078224f6c8f2
                • Opcode Fuzzy Hash: 5c203b85af01bedca48e303ac2e328d391a4b248789bad23ac7114cd5659b6d9
                • Instruction Fuzzy Hash: 0F31AD716046118FD328DF2CC890E6AB7E5FB84720F06456DF9A59BB90E730EC64CB92
                Function 010EEB1D Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39dc172845519aabddd52d66682c8b3e6683339129f08e9d0ed33605a99e8408
                • Instruction ID: 560253a9c275ed24f57a2fca6c19ea844efe03830eef188ce772474e32229662
                • Opcode Fuzzy Hash: 39dc172845519aabddd52d66682c8b3e6683339129f08e9d0ed33605a99e8408
                • Instruction Fuzzy Hash: CB31D43170168A9FF7226B5ECD4CB567BD9BB80B40F1D00E4ABC58B6D2DB68E841C220
                Function 011361C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fe598f73a7482c6f365eaa1ab1f262e069c87a34a5596dd23e19697b2b986627
                • Instruction ID: 6f6bf823779f0d0cf3b71cb7fd00ae24905d0c0025de2b20a85d49fb743a049e
                • Opcode Fuzzy Hash: fe598f73a7482c6f365eaa1ab1f262e069c87a34a5596dd23e19697b2b986627
                • Instruction Fuzzy Hash: CD31C475A0011ABBDB19DF98CC80FAEB7B5FB84B40F464168E941EB245D7B0EE40CB94
                Function 0111483A Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb54571e0c2aa4b1f50efe39f8e232815fbe21c2d24ff3f6ac8e86c16d1beac9
                • Instruction ID: 6b5b93b6c7a407fd305dba3b86deb3d9700b27c206854e37c8ccab951fb60bed
                • Opcode Fuzzy Hash: bb54571e0c2aa4b1f50efe39f8e232815fbe21c2d24ff3f6ac8e86c16d1beac9
                • Instruction Fuzzy Hash: F5318376A4012DABCF25DF54DC88BDEBBBAAB9C710F1000A5E508A7250DB30DE91CF90
                Function 0109EB20 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dce2e26de23c88a44e4824eae6411ad3967acd63f51923d2125bce1c2165a408
                • Instruction ID: 06bba8c75bc6801f82cfb120d4b48945344eb8ca584ac68937be0e34235deb29
                • Opcode Fuzzy Hash: dce2e26de23c88a44e4824eae6411ad3967acd63f51923d2125bce1c2165a408
                • Instruction Fuzzy Hash: ED319372E01219AFDB21EFA9CC40AAFBBF9EF44750F118465E596E7250D6709E009BA0
                Function 011360B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ec43d85a43f41c3fdb9114ef51e66e6c6c787d35d94c2c3b3016c11b1cc4f55
                • Instruction ID: 663507f03f514f3004108656fb5b96b007ceed43c16a0a2a6ce56772f58034db
                • Opcode Fuzzy Hash: 4ec43d85a43f41c3fdb9114ef51e66e6c6c787d35d94c2c3b3016c11b1cc4f55
                • Instruction Fuzzy Hash: 8E31E271A00216BBDB2AAF99C840BAEB7F9AFC4354F110069E545EB352DB30DE00CB90
                Function 010707AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 742514ec2e607c0601441c5c7876d1a4a6d1440b3d8c953b145e1008dd656a76
                • Instruction ID: 54f4acab320fb550902376d52c43ccc8f382a5e6c920122be14ec9f76e15cbd5
                • Opcode Fuzzy Hash: 742514ec2e607c0601441c5c7876d1a4a6d1440b3d8c953b145e1008dd656a76
                • Instruction Fuzzy Hash: 03310032E04206DBC752EE28C880AAFBBE5AF96650F014628FCD59B314DB30DC1187E5
                Function 01078550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bea619f7ce73b4642af3d4bfb6f0aa293c95f9142fc095d47724019d31f3db4c
                • Instruction ID: 761dcc03888abbf7864d6a5aae139bd20d1edc746a80bde5eb1a054db1e4c3d9
                • Opcode Fuzzy Hash: bea619f7ce73b4642af3d4bfb6f0aa293c95f9142fc095d47724019d31f3db4c
                • Instruction Fuzzy Hash: E1317EB1A093018FE764CF19C844B1ABBE5FF98700F0589AEF9C497251D771E844CB96
                Function 010AA6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: 6f3f403974982f951ec9cccf3fb6de7e24a9fc228e2104edb83b5b8e9f3b3ebc
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: 23312F72B00701EFD765CF69DE40B5BBBF8BB18650F44456DA5DAC3690E630E900CB60
                Function 0111EBD0 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 78ecd9b9aa7c9d1c5a4f476821ce7becee47772242038d57cb35ba8e8fdbd300
                • Instruction ID: f9b5fa1f4b2dac0f289087952fc8f1a65cc75ab9bf1e76bbdc226a107becc2a6
                • Opcode Fuzzy Hash: 78ecd9b9aa7c9d1c5a4f476821ce7becee47772242038d57cb35ba8e8fdbd300
                • Instruction Fuzzy Hash: 5131FAB150A342CFC71ADF59C940A5AFBF5FF89214F0449BEE8889B215D331D990CB92
                Function 0109438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d43a16538c196e734ef3fced87a68f8ec80b30a3e3259f2fd2dfb0629b705b4a
                • Instruction ID: 2bba533bf944e61246e299556b5814e277e40ed76bc5facd242a999b570a4393
                • Opcode Fuzzy Hash: d43a16538c196e734ef3fced87a68f8ec80b30a3e3259f2fd2dfb0629b705b4a
                • Instruction Fuzzy Hash: 3D31D431B003069FDB24EFB8CA90AAEBBF9AB84704F018529D195D7254DB31D942DB90
                Function 0106CB7E Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction ID: 82c1bffcb4be6bd3388a111c32ac7cce6dee527d11e8b53ce9ab15ebdd47220f
                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction Fuzzy Hash: 4521F931F0025EAAD7119BB98810BEFBBB9AF54750F058079AED5E7240E270D9008BA0
                Function 0106C156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8a3bed6919c47e1d59f07e547e2fa91fdf66c767e2c5fc2c450af5706a30496
                • Instruction ID: d5648e4db90dc5bd075015076ec3740d8f0b9ca45433791714fc64d265d20e58
                • Opcode Fuzzy Hash: b8a3bed6919c47e1d59f07e547e2fa91fdf66c767e2c5fc2c450af5706a30496
                • Instruction Fuzzy Hash: 5D31F4B15002118BD725AF68CC40BAD77B4BF54714F5482BDD9C69B382EA34D986CF90
                Function 0112C3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: 751907b0c7639380a5ad327cb04e31ea7d0fa731e4e567bfc20b9c4d0b34453a
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: FC212036A006A666DB19AB95C800BFFBB74EF50714F80841AF7D587551F734D950C3E0
                Function 0106E420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e449634e024bff9a043a641539a05e8b344a25d96d8ab984cd1e75baea4d26d8
                • Instruction ID: 4fe6f9c58a42cd66160b106f0c8bf62babe36f6b10c43509d113295441982183
                • Opcode Fuzzy Hash: e449634e024bff9a043a641539a05e8b344a25d96d8ab984cd1e75baea4d26d8
                • Instruction Fuzzy Hash: 7731A235A0162C9BDB35DA28CC41BEE77BDAB15B40F0101A1E6C5AB290DA749E808F90
                Function 010A4588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: 82279ec2c711ff43dabf85e5dfdf30eb2c478d49b856f212b21a9b68e0e602d9
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: 48219135A00609EFCB15CF98C980A8EBBF5FF4C314F548065EE55DB241D6B1EA058B91
                Function 010A44B0 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d3188c14953324ac9188f26ccb0045b66c552c26a3e523bab804b3d2cfd88df4
                • Instruction ID: 6611a6fd4aa82adc36e2caa46e79319cf692e8a84a618b3ecaa222020e11141c
                • Opcode Fuzzy Hash: d3188c14953324ac9188f26ccb0045b66c552c26a3e523bab804b3d2cfd88df4
                • Instruction Fuzzy Hash: 1D21D172608745DBCB21DF68C880B6BB7E4FF88720F444929F9D49B242C770E9008BA2
                Function 0106E388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: 063f810d8922ede430db4fcc0fb188d3c3c82ea587846139b9d5c52729ecfb46
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: 5F319A35600705EFD721DFA8C884FAAB7F9EF85354F1045A9E5928B280EB30EE02CB50
                Function 010EE609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a69f857fb2847755163dc47d05c6b9487fa9293e77760c81844a3a518376843d
                • Instruction ID: 65261a8247b9e586e3f17ecff311499efaf513b193e8f4fe99c0093e39e1f615
                • Opcode Fuzzy Hash: a69f857fb2847755163dc47d05c6b9487fa9293e77760c81844a3a518376843d
                • Instruction Fuzzy Hash: 0A316F79600209DFDB18CF19C8889AEB7F5FF88344B15445AE8899B3A1E771EA50CF94
                Function 010F06F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 71024b09494b30bd2e9966fdb92ea6572cc500848343d37e22d5fa4bb183f706
                • Instruction ID: ac9b889af8a0869b5c3fd41a63c35a3a1665e09763245880b91e796d7b4df07a
                • Opcode Fuzzy Hash: 71024b09494b30bd2e9966fdb92ea6572cc500848343d37e22d5fa4bb183f706
                • Instruction Fuzzy Hash: E9218D71A002299BCF25DF59C881ABEB7F9FF48740B5440A9F981EB255D738AD41CBA0
                Function 010F019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 45006187c2da0ccfe1eda3d85cd26a06757cfab930d0124b78aa44012327cca9
                • Instruction ID: 18caefb99514f4e19d77d595b6bab2cbf91c9c7f21ec93bfa49b1a71db80447a
                • Opcode Fuzzy Hash: 45006187c2da0ccfe1eda3d85cd26a06757cfab930d0124b78aa44012327cca9
                • Instruction Fuzzy Hash: 10218B71600645ABD715EB6CD880AAAB7A8FF98740F1440A9FA84DBAA1D634ED40CB64
                Function 010F0283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c4d37a85549b5c66e6e1d39a3da7e472fcd51d68b65a52112b33beab5ba5c72
                • Instruction ID: 86da09e92bd882e3846dc4a58d6fbc5e385454bf3359859a8d4ab0f6fff83a10
                • Opcode Fuzzy Hash: 5c4d37a85549b5c66e6e1d39a3da7e472fcd51d68b65a52112b33beab5ba5c72
                • Instruction Fuzzy Hash: DF2103729043469BD711EF5DC944BABBBEDEF90640F08449ABEC0CB666D730D904C7A1
                Function 01092835 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a45d420ebe1f0e27fb2e7a8e1a125b15e1c52c17011644fdf416af7a855f3b9
                • Instruction ID: 23f04e6035cd204af53ed62f1567315c2b6c8a4491ec650854b299cb5a6d83df
                • Opcode Fuzzy Hash: 3a45d420ebe1f0e27fb2e7a8e1a125b15e1c52c17011644fdf416af7a855f3b9
                • Instruction Fuzzy Hash: 6321DA31705781EBE722776C9C18B563BD4AF41B74F2903E4FAE19F6D2D768D8018150
                Function 010AA30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3dda0583c2df7ecba437492bbb3bf6db83de90cd043aee00c8c29f73f2c38233
                • Instruction ID: 94a3315f9b61a1aeb468db0f1bce092a9221cdf1a2c582d14c503eacb837df67
                • Opcode Fuzzy Hash: 3dda0583c2df7ecba437492bbb3bf6db83de90cd043aee00c8c29f73f2c38233
                • Instruction Fuzzy Hash: AF216A76200B11DFC729DF69CD01B56B7E5EF58B04F1484A8A589CBB62E372E842CB94
                Function 0112A49A Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 92f002a75579c81f763349bcbd5793e3e45a26f5c2be6c48bc45f1965304aee2
                • Instruction ID: 678664d21583be8a6c4435eb754e6c67416ce4a0aba7eb2964d0c93f43d06a60
                • Opcode Fuzzy Hash: 92f002a75579c81f763349bcbd5793e3e45a26f5c2be6c48bc45f1965304aee2
                • Instruction Fuzzy Hash: 9C115972380B21BFE32A5658BC41FABB699DFD4B20F114128FB48CB680EB70DC108795
                Function 010F0946 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65e04de5539f9359cee393173c9b2a4043d37b656975258241430252f9a78498
                • Instruction ID: 2c50a90bae0d72c2e95b0415322085b1fec6b26d466b9cd9a8356db2505fcdd4
                • Opcode Fuzzy Hash: 65e04de5539f9359cee393173c9b2a4043d37b656975258241430252f9a78498
                • Instruction Fuzzy Hash: B92136B1E00209ABCB24DFAAD881AAEFBF9FF98700F10012EE555E7250D7719941CB54
                Function 011080A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: d5c2baa8cf63b23c8ef888ef1f2fb1a515177554610ee27964c8fbeba2dc037b
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: C9218C72E04209EFDF169F98CC40BAEBBBAEF88310F214419F940A7291D7B4DD518B50
                Function 010A0124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: 8bb4c2e9a765d56384bf73c19e0c78adca285988e96591675b607a21d565f4af
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: 3411C173641609BFE7229F98CC81FDABBB8EB84754F104069F6859B190D671ED44CB60
                Function 01078770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 036cd03f5834c4ea454f738a8721a24b12736c0fe8814bbe0bd1b44349b97434
                • Instruction ID: 26325963a298911e42e90c55b9f415697824840f930676acbee29b8ce2b49707
                • Opcode Fuzzy Hash: 036cd03f5834c4ea454f738a8721a24b12736c0fe8814bbe0bd1b44349b97434
                • Instruction Fuzzy Hash: A811EF31B006119BDB55CF5DC484A6AFBE9BF4A710B18C0EEEE099F201D7B2D901C794
                Function 010AAAEE Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction ID: b609158b2494b35c85cb3e7ad46f1ec703ba7324f33c1826014617c79a50ebb5
                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction Fuzzy Hash: 63218E71B10641DFDB359F89C540A66FBE6EB94B10F55887DE5868B662C730EC01CB40
                Function 010780E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e716e2a59f32163d32ba07d06f8e60adfbe0a50bfc33fca2505f5630917cfc1
                • Instruction ID: 39547e9db33ce55acb99a5d8a7e3750786525635f3534691f1255aae3255bcb6
                • Opcode Fuzzy Hash: 5e716e2a59f32163d32ba07d06f8e60adfbe0a50bfc33fca2505f5630917cfc1
                • Instruction Fuzzy Hash: 6C218175A00205DFCB14CF59D591AAEBBF9FB88314F2481AED145A7351C771AD06CBD0
                Function 010A674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6453d00f16958dc5040f70ad60f8a567318d3ca9f242dc261dbaf3015c2bb002
                • Instruction ID: 54f2fd1ad0e3d7df6d017efd5d5eddeed450769c9c24fe9b171c9562a96b8d3c
                • Opcode Fuzzy Hash: 6453d00f16958dc5040f70ad60f8a567318d3ca9f242dc261dbaf3015c2bb002
                • Instruction Fuzzy Hash: DF219071510A00EFD7649FA9C880FAAB7F8FF44350F48882DE5EAC7250DB71A850CB60
                Function 01106870 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab5cdefd8e9eeda1ee1b782e474e9a5ce1089ab266ed1cc315eb30cbf705d529
                • Instruction ID: d06c70c486e2d634af923c4e263a2a10cc29456d6e7430361cfaa5fcdaa5a282
                • Opcode Fuzzy Hash: ab5cdefd8e9eeda1ee1b782e474e9a5ce1089ab266ed1cc315eb30cbf705d529
                • Instruction Fuzzy Hash: 6811CE72640614EFD72BDB59CD40FDA77A8EB99B60F018025F241DB2A1EBB0E911C7A0
                Function 0109E8C0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 26ae7856d63ae7c648e00e5542e889e8ff27b2c76170dd212d360ff6871faf1a
                • Instruction ID: 6abb505054f44ed27ee70852e4f6504870dbb850d2b39086a7a78d14b1689359
                • Opcode Fuzzy Hash: 26ae7856d63ae7c648e00e5542e889e8ff27b2c76170dd212d360ff6871faf1a
                • Instruction Fuzzy Hash: 1E1108733041159BCF19DB29CD91A6F729BEFD5270B258529E963DB290EA319C12C390
                Function 010A66B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8cb79c4cce23a5f6adb6959f6eb7b41921a9ab6fb1ab7a6459501c62ce97cdf
                • Instruction ID: 01037d08a92f90f35e7ddf82a6bb6633f4a7fee6603022a15e918a49520428de
                • Opcode Fuzzy Hash: f8cb79c4cce23a5f6adb6959f6eb7b41921a9ab6fb1ab7a6459501c62ce97cdf
                • Instruction Fuzzy Hash: B811C176A11215DFCB25DF99C580A5EBFF4BF84610F4940B9D985AB321E635DD00CBA0
                Function 0113A8E4 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction ID: ef08cc711cdce89328044a009bffca1dbfa93a577629fad472d14dfaeb98a314
                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction Fuzzy Hash: C411EF36A00919AFDB19CB58C801A9EBBB5FFC4214F058269E886A7344E771EE11CB80
                Function 01070AD0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction ID: e2ecbda65d882ccad18ba877608124719a3614318057119c9b89e4f600a57c38
                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction Fuzzy Hash: 612106B5A00B059FD3A0CF29C480B56BBF4FB48B10F10492EE98AC7B40E371E914CB94
                Function 010FE7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: 5a35f5af8a21864dc71a0f034e6e5892dfbff2c838d3c20aca9e9585762166cf
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: 46119131600605EFE721AF48C842B5ABBE5EB45764F1A846CEB8D9B570D731DC42D790
                Function 010927ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6661c452e91f8033dd72fa8a838ea22b2ee46a7f79f4d9e19b2e5333fc414d40
                • Instruction ID: 1b320800362b28ffdf9201754b80914ef41177a916e25b1cb23208896455decd
                • Opcode Fuzzy Hash: 6661c452e91f8033dd72fa8a838ea22b2ee46a7f79f4d9e19b2e5333fc414d40
                • Instruction Fuzzy Hash: F001043170A745EBE726A66ED854F6B7ACCEF806A4F0500A4F9C18B241DA14DC00C261
                Function 01074690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2963ee88053666a3a61398f28186cf2608a5df926ef20aeb6bb558bd0439b7cc
                • Instruction ID: 70a5ab037a3a1fb826bff062afc29ae3158c2365f1650f3a3d4dde9e6c5590a9
                • Opcode Fuzzy Hash: 2963ee88053666a3a61398f28186cf2608a5df926ef20aeb6bb558bd0439b7cc
                • Instruction Fuzzy Hash: 2411AC76A40645AFDB25CF59D880B56BBE8FB8AB64F004169F994CB250C370E840CF68
                Function 01144B00 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 449d8892f0e8d099a7d11e50fd891237f410a0cde0b39dbe55d3ec9a43b11b9b
                • Instruction ID: 992cad2b072bcbdafe561551c10ebfdfa240c4c35e73b39fa8bc00ff242a8b82
                • Opcode Fuzzy Hash: 449d8892f0e8d099a7d11e50fd891237f410a0cde0b39dbe55d3ec9a43b11b9b
                • Instruction Fuzzy Hash: D011C636200A119FD72ADA69D844F57B7A5FFC4B10F154529E69687A50DB30E802C791
                Function 010A6620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8adc5a12c8dd1a2ae8f6a5b09ef845024c3c0d74f7e7f93e926ed5f460126b66
                • Instruction ID: 223693159c5703e51822c7b13537283cc9d8bd6ffff919a4f9f31b74e3033ad8
                • Opcode Fuzzy Hash: 8adc5a12c8dd1a2ae8f6a5b09ef845024c3c0d74f7e7f93e926ed5f460126b66
                • Instruction Fuzzy Hash: 83118272A00715ABDB21EF99C980B9EFBB8EF88750F954455DA81B7200D732AD018B50
                Function 0109EA2E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e3440dc1dc5882eede0b48a339a1f13330a541e8107272fdfdca9fcb9a53d8a
                • Instruction ID: a46833b9427e35574b4c75b4717b82914d64d4394a8b20a906c29127bb38aa47
                • Opcode Fuzzy Hash: 6e3440dc1dc5882eede0b48a339a1f13330a541e8107272fdfdca9fcb9a53d8a
                • Instruction Fuzzy Hash: 0301DE7150010A9FCB69DF18D404F56BBFEFBA1398F2081BAE1448B275CB74AC82CB90
                Function 0109E53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: 6fc74b712a3c494acb4b470c3a6aa6b44271c102f201e8d047e6d1c9e22f75a6
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: 2A11E5716057C39BEB23AB2CD954B697BD4AF40B48F1900E0DEC28B652F728DC43D251
                Function 010FE75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: ef89c238b291611a28061194ca1dcf82f6062abd9ef46a007593d80938def78d
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: C701C032600205AFE7219B58CC02B9ABAE9FF84750F268068EB859B670E771DD40C790
                Function 0106A250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: efb50f69ad0bacc46c1db9c4e10b8995048579a942675e6ae8841a0dd579f444
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: 33010431644722DBCB619F1DD840A6A7BE8EB55770700856DF8D6AB281C331D400CB60
                Function 01144940 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e58aaea5c238744aeb44ae391366a633b2f45ce5f17d777c421ac91692c260ec
                • Instruction ID: 7f4f96242ace97e5a2ee012d04ca7c9670add67dd97b4d74d23ec3e8cb8ef9be
                • Opcode Fuzzy Hash: e58aaea5c238744aeb44ae391366a633b2f45ce5f17d777c421ac91692c260ec
                • Instruction Fuzzy Hash: 730145774412019FC73AEF1CD800F52B7A8EB99B70B254225E9A89B5A2F730DC01DBD0
                Function 010EE1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 88675f186a1d31b454c4ad701ad762efbcd3e88b0825d04696c8eef6ab6b4905
                • Instruction ID: 21da0fc1d361653801df927a4cdda913427fbe43e3757f41008689238e4714ce
                • Opcode Fuzzy Hash: 88675f186a1d31b454c4ad701ad762efbcd3e88b0825d04696c8eef6ab6b4905
                • Instruction Fuzzy Hash: 3011ED32641205EFCB26EF19CC80F86BBB8FF54B44F2000A8FA458B2A1C231ED00CA90
                Function 01076259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49e822d47ed6cc0d4c06d16a3b9430c60b19356fe8b61ff99c5209a974e82b3a
                • Instruction ID: b39da96869b0411cfaa2ad6270fe3134c4d1f79d823d4b21dc713866b7bb43b4
                • Opcode Fuzzy Hash: 49e822d47ed6cc0d4c06d16a3b9430c60b19356fe8b61ff99c5209a974e82b3a
                • Instruction Fuzzy Hash: A2117070941629ABEF65EF64CD81FE9B3B4BF04710F5041D4A369A61E0DB71AE81CF84
                Function 010F6050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c712053b48a47588deb7b8acbcf1c4ee6d43698d9d553a22c0efc913751f80b1
                • Instruction ID: c08b40331f7444205d69f77562fb28db1ee90faf1ae77f8c73f3a228ff88b67d
                • Opcode Fuzzy Hash: c712053b48a47588deb7b8acbcf1c4ee6d43698d9d553a22c0efc913751f80b1
                • Instruction Fuzzy Hash: 12111772900019ABCB15DB94CC84DEFBBBCEF58254F044166E946E7211EA35AA55CBA0
                Function 0107208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: ad047cd6feb417c0191725c0515fe24ca50a4322ac4b49d985e7e2c4fae24a1f
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: 0101F532A002018BDF569A6DD880B9A77A7BFC4B00F5581A9ED858F247DA71D881C7E0
                Function 01106500 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc0e4eef0b36ccf48c9d5bc1139fdebc91a7059c0494f1081b17df47f545cb2a
                • Instruction ID: 741d6c40998b6978acb187461c914a57c477099ee9eb1c12b4edb84cf1120475
                • Opcode Fuzzy Hash: cc0e4eef0b36ccf48c9d5bc1139fdebc91a7059c0494f1081b17df47f545cb2a
                • Instruction Fuzzy Hash: 3A110832A041459FC30ACF18D800BA5B7B5FB5A344F088159E844CF395D772EC80CBA0
                Function 010FC810 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 307f8030af92bec9285b62a4a4793ab1b05a38519c89361d64987da663475d3a
                • Instruction ID: 7bc3e59f2f3f6f3151275c41dab22dc4f2fceb08f3b0386281c8bec33e1511d9
                • Opcode Fuzzy Hash: 307f8030af92bec9285b62a4a4793ab1b05a38519c89361d64987da663475d3a
                • Instruction Fuzzy Hash: 8711E8B1A0020D9BCB04DFA9D581AAEBBF8FF58650F10806AF945E7351D674EE018BA4
                Function 0111EA60 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e4ebb4f5b686d24dec0d4b761acf844c20e97af9c783183b346f93a97b1b9d96
                • Instruction ID: 84d65862bb199502a105c74966074465a1c80a422acbbd7525d54be7da8505d1
                • Opcode Fuzzy Hash: e4ebb4f5b686d24dec0d4b761acf844c20e97af9c783183b346f93a97b1b9d96
                • Instruction Fuzzy Hash: 2E01D4321422119BC73BBB599440DBAFBF9FF51660B05843EEA956B611CB31DC81CBA1
                Function 0106C020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: 0ded038a752dc36ff0a37f06239cbe35b9051eda91beca1f3f0a81a9dd9d3cc6
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: 320128322007059FFB22A7A9CA00FAB77EDFFD5610F44846DA6C68B940DA70E402CF90
                Function 010B20F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 43791a695ccbbbcda2c3f4869c991df30914b1a733e851546275324bd2115285
                • Instruction ID: 19547efd7d67bec8bf35b15559eeed085c4e0fe87ef0387a3c15db6e219b48ff
                • Opcode Fuzzy Hash: 43791a695ccbbbcda2c3f4869c991df30914b1a733e851546275324bd2115285
                • Instruction Fuzzy Hash: 54116D35A0020DEFDB05EF64C895EEE7BB5EB58740F004499F9529B250D635EE11CB90
                Function 010AE5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: afbfeb43abe0bf8d692e6461f952764ae0aca854c9352b003468b13264feeef2
                • Instruction ID: b1a769d88640e6c2586d8fe969fd258954af51dd293cf55cf9618f215a70ae37
                • Opcode Fuzzy Hash: afbfeb43abe0bf8d692e6461f952764ae0aca854c9352b003468b13264feeef2
                • Instruction Fuzzy Hash: 2101DFB1200A06BFC711BB7ECD80E97BBECFB946A4B000629B18593951DB24EC11C6B0
                Function 011069C0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8066d9d9287848c18a659fbaca06ab9d4da149472e1b35050f06f24c5670dc77
                • Instruction ID: 3b6d0e7a7de18e00c1364e9ec7d138fe0d0b98b2ae97f4f8de67750bcac56886
                • Opcode Fuzzy Hash: 8066d9d9287848c18a659fbaca06ab9d4da149472e1b35050f06f24c5670dc77
                • Instruction Fuzzy Hash: 2601FC32614316DBC329FF6DD8889A7BBA8FF98660F114129E9598B1C0E7309951C7D1
                Function 010FC460 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb3c354f9edd0c1167ef02ed3d6c14d1574971d85d254fc3b5912aa4a906a643
                • Instruction ID: ff33beb429ba5d62ea3f9a17174e37c5fd25bb9eb678b906b92b6a15259a43a8
                • Opcode Fuzzy Hash: eb3c354f9edd0c1167ef02ed3d6c14d1574971d85d254fc3b5912aa4a906a643
                • Instruction Fuzzy Hash: B5115B71A0020DABDB15EF68C946EEE7BB5FB88640F004059FE9297350DA35EE11CB90
                Function 010FC97C Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5356408cf42489289c12812fcbc9e144c34974980292bf8052a1a27185302613
                • Instruction ID: 3bcf83fc2c1cf6d6bed7aa88781ebe7a46af8d99f4394a7bae081d091713fda8
                • Opcode Fuzzy Hash: 5356408cf42489289c12812fcbc9e144c34974980292bf8052a1a27185302613
                • Instruction Fuzzy Hash: 57115BB16183099FC700DF69D54699BBBE4FF98710F00856EFA98D7391E630E900CBA6
                Function 010FCA11 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 862aefc8cc8013420b8f522b4b116af5b3ed3538f7a4ec22ad2d476b4ac17d59
                • Instruction ID: ebea834478503c4b8e2077e33c1d43a1d07d1f65c13840376dce7a0f7267936f
                • Opcode Fuzzy Hash: 862aefc8cc8013420b8f522b4b116af5b3ed3538f7a4ec22ad2d476b4ac17d59
                • Instruction Fuzzy Hash: C9118BB16183099FC300DF69D44299BBBE4FF99750F00852EFA98D73A0E630E900CB96
                Function 01144A80 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction ID: 97a518eef94e6fa6c17b9a8d366268aab5b24ce25634967bf86bcf9137872ad5
                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction Fuzzy Hash: FC01FC362046059FD729DA6DD844F97B7E6FFC5A10F144819E6838BA90DF70F841C754
                Function 0108E016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: 1d06d4ee7d4d15405876aea09dfc71783aadd2583c347d727c71d76a26bc9468
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: CB01D4312045809FE322A71CC908F2A7BD8EF45B48F0944E5FAC5CB691C778DC81CA25
                Function 0106826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e70b39e6119667c6b67bf89c6206b87c33e900a5d806848ce586cba280f8f5d4
                • Instruction ID: ea64c92594911e00132b6f728997f3f3b2acd286209e0eaabbaf89ed5de4cb5e
                • Opcode Fuzzy Hash: e70b39e6119667c6b67bf89c6206b87c33e900a5d806848ce586cba280f8f5d4
                • Instruction Fuzzy Hash: EC01A271B1060ADBD758EB6ADC41AEEBBEDFF90610F15C06ADA41E7680DE70DD02C690
                Function 0111EB50 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: b90c0963ed416d70f9005abdaef381a4977bfb1503ffcf6d2d482c25180ab366
                • Instruction ID: d26a51edaaa41952bbc064d4985af0ac48db9b336776fd4e0b2b13e67882aefd
                • Opcode Fuzzy Hash: b90c0963ed416d70f9005abdaef381a4977bfb1503ffcf6d2d482c25180ab366
                • Instruction Fuzzy Hash: 4B0147712407019FD33A5B49C900F42BAA8FF54B50F004439FA869F390C7B59841CB68
                Function 01072582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8f23b2d06b9274f9217b9d36814dd78f0836e84cb3224a7919c792b11adc35c
                • Instruction ID: c2917d04f99a7591674f96358d2c009299e4816f8cdf4d2e9ea780bfadd77c2c
                • Opcode Fuzzy Hash: e8f23b2d06b9274f9217b9d36814dd78f0836e84cb3224a7919c792b11adc35c
                • Instruction Fuzzy Hash: 44F0A932B41725B7C7359B5A8D40F577AAAEB84F90F154029A64597640D630DD01DBB0
                Function 0109C073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: 11c647239a6c0d3eea03e301eac8df8480b0f1e4b4d9ff0e51902c4dfe2a39b6
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: 24F0C2B2A00611ABE324CF4DDD40E97FBEADBD5A80F048168B685C7220EA31DD04CB90
                Function 0106C310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: fef7a8ae66062344a6e3e734a3cbf8e4701cb6ba05835e6b800ebe99ce294d09
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: ECF0F673204A339BF73216594940B6FBADD8FD1BA4F1A8035F2C99F204CA608D0297E0
                Function 010ACA6F Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction ID: 7eec556dc1d251b9922c7be2997d0dd70af901505a4f04f08276c1512067e981
                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction Fuzzy Hash: E601F9722046859FE732975DC909FAABBD8EF91754F0980A6FAC48F6A1DB78D800C210
                Function 011461E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a104eb6237530f0d8368f5d148f62b443722d587a6f1672e2bfe9201b4b2186
                • Instruction ID: 9c29bceb8af52b16e1578320fbaf06cf146072a43b758cd6cada8150a2693ab7
                • Opcode Fuzzy Hash: 1a104eb6237530f0d8368f5d148f62b443722d587a6f1672e2bfe9201b4b2186
                • Instruction Fuzzy Hash: D2018F71A00249EBCB04DFA9D441AEEBBF8BF58714F14406AF501EB280D734EA01CB98
                Function 010F63C0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction ID: c3cd89e913f0785a1fd794a9c08aa436534ec3d5cfb4111a294a264f88d43ddd
                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction Fuzzy Hash: 9EF01D7220001DBFEF02AF94DD81DEF7B7EEB59698B104129FA1196160D632DD21ABA0
                Function 010FA4B0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e026278cce8685d9cbb6b51e6e97fceab52efcdaaab39bfe06ea26b1ebca36be
                • Instruction ID: efb7cbee867acc246804fc555c67663c953729986c526e57389ec3ee84835a80
                • Opcode Fuzzy Hash: e026278cce8685d9cbb6b51e6e97fceab52efcdaaab39bfe06ea26b1ebca36be
                • Instruction Fuzzy Hash: 21018936200109EBCF129F84D845EDE3FA6FB4C664F058115FE5866620C732D970EB81
                Function 0106C0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 572c40754c02bfa38e664e727eb8835242c15cae655cfb9ff87cca8d61af2322
                • Instruction ID: c6843aac161d6d5cc683f516b22c4710882a4ba4994f108565fb67df0b0523aa
                • Opcode Fuzzy Hash: 572c40754c02bfa38e664e727eb8835242c15cae655cfb9ff87cca8d61af2322
                • Instruction Fuzzy Hash: 22F02BB1204281DBF3509619CD41B6232DDE7C1750F25807AE7C98F6C1EA71DC418394
                Function 010A656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 64106b7626aec47208ddd4170af2b15c28f8ca8703963d8375f58b9f7f71def3
                • Instruction ID: 51d9757586fbcbb2f1384e0816850b6777de2113e0bca222e6c2ae2e020fe7df
                • Opcode Fuzzy Hash: 64106b7626aec47208ddd4170af2b15c28f8ca8703963d8375f58b9f7f71def3
                • Instruction Fuzzy Hash: CE0181702046819FE762AF7CCD48B6A37E4AB50B44F884194FAD1CBAE6D769D4418610
                Function 0111437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: 7767d288af9c75e6a32030f8e775f31209563b6d13c9a883ad947eb0e0c5b122
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: E8F0E931359D3347EB3EAA2F8830B2EF6559F90F10B05053E9685CBA84DF20D8008780
                Function 010FE872 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction ID: 96d39fa9f044f6384fc522d582f243beb58062efa9a3a543504b204eeb97b643
                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction Fuzzy Hash: EAF054727155219BD321AA4DCC81F16B7A9AFD5A60F5A0079A7889BA70C760EC0287D0
                Function 010FC89D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1cf3dc6fa7ea4afca6e4f639efb8afd8f1bb3bd450ecc821625bdb9b04abf5f
                • Instruction ID: 76e4447331da9f999356250ea5d406444cb432825937c15fb05343fc59d56e8b
                • Opcode Fuzzy Hash: f1cf3dc6fa7ea4afca6e4f639efb8afd8f1bb3bd450ecc821625bdb9b04abf5f
                • Instruction Fuzzy Hash: 7BF08C706193089FD354EF68C542A5AB7E4EF98610F40465AB9D8DB390E634EA01C796
                Function 010A0854 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction ID: 796eab1cf77feb55596cd35abd3649ffb0848a1f23fc3aeda4ec41b6e480c6c5
                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction Fuzzy Hash: 35F0B472610204AFE714DB65CC01F96B6E9EF98340F158079A5C5D71A4FAB1DD01C658
                Function 010FC912 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6835b1e2540557ac840b5ec988cb981fb9a34cfa2e65158ebd39ddeb0b8610e
                • Instruction ID: b00b5124882fbbc2a0f2d079bbb4fe1d8f471609b332561df2399fe7c27f1e75
                • Opcode Fuzzy Hash: c6835b1e2540557ac840b5ec988cb981fb9a34cfa2e65158ebd39ddeb0b8610e
                • Instruction Fuzzy Hash: 36F0AF70A0420DDFDB04EF69C556EAEB7F4EF18300F008069B995EB385DA34EA01CB54
                Function 010747FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7abcc9c4fb35a839b91651e011b0c7b83e786c3d4fe7e941057c2dfef602bee2
                • Instruction ID: bb6db22f9e7b8b9c5647d3c40cf233bccce56fce930b713a201f1b59519c8bc1
                • Opcode Fuzzy Hash: 7abcc9c4fb35a839b91651e011b0c7b83e786c3d4fe7e941057c2dfef602bee2
                • Instruction Fuzzy Hash: CBF0FA31D062ED8FE7F28F2CC044B2DBBC49B02A20F0888AAD5C9C3502C334E880C608
                Function 01130115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e4421c8090b288c13b96b5beca50522d2ea7d37bde3c4b5eb7b941b74ef7e49
                • Instruction ID: 8d2e24787b1e5ecfb9c329f7fde60be786085111322572b03c7052e84232fb47
                • Opcode Fuzzy Hash: 1e4421c8090b288c13b96b5beca50522d2ea7d37bde3c4b5eb7b941b74ef7e49
                • Instruction Fuzzy Hash: 41F05C364156E51ADF3E5B3C78503D12FA4A7CA514F091055DCB06721DC775C8D3C360
                Function 010AC5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d6817f7654690ddd6ce6e394737210a987054e54813edb27fbbf38bf6a65694
                • Instruction ID: 1aa8ea08b46770964e155d0d8e8af06ea7c47286c1ebc4e39aecdadf6d543aa0
                • Opcode Fuzzy Hash: 3d6817f7654690ddd6ce6e394737210a987054e54813edb27fbbf38bf6a65694
                • Instruction Fuzzy Hash: 84F052B14012908FF3B2D79CC348B517BD49B0C7A0F8A95A1C4C28B612C330F880CA40
                Function 010B2619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: bd2228514d4e6e3fe25aef343451f58f4d512f6ef3a2281c0c49657ff6fa3533
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: C8E0D8723006012BE712AF59CCC4FC777AEDFD6B10F040079B6445F291CAE2DC0982A4
                Function 01106030 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction ID: b4662cf5cf565b8437c90c9cfeff304cf92ee9280a866f9e6e6769ba49dac222
                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction Fuzzy Hash: 8BF030729442049FE32ADF09DD44F52B7F8EB05364F56C025E6099B5A1D3BAEC50CBA4
                Function 01070710 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction ID: 97aa8b43e947337265a356f9e08f9c40c467b36f4626faefeeab80c1921ae508
                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction Fuzzy Hash: F9F0E539A043859FDB16DF19D040AADBFE4FB46750B000098F8C28B301D731E982DF54
                Function 010A49D0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction ID: ed0b04aaad20beba1f8874478ea9cc987d0bad633d4b288704a36b64a51fe2c5
                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction Fuzzy Hash: F3E0D836244145ABD3212A99CC10B6A77E5DBF47A0F990429E2C1DB150DBF0DC40C7D8
                Function 01144164 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 57d488d017735eb0c0f4fa57beba022193a2809eb71c9cef34e635cabe8be6bd
                • Instruction ID: 5e4f4e92daf52eebe856de6433113af373ebb482488dc7f193d9b259819479ec
                • Opcode Fuzzy Hash: 57d488d017735eb0c0f4fa57beba022193a2809eb71c9cef34e635cabe8be6bd
                • Instruction Fuzzy Hash: 38F02239A2AAA18FE77AD72CE280F5277E0AF10E30F1A09A4D44087D12C334FC80C650
                Function 0111678E Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction ID: a42cbb39d6477fd17ee28d445efee96bbadfaff8a76d842f4526a85de9ddd625
                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction Fuzzy Hash: 92E0DF32A01510BBDB25A7998D01FDABEACDB94FA0F050064F600E70D8E6B0DE00C6D0
                Function 011408C0 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction ID: 937526264ce9cc2066699a45703ef2e3a7766a8b1c78205926e10d784e78cc25
                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction Fuzzy Hash: 4AE09B31A403559BDB298A2FC250AD3B7E8DF9DA64F15806DEF0547612C331F842C6D0
                Function 010725E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6cf4e70b31aa5375d23a9140e214851e7bd164ac8d22fec66ad405c585111960
                • Instruction ID: b3739c0fabd8e551b52a1485233a417db64929c9e345159072d27e6a208163b4
                • Opcode Fuzzy Hash: 6cf4e70b31aa5375d23a9140e214851e7bd164ac8d22fec66ad405c585111960
                • Instruction Fuzzy Hash: 1CE092721005549BC722BF29DD01FCA779AEBA4760F014525F195971A0CA30AC50C788
                Function 0112A456 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction ID: f8af8ba07c79a4aff7c7828978a6c9b60b671e03027a3d08345125030faa3617
                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction Fuzzy Hash: DFE09231010661DFEB3A6F2ADD48B92BBE0BF50711F188C2CE1D6028B0C774E8D0CA40
                Function 010F4000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: 11c0a9079787680cfdd3063566830a323b87bbbaa309b9ae071ef8002502803e
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: 6BE0AE343002058BE755CF19C045B627BA6BFD5A10F28C0A8AA888F605EB32A8428A40
                Function 010ACA38 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e270776cdec471c8b24c0e2aca4329bd87b93fe48470f30d85c8847cb7d02f0
                • Instruction ID: be7226ef729c89317cf08e6f6ac1f961a1a2792ec5f6fd0e63aa880f37196f87
                • Opcode Fuzzy Hash: 9e270776cdec471c8b24c0e2aca4329bd87b93fe48470f30d85c8847cb7d02f0
                • Instruction Fuzzy Hash: 7DD02B324890206EDF79F158BD24FF33A9D9B64724F0748B0F18892020D524CC8192C4
                Function 0106823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: e093867d49ca053f5114ad5e8a8edf31609db871a35c86b1985c72a8fdff6c48
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: 64E0C231044B26EFDB322F15DC00FD676E9FFA8F50F10886AE0C11A0A48BB0AC81CB44
                Function 01072050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6a4c5e4c8c5e3d0489b7f2f906497154a2a57730f7c62fa9db6e1474fc89732
                • Instruction ID: eb619007865fa86f558fe168117d1b411df39b29e40a0e47098aa9f3a5f19a8c
                • Opcode Fuzzy Hash: c6a4c5e4c8c5e3d0489b7f2f906497154a2a57730f7c62fa9db6e1474fc89732
                • Instruction Fuzzy Hash: 9AE0C232100464ABC311FF5DED00F8A739EEFA4660F004121F1908B2A0CA60EC40C798
                Function 010A8A90 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction ID: 1836efdae3cd203695506fcedf51aca049a5b6a030632eba925290076d3cdf16
                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction Fuzzy Hash: 43E02633110A0487C328EE58C421B7277E4EF44720F08823EA65347380C530E804C794
                Function 010C6AA4 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction ID: 19a7e1eb458f5a6a9d37508ef7cc89a264e93c83b525f70ecdb7f40a084cc900
                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction Fuzzy Hash: 34D05E36511A50AFC3329F1BEA00C53BBF9FBC4E10705066EA58683A20C671E806CFA0
                Function 010AE59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: 3f409bfef2f89c45564640afee87c0b3303385844ab21932c471f02840948719
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: F5D0A932608624AFDB72AA1DFC04FC333E9BB88B20F060499B098CB150C360EC81CA84
                Function 010EE908 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction ID: e6545d8800c65bde6e252fdf916b7672dd47787bac1170517824ba5202a95ae0
                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction Fuzzy Hash: EFE01275950788AFDF52EF5AD644F9EBBF9FB94B40F150094A1885F660C634ED00CB40
                Function 0106A0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: c3b1c393e10d8474d89293e295564fd6344b99da4e6126650bd750e3caba2bc0
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: 0CD02232316030D7DB2876556800FA77949ABC0A94F0A006C784AA7800C4048C82C2E0
                Function 010AA830 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction ID: 7eac68a437a313a1f3b8e3747a18b6dd8898dba78b526b70bccde27bfe2e1db1
                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction Fuzzy Hash: F9D012771D055DBBCB11AF66DC01F957BA9E7A4BA0F444020B5448B5A0C63AE950D684
                Function 010ACA24 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcd8a80f6d7c7582e801cc0259975b600bbad2ea136e5c81dfb254ead143362b
                • Instruction ID: 4394415a106e809e881e8525bffdff04fb30b8aaa71e9e7c4a1dd2fe21f64487
                • Opcode Fuzzy Hash: bcd8a80f6d7c7582e801cc0259975b600bbad2ea136e5c81dfb254ead143362b
                • Instruction Fuzzy Hash: 7FD05E755064458FEF1ADF49C62897E36F0EB20640B8040A8E68055120D325DC41C600
                Function 010802A0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction ID: 2601c87166facb2326646478cc7e9a7b38e219aae2e0135e226b6aea2dc6e63f
                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction Fuzzy Hash: 5CD09235316A80CFD75A8B0CC5A4B1533E4BB44A44F8104D0E481CBB66D668D944CA00
                Function 010AC700 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction ID: 1b6a2711b2ed517bed32762723ad822434965904018acdc045984a889d17ecdf
                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction Fuzzy Hash: B1C01232294648AFC712AA99CD01F427BA9EBA8B40F000021F2048B670C631E820EA84
                Function 01090310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: 29b5eac35611b5ab52004cac5a12e59e06ed1d719f2f4f09e362f90200606fbe
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: 5FD01236100248EFCB01DF41C890D9A772EFBD8710F50C019FD19076148A31ED62DA50
                Function 01070750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: dd97cb9a1ebcfd2523f114b3be5efe675f3c0e66e2dd6792a9d5a2b69de64b89
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: 27C002756016458BCF15EB19D294A4977E4B744B40F150890E9858B621E624E801CA10
                Function 010B4340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bf27854af2e7990a1d8a0d92216ae686986620c2cf4609c94d4096424490d38e
                • Instruction ID: 5284dcecadd65b996af53148217a37a92ed4f8c1574d9050b4561b3ec2ad6468
                • Opcode Fuzzy Hash: bf27854af2e7990a1d8a0d92216ae686986620c2cf4609c94d4096424490d38e
                • Instruction Fuzzy Hash: 4290023160580012A140725D888454A4005A7E0701B55C016E0824554CCA158A565765
                Function 010B4650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 506349edf131bf0b52922249acb8ad292f40ad8dc7a8fbd58bb494aba3a192a3
                • Instruction ID: a56a9c5f9d8aad838144cbbe4521b8c388e3168beee6cbafe887812905748a49
                • Opcode Fuzzy Hash: 506349edf131bf0b52922249acb8ad292f40ad8dc7a8fbd58bb494aba3a192a3
                • Instruction Fuzzy Hash: 61900261601500425140725D880440A6005A7E1701395C11AA0954560CC6198955976D
                Function 010B2B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 638606f5c95f690da578210d526050f145187903adc012f2256289d122396d56
                • Instruction ID: 0b01fb89fa0c257ed0249fcd29d6ba7077025229e61a3e554f26bc5f6f9c2503
                • Opcode Fuzzy Hash: 638606f5c95f690da578210d526050f145187903adc012f2256289d122396d56
                • Instruction Fuzzy Hash: 8B900261202400035105725D841461A400A97E0601B55C026E1414590DC52689916629
                Function 010B2B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c2ffc95531ce531fe5aec85e5ebe15a7273e34cf8f93ad2459e440aad6154ae
                • Instruction ID: 1500468bca445a02e32dd2fa8117d7952ec9678b872dc769d89932d626f25e37
                • Opcode Fuzzy Hash: 4c2ffc95531ce531fe5aec85e5ebe15a7273e34cf8f93ad2459e440aad6154ae
                • Instruction Fuzzy Hash: 7290023120140802E104725D880468A000597D0701F55C016A6424655ED66689917635
                Function 010B2BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 673f3fe6929030f3797d7f99afeb9ca2e2689d8ee6dae213bff75b947f4a1489
                • Instruction ID: 9384f20161f61bc09b16622582bdcd27d93f792134752eacf756dd16e4a37440
                • Opcode Fuzzy Hash: 673f3fe6929030f3797d7f99afeb9ca2e2689d8ee6dae213bff75b947f4a1489
                • Instruction Fuzzy Hash: DE90023160540802E150725D841474A000597D0701F55C016A0424654DC7568B557BA5
                Function 010B2BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd5b2bf4778ef20d1a3e647cac08832e8d666e03a474c9fd9c4cc844643eaa9c
                • Instruction ID: 1f7c6bc6df4e0b78745826bcdc43b5d20a5bf5f15b0de309e1788582caf60ad9
                • Opcode Fuzzy Hash: cd5b2bf4778ef20d1a3e647cac08832e8d666e03a474c9fd9c4cc844643eaa9c
                • Instruction Fuzzy Hash: EC90023120544842E140725D8404A4A001597D0705F55C016A0464694DD6268E55BB65
                Function 010B2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 23320d435dbf034d45e2f19bef4394d7094352caf8842bedb620a263382633ee
                • Instruction ID: 8a9b410e965f3b0af15821b7d7e00f4ab8b07fccdef7ba02a2095d07cc0a4f2f
                • Opcode Fuzzy Hash: 23320d435dbf034d45e2f19bef4394d7094352caf8842bedb620a263382633ee
                • Instruction Fuzzy Hash: 7B90023120140802E180725D840464E000597D1701F95C01AA0425654DCA168B597BA5
                Function 010B2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61198967b95cd02b7b5f58679e4988b2954f6de3c3966642a3d06495f772428e
                • Instruction ID: bca58a3bde6f72f6c87a201aa824a8e2b27ef2c5a0a21cff2c71c38398e6d83f
                • Opcode Fuzzy Hash: 61198967b95cd02b7b5f58679e4988b2954f6de3c3966642a3d06495f772428e
                • Instruction Fuzzy Hash: F39002A1201540925500B35DC404B0E450597E0601B55C01BE1454560CC52689519639
                Function 010B2AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c28dab73d905ddb071183dcea48fd04a5c400757a6d722ad129e8ffb8ba445d1
                • Instruction ID: 79568712a06ef6592e11e18d5fca9ed775032a7159d133727d60325bfebda37a
                • Opcode Fuzzy Hash: c28dab73d905ddb071183dcea48fd04a5c400757a6d722ad129e8ffb8ba445d1
                • Instruction Fuzzy Hash: 96900435311400031105F75D470450F0047D7D5751355C037F1415550CD733CD715735
                Function 010B2AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 920ef968b4111e322d234257f6175ddc041310ff80a87846e030604460da03b3
                • Instruction ID: a126e7e98b394f6915164d44526c4b7cd0b792b0680ef485cb6e0ff194d9558f
                • Opcode Fuzzy Hash: 920ef968b4111e322d234257f6175ddc041310ff80a87846e030604460da03b3
                • Instruction Fuzzy Hash: C2900225221400021145B65D460450F0445A7D6751395C01AF1816590CC62289655725
                Function 010B2D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01afa51db36776d920cc7221604a6982d97f3807116d02e41b3b9b4652c4b86
                • Instruction ID: 99bcd48c13157bb0012f3ea415d6224bb722ac8b052908f633ad34d902c370dc
                • Opcode Fuzzy Hash: f01afa51db36776d920cc7221604a6982d97f3807116d02e41b3b9b4652c4b86
                • Instruction Fuzzy Hash: 4190022120544442E100765D9408A0A000597D0605F55D016A1464595DC6368951A635
                Function 010B2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 26387f445cf627b103f8927e16bf8b05ea31bcde04b6f1702e73b362cb43f577
                • Instruction ID: 41ef1f72729907ad580a26451c17beb69a9e19421376b50a41b0655cc5d30042
                • Opcode Fuzzy Hash: 26387f445cf627b103f8927e16bf8b05ea31bcde04b6f1702e73b362cb43f577
                • Instruction Fuzzy Hash: 6290022921340002E180725D940860E000597D1602F95D41AA0415558CC91689695725
                Function 010B2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9ede0183d5872e3972b0be3fef08a12b718238e78754480158e3a09f45aff284
                • Instruction ID: f656c1873aa1007081c9d8babf83b171b30ca7d6280f618ada6c488ccbe8e512
                • Opcode Fuzzy Hash: 9ede0183d5872e3972b0be3fef08a12b718238e78754480158e3a09f45aff284
                • Instruction Fuzzy Hash: 8090022130140003E140725D941860A4005E7E1701F55D016E0814554CD91689565726
                Function 010B2DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d8c1f1fb3037343e13a4aca8233e7d022f234244f538d0d81b55e8aa8efac3d
                • Instruction ID: a1c2f8863479db589c526dc4bcb220f18849f32b79cd8e1012517c54a6d41dcc
                • Opcode Fuzzy Hash: 7d8c1f1fb3037343e13a4aca8233e7d022f234244f538d0d81b55e8aa8efac3d
                • Instruction Fuzzy Hash: F490023124140402E141725D840460A0009A7D0641F95C017A0824554EC6568B56AF65
                Function 010B2DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1db45605e1db4b6bf08995cfb481f5d214bdcc59b2ec91d4dd0c62f6ecf75da2
                • Instruction ID: 67c2e627265193e7af3d9ea0fcc8667eaafa17da319e5ed05ddfe08c35fafba9
                • Opcode Fuzzy Hash: 1db45605e1db4b6bf08995cfb481f5d214bdcc59b2ec91d4dd0c62f6ecf75da2
                • Instruction Fuzzy Hash: 46900221242441526545B25D840450B4006A7E0641795C017A1814950CC5279956DB25
                Function 010B2C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 70c4bb5387feff16b916e51cf49145aae2e529db841eef451614c1970afcb136
                • Instruction ID: 75f7303eb04844b809f62036396130e006237688c2a84a2e7f4ed44e79343f0c
                • Opcode Fuzzy Hash: 70c4bb5387feff16b916e51cf49145aae2e529db841eef451614c1970afcb136
                • Instruction Fuzzy Hash: 6A90023120140842E100725D8404B4A000597E0701F55C01BA0524654DC616C9517A25
                Function 010B2CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db8d2c01e36a53a487b712d10f8fa579b1fe948ebbef00bc9ac6d4a48bc5826d
                • Instruction ID: a1dc22ecb83456125afcdb9788fc71482f35402a187ce4965da9389c6815c11d
                • Opcode Fuzzy Hash: db8d2c01e36a53a487b712d10f8fa579b1fe948ebbef00bc9ac6d4a48bc5826d
                • Instruction Fuzzy Hash: 7F90023120140402E100769D940864A000597E0701F55D016A5424555EC66689916635
                Function 010B2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1f33a66592e4f576ba098e0b1d494ad96df5ab9f01ba9def8bb13c1b406f228
                • Instruction ID: 984db6320c49b60b6fd251e345212373fe4f79b8ec9cd920e20a6e3e1bebcaa4
                • Opcode Fuzzy Hash: c1f33a66592e4f576ba098e0b1d494ad96df5ab9f01ba9def8bb13c1b406f228
                • Instruction Fuzzy Hash: 7290022160540402E140725D941870A001597D0601F55D016A0424554DC65A8B556BA5
                Function 010B2CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a67340f3830cb4d4c04d864f7ce2ba52b6722044aa8b16e0871aab57f565d12
                • Instruction ID: ab3c1bf4ecac02e0ac9fe82ca0dd3e07a4897ee6db64a11c44cf4850f0434155
                • Opcode Fuzzy Hash: 9a67340f3830cb4d4c04d864f7ce2ba52b6722044aa8b16e0871aab57f565d12
                • Instruction Fuzzy Hash: 0390023120140403E100725D950870B000597D0601F55D416A0824558DD65789516625
                Function 010B2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9f9ec541064f2a9e09d8d4ec21affbe9addb49b250cddb4c65fd9445e255be9
                • Instruction ID: 0cbb37f8b4ae0865e831d845a56ccadb4f3c55d546e566d97a77ab9abda67e55
                • Opcode Fuzzy Hash: e9f9ec541064f2a9e09d8d4ec21affbe9addb49b250cddb4c65fd9445e255be9
                • Instruction Fuzzy Hash: 4B90026134140442E100725D8414B0A0005D7E1701F55C01AE1464554DC61ACD52662A
                Function 010B2F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3dad947ac785c9796b6674e5bfcdcffa517b0602b89018994c6b084b67ef5007
                • Instruction ID: 001c088933ca82113511f6c15e82a18c3242aaaf978b7d8d4132ef5b61987b69
                • Opcode Fuzzy Hash: 3dad947ac785c9796b6674e5bfcdcffa517b0602b89018994c6b084b67ef5007
                • Instruction Fuzzy Hash: 1390026121140042E104725D840470A004597E1601F55C017A2554554CC52A8D615629
                Function 010B2F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7e3e2eeb054215e2bb982a66d2e20e0c05d7e01c5109213f4a9f52f583cec107
                • Instruction ID: 0a1c41a84f5746eadf760305e570306304be235c73831f3d63278a9795c38ecb
                • Opcode Fuzzy Hash: 7e3e2eeb054215e2bb982a66d2e20e0c05d7e01c5109213f4a9f52f583cec107
                • Instruction Fuzzy Hash: 7790023120180402E100725D881470F000597D0702F55C016A1564555DC62689516A75
                Function 010B2FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6fe679ddd0d933da5eac23c3ebe5347d2656331a712b2c8763337fd5d51eb87a
                • Instruction ID: bf8e3b825276aa62a696d3ee6695ae3f3e62718478d4200f2db1993f2521cd3d
                • Opcode Fuzzy Hash: 6fe679ddd0d933da5eac23c3ebe5347d2656331a712b2c8763337fd5d51eb87a
                • Instruction Fuzzy Hash: 8890023120180402E100725D880874B000597D0702F55C016A5564555EC666C9916A35
                Function 010B2FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52f549eb9a0ddae37006953dfd7ea04424836ecfb05b345064e8a2fec5ed7462
                • Instruction ID: 52bd6b85838802bf7e885101e99b831e922d056530deceb665097a0094e16e19
                • Opcode Fuzzy Hash: 52f549eb9a0ddae37006953dfd7ea04424836ecfb05b345064e8a2fec5ed7462
                • Instruction Fuzzy Hash: 38900221601400425140726DC84490A4005BBE1611755C126A0D98550DC55A89655B69
                Function 010B2FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b052794d50f847df4e3b67fdff38ff0d81f2cf54aef819742b2c1654e587167
                • Instruction ID: 862f5dd2161ce4f88f1cf190b5ae8254a337d05cc13252eaf913a9a3b652db69
                • Opcode Fuzzy Hash: 9b052794d50f847df4e3b67fdff38ff0d81f2cf54aef819742b2c1654e587167
                • Instruction Fuzzy Hash: 6A900221211C0042E200766D8C14B0B000597D0703F55C11AA0554554CC91689615A25
                Function 010B2E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 939d5fff3f4334ebd41380d35f6a8ac1f98a68e4cea2781792919d9418bc291e
                • Instruction ID: ea68965e42a25adbf5fcfb0f2ec06c310435fdfe26028bbb5ec5ac8bec58e6e5
                • Opcode Fuzzy Hash: 939d5fff3f4334ebd41380d35f6a8ac1f98a68e4cea2781792919d9418bc291e
                • Instruction Fuzzy Hash: 8F90022130140402E102725D841460A0009D7D1745F95C017E1824555DC6268A53A636
                Function 010B2E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16ea5f7c9ea350322e86d6286b4e8dac708687cc9cbd5c508b9fa7040079d1f9
                • Instruction ID: 1bb9d991c8e984fa8e74433d7d6c48dacfc2e9af17f10a3d41f7ee11bcd6dba8
                • Opcode Fuzzy Hash: 16ea5f7c9ea350322e86d6286b4e8dac708687cc9cbd5c508b9fa7040079d1f9
                • Instruction Fuzzy Hash: 1990022160140502E101725D840461A000A97D0641F95C027A1424555ECA268A92A635
                Function 010B2EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd8dc725b5a3ed87c99e5b4e2d63ba3b28fe2903d7ed94bedf146ff9d08e19c7
                • Instruction ID: 492a68a4efdf002f882c8d1b5635f4462fac7558d90d9ecfb0fe6f0b74b1378a
                • Opcode Fuzzy Hash: fd8dc725b5a3ed87c99e5b4e2d63ba3b28fe2903d7ed94bedf146ff9d08e19c7
                • Instruction Fuzzy Hash: EB90027120140402E140725D840474A000597D0701F55C016A5464554EC65A8ED56B69
                Function 010B2EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 679a73af35623fbf631bac62686f55085f53160b8479895b0c6b5e289e05aa32
                • Instruction ID: c83a0f99c8568f85c18d6d582f5fe367178beb69b17fd5ef24127d268394b9a6
                • Opcode Fuzzy Hash: 679a73af35623fbf631bac62686f55085f53160b8479895b0c6b5e289e05aa32
                • Instruction Fuzzy Hash: FD90026120180403E140765D880460B000597D0702F55C016A2464555ECA2A8D516639
                Function 010B3010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d126625ae653600d8ba92dc6e7a38de6007a064afe2b49874042d593038f721b
                • Instruction ID: e8d56fab60b6a6590c3443e07ba12554c4888fe495978d51ab0e246267019e20
                • Opcode Fuzzy Hash: d126625ae653600d8ba92dc6e7a38de6007a064afe2b49874042d593038f721b
                • Instruction Fuzzy Hash: 8B90022120184442E140735D8804B0F410597E1602F95C01EA4556554CC91689555B25
                Function 010B3090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04c23b9bd0bb18cee3987413efe705d52bf2af600d386ceed49c90b3912dc25a
                • Instruction ID: f75c63927ec894224d6fe9d571b718a9b3034ff29281fe8eb8195631b73376ee
                • Opcode Fuzzy Hash: 04c23b9bd0bb18cee3987413efe705d52bf2af600d386ceed49c90b3912dc25a
                • Instruction Fuzzy Hash: CE90022124140802E140725DC41470B0006D7D0A01F55C016A0424554DC6178A656BB5
                Function 010B39B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52502accca8b7e049a35931ee23f8ada49698c9dae92342e4e0f86dc01f3701a
                • Instruction ID: 2a6897fe4c9287dcfc062de6e4cf791998b87a3c9ecbc77b981957af919e9d0a
                • Opcode Fuzzy Hash: 52502accca8b7e049a35931ee23f8ada49698c9dae92342e4e0f86dc01f3701a
                • Instruction Fuzzy Hash: 3790022124545102E150725D840461A4005B7E0601F55C026A0C14594DC55689556725
                Function 010B3D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: baae5eadd5322690615fb6887de905d7f70b59763107d3f2f29ff188bdfb3a4a
                • Instruction ID: 85c3e0e7ef10061d56731ab1fc54370051db3b3b1f9d49dba1ea2a14368fb353
                • Opcode Fuzzy Hash: baae5eadd5322690615fb6887de905d7f70b59763107d3f2f29ff188bdfb3a4a
                • Instruction Fuzzy Hash: 0090023120240142A540735D9804A4E410597E1702B95D41AA0415554CC91589615725
                Function 010B3D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb1be4b36cbba0fd57c5d4f37fa9bb0ea77389b422dbb496430dcfae063fbcba
                • Instruction ID: 76aa4bd4cfc15183c68973fee864f42e9410eeb6da1669a2d06c931f1d813d79
                • Opcode Fuzzy Hash: fb1be4b36cbba0fd57c5d4f37fa9bb0ea77389b422dbb496430dcfae063fbcba
                • Instruction Fuzzy Hash: 8590023520140402E510725D980464A004697D0701F55D416A0824558DC65589A1A625
                Function 010B2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 69257654ff209ccc368a6564c80b56141615fd35d71fe501d349c20a8679f60a
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 010B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: f5e4d83f72fe208243e17d6a144edcbf09dbd9c7ea4f8079757cbc75d288f777
                • Instruction ID: 210e2eece5c685b18c375e7ca2c92bc688823c8f697528b19beedb39b46459e2
                • Opcode Fuzzy Hash: f5e4d83f72fe208243e17d6a144edcbf09dbd9c7ea4f8079757cbc75d288f777
                • Instruction Fuzzy Hash: 7751D9B6A00116BFCB21DB5D88D49BEFBF8BB48240B148169F4E9D7641D374EE408BE0
                Function 01122410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: bbb9248dcc40a084baec3b890f73f070e1c4e15b54cd498c630fd6846bf2d456
                • Instruction ID: 6fcc8c4d614c0cf3f58889bd1585d7bd8fab8b6f0aef63797f442b73adbd6a0a
                • Opcode Fuzzy Hash: bbb9248dcc40a084baec3b890f73f070e1c4e15b54cd498c630fd6846bf2d456
                • Instruction Fuzzy Hash: 9851F575A006A5AFDB39DF9CC8909BFBBF8EF44200B048459E4D6C7641E7B4DA50CB60
                Function 010A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • Execute=1, xrefs: 010E4713
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 010E4742
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 010E4787
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 010E4655
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010E46FC
                • ExecuteOptions, xrefs: 010E46A0
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 010E4725
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 853b2294e3e4cb5b9803ead6b34f8c5030760b11256e075f9f92e38d4798cb3a
                • Instruction ID: 2473f28a89b4177bf63235dca8320ec85451e3faf324af9bfd1a042bb4fecdf4
                • Opcode Fuzzy Hash: 853b2294e3e4cb5b9803ead6b34f8c5030760b11256e075f9f92e38d4798cb3a
                • Instruction Fuzzy Hash: 84511B316002196AEF21ABE9DC89BEE77F8FF18300F4440E9D685E7191D7729E418F50
                Function 010BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: 30720cd07f77054c1a83ef325a1b4dcd293ab1682b82d00362c1cbea9ae9fb30
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 8881AF70E452499FEF258E6CC8D17FEBBE1BF49320F18429AD8E1A7291C7349841CB55
                Function 011220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: 92d3588b96ed63db2593ccc2bb4dc09cc0308261fced65829346f95dc8371926
                • Instruction ID: bb2398c84c380c8403e458c70b667f86133f2324ff1296d41924d70975b71fd5
                • Opcode Fuzzy Hash: 92d3588b96ed63db2593ccc2bb4dc09cc0308261fced65829346f95dc8371926
                • Instruction Fuzzy Hash: 2A21627AA00129ABDB14DF79DC40EFEBBF8EF54640F14012AE945E7200E730DA118BA1
                Function 0109F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010E02BD
                • RTL: Re-Waiting, xrefs: 010E031E
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010E02E7
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 6d4aba64493f28bad0706fa637251807c5e80773e811cfcc56beb80c992544e7
                • Instruction ID: 86c7488ee44878de4a4e9ee0f66207c4fefd8f4a481792296fd082dcece98b43
                • Opcode Fuzzy Hash: 6d4aba64493f28bad0706fa637251807c5e80773e811cfcc56beb80c992544e7
                • Instruction Fuzzy Hash: 79E1B0306087429FDB65CF29C894B6ABBE0BB88314F144AADF5E5CB2E1D775D844CB42
                Function 010ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Resource at %p, xrefs: 010E7B8E
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 010E7B7F
                • RTL: Re-Waiting, xrefs: 010E7BAC
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: 48d2e83a04cfd4245cee1afae050c733da4fe96dedd5a41f0a9fa0d90c185f11
                • Instruction ID: 0f3034302a54a87a5d45eb1b8f59d0e5d559f29c7d746e88b8243e36a33c6d91
                • Opcode Fuzzy Hash: 48d2e83a04cfd4245cee1afae050c733da4fe96dedd5a41f0a9fa0d90c185f11
                • Instruction Fuzzy Hash: 4D41F4357007029FDB60DE29C841B6AB7E9EF88710F440A5DFAD6DB680DB72E8058B91
                Function 010AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010E728C
                Strings
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 010E7294
                • RTL: Resource at %p, xrefs: 010E72A3
                • RTL: Re-Waiting, xrefs: 010E72C1
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: a876efbb671a51a51b01a136e10765ef57bdf35508f04f1253f9dbbfd811a225
                • Instruction ID: 856459400348579ea4ca28c4256b6486d08d1b231dd5916e146b68f68df8f5a2
                • Opcode Fuzzy Hash: a876efbb671a51a51b01a136e10765ef57bdf35508f04f1253f9dbbfd811a225
                • Instruction Fuzzy Hash: 9241D035700206AFD721DE6ACC45BAABBE5FF54710F10461DF9D5AB240DB21E8528BD1
                Function 01122300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: 0599593e2826ff26b4b0364cd94fdf5efc1f088b3d3fbeba54a067d9690a9eca
                • Instruction ID: 78c141ffc0815bd0bccad9152ad5c07cf88361a9ad03fcddb6fa7cdabb0e42db
                • Opcode Fuzzy Hash: 0599593e2826ff26b4b0364cd94fdf5efc1f088b3d3fbeba54a067d9690a9eca
                • Instruction Fuzzy Hash: 89317A766002299FDB64DF2DDC40BEF77F8EF54610F444559E949E7140EB309A548FA0
                Function 010B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: 358f3f4993f409c4c13f4706f999facc749a150f522bd600101ffcf4a7c6016f
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: B2919071E0020A9AEB64DF6DC8C16FEBBF5EF84760F14455AE9A5EB2D0D73089408715
                Function 01079126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1935767401.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1040000_ztcrKv3zFz.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: cf47a979aa2097b3a19e83cf30e05e6231e117261063c2ba08472063b22857e1
                • Instruction ID: 3d885b1e6dede0a3e05a700fc52bf68d11e1dad04fe8632426c261ab2ea93427
                • Opcode Fuzzy Hash: cf47a979aa2097b3a19e83cf30e05e6231e117261063c2ba08472063b22857e1
                • Instruction Fuzzy Hash: 82812971D00269DBDB35DB54CC44BEEBBB8AB48754F0041EAEA59B7240E7309E85CFA4