Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wOBmA8bj8d.exe

Overview

General Information

Sample name:wOBmA8bj8d.exe
renamed because original name is a hash value
Original sample name:907ff2758c6ec2890d8104c1e6b0b0cf367b5778e8f7947952b9e9ade62d97ed.exe
Analysis ID:1588584
MD5:a81c16543d1f97c790541810704c3e15
SHA1:406ac745f2d77888b77dccf7f182de70006688a2
SHA256:907ff2758c6ec2890d8104c1e6b0b0cf367b5778e8f7947952b9e9ade62d97ed
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • wOBmA8bj8d.exe (PID: 7752 cmdline: "C:\Users\user\Desktop\wOBmA8bj8d.exe" MD5: A81C16543D1F97C790541810704C3E15)
    • wOBmA8bj8d.exe (PID: 7932 cmdline: "C:\Users\user\Desktop\wOBmA8bj8d.exe" MD5: A81C16543D1F97C790541810704C3E15)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000003.00000002.1912714690.0000000001430000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      SourceRuleDescriptionAuthorStrings
      3.2.wOBmA8bj8d.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.wOBmA8bj8d.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          No Sigma rule has matched
          No Suricata rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: wOBmA8bj8d.exeVirustotal: Detection: 65%Perma Link
          Source: wOBmA8bj8d.exeReversingLabs: Detection: 75%
          Source: Yara matchFile source: 3.2.wOBmA8bj8d.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.wOBmA8bj8d.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.1912714690.0000000001430000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: wOBmA8bj8d.exeJoe Sandbox ML: detected
          Source: wOBmA8bj8d.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: wOBmA8bj8d.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: wOBmA8bj8d.exe, 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: wOBmA8bj8d.exe, wOBmA8bj8d.exe, 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 4x nop then jmp 0998DAA2h0_2_0998DBA2
          Source: wOBmA8bj8d.exeString found in binary or memory: http://www.elderscrolls.com/skyrim/character
          Source: wOBmA8bj8d.exeString found in binary or memory: http://www.elderscrolls.com/skyrim/characterT
          Source: wOBmA8bj8d.exe, 00000000.00000002.1347152991.0000000002D3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.elderscrolls.com/skyrim/player

          E-Banking Fraud

          barindex
          Source: Yara matchFile source: 3.2.wOBmA8bj8d.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.wOBmA8bj8d.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.1912714690.0000000001430000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0042C953 NtClose,3_2_0042C953
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152B60 NtClose,LdrInitializeThunk,3_2_01152B60
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01152DF0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01152C70
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011535C0 NtCreateMutant,LdrInitializeThunk,3_2_011535C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01154340 NtSetContextThread,3_2_01154340
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01154650 NtSuspendThread,3_2_01154650
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152B80 NtQueryInformationFile,3_2_01152B80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152BA0 NtEnumerateValueKey,3_2_01152BA0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152BF0 NtAllocateVirtualMemory,3_2_01152BF0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152BE0 NtQueryValueKey,3_2_01152BE0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152AB0 NtWaitForSingleObject,3_2_01152AB0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152AD0 NtReadFile,3_2_01152AD0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152AF0 NtWriteFile,3_2_01152AF0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152D10 NtMapViewOfSection,3_2_01152D10
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152D00 NtSetInformationFile,3_2_01152D00
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152D30 NtUnmapViewOfSection,3_2_01152D30
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152DB0 NtEnumerateKey,3_2_01152DB0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152DD0 NtDelayExecution,3_2_01152DD0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152C00 NtQueryInformationProcess,3_2_01152C00
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152C60 NtCreateKey,3_2_01152C60
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152CA0 NtQueryInformationToken,3_2_01152CA0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152CC0 NtQueryVirtualMemory,3_2_01152CC0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152CF0 NtOpenProcess,3_2_01152CF0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152F30 NtCreateSection,3_2_01152F30
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152F60 NtCreateProcessEx,3_2_01152F60
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152F90 NtProtectVirtualMemory,3_2_01152F90
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152FB0 NtResumeThread,3_2_01152FB0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152FA0 NtQuerySection,3_2_01152FA0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152FE0 NtCreateFile,3_2_01152FE0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152E30 NtWriteVirtualMemory,3_2_01152E30
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152E80 NtReadVirtualMemory,3_2_01152E80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152EA0 NtAdjustPrivilegesToken,3_2_01152EA0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152EE0 NtQueueApcThread,3_2_01152EE0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01153010 NtOpenDirectoryObject,3_2_01153010
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01153090 NtSetValueKey,3_2_01153090
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011539B0 NtGetContextThread,3_2_011539B0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01153D10 NtOpenProcessToken,3_2_01153D10
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01153D70 NtOpenThread,3_2_01153D70
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B226D10_2_02B226D1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B208710_2_02B20871
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B214200_2_02B21420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B29BC00_2_02B29BC0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B21CB20_2_02B21CB2
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B29D580_2_02B29D58
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B2A3390_2_02B2A339
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B221480_2_02B22148
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B209FE0_2_02B209FE
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B209E40_2_02B209E4
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B209D10_2_02B209D1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B256880_2_02B25688
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B2567A0_2_02B2567A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B214050_2_02B21405
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B25AA00_2_02B25AA0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B25A900_2_02B25A90
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B258780_2_02B25878
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B258690_2_02B25869
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_02B29D490_2_02B29D49
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_0998F5A00_2_0998F5A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_099814180_2_09981418
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_0998B9E80_2_0998B9E8
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_09989ABF0_2_09989ABF
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_09989AD00_2_09989AD0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_09989F080_2_09989F08
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_09989EF80_2_09989EF8
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_0998A3400_2_0998A340
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 0_2_099896980_2_09989698
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0041021B3_2_0041021B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_004012203_2_00401220
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_004102233_2_00410223
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_004022DE3_2_004022DE
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_004022E03_2_004022E0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00416BCE3_2_00416BCE
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00416BD33_2_00416BD3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_004104433_2_00410443
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0040E4633_2_0040E463
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0040E5B33_2_0040E5B3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0040262C3_2_0040262C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_004026303_2_00402630
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00402F503_2_00402F50
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0042EF233_2_0042EF23
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BA1183_2_011BA118
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011101003_2_01110100
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A81583_2_011A8158
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E01AA3_2_011E01AA
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D41A23_2_011D41A2
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D81CC3_2_011D81CC
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B20003_2_011B2000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DA3523_2_011DA352
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112E3F03_2_0112E3F0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E03E63_2_011E03E6
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C02743_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A02C03_2_011A02C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011205353_2_01120535
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E05913_2_011E0591
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C44203_2_011C4420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D24463_2_011D2446
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CE4F63_2_011CE4F6
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011447503_2_01144750
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011207703_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111C7C03_2_0111C7C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113C6E03_2_0113C6E0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011369623_2_01136962
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A03_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011EA9A63_2_011EA9A6
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112A8403_2_0112A840
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011228403_2_01122840
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011068B83_2_011068B8
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E8F03_2_0114E8F0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DAB403_2_011DAB40
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D6BD73_2_011D6BD7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA803_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BCD1F3_2_011BCD1F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112AD003_2_0112AD00
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01138DBF3_2_01138DBF
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111ADE03_2_0111ADE0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120C003_2_01120C00
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0CB53_2_011C0CB5
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01110CF23_2_01110CF2
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01140F303_2_01140F30
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C2F303_2_011C2F30
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01162F283_2_01162F28
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01194F403_2_01194F40
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119EFA03_2_0119EFA0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01112FC83_2_01112FC8
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112CFE03_2_0112CFE0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DEE263_2_011DEE26
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120E593_2_01120E59
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01132E903_2_01132E90
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DCE933_2_011DCE93
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DEEDB3_2_011DEEDB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110F1723_2_0110F172
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011EB16B3_2_011EB16B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0115516C3_2_0115516C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112B1B03_2_0112B1B0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CF0CC3_2_011CF0CC
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011270C03_2_011270C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D70E93_2_011D70E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DF0E03_2_011DF0E0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D132D3_2_011D132D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110D34C3_2_0110D34C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0116739A3_2_0116739A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011252A03_2_011252A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113B2C03_2_0113B2C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C12ED3_2_011C12ED
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D75713_2_011D7571
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BD5B03_2_011BD5B0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DF43F3_2_011DF43F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011114603_2_01111460
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DF7B03_2_011DF7B0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011117EC3_2_011117EC
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011656303_2_01165630
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D16CC3_2_011D16CC
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B59103_2_011B5910
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011299503_2_01129950
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113B9503_2_0113B950
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118D8003_2_0118D800
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011238E03_2_011238E0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DFB763_2_011DFB76
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113FB803_2_0113FB80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01195BF03_2_01195BF0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0115DBF93_2_0115DBF9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DFA493_2_011DFA49
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D7A463_2_011D7A46
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01193A6C3_2_01193A6C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01165AA03_2_01165AA0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BDAAC3_2_011BDAAC
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C1AA33_2_011C1AA3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CDAC63_2_011CDAC6
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D1D5A3_2_011D1D5A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01123D403_2_01123D40
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D7D733_2_011D7D73
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113FDC03_2_0113FDC0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01199C323_2_01199C32
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DFCF23_2_011DFCF2
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DFF093_2_011DFF09
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01121F923_2_01121F92
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DFFB13_2_011DFFB1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01129EB03_2_01129EB0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: String function: 0119F290 appears 105 times
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: String function: 01167E54 appears 100 times
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: String function: 0110B970 appears 283 times
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: String function: 01155130 appears 58 times
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: String function: 0118EA12 appears 86 times
          Source: wOBmA8bj8d.exe, 00000000.00000002.1346251779.0000000000FDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs wOBmA8bj8d.exe
          Source: wOBmA8bj8d.exe, 00000000.00000002.1368442802.0000000009C90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs wOBmA8bj8d.exe
          Source: wOBmA8bj8d.exe, 00000000.00000002.1367605261.0000000007B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs wOBmA8bj8d.exe
          Source: wOBmA8bj8d.exe, 00000000.00000002.1363124856.0000000004539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs wOBmA8bj8d.exe
          Source: wOBmA8bj8d.exe, 00000000.00000002.1347152991.0000000002D8C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs wOBmA8bj8d.exe
          Source: wOBmA8bj8d.exe, 00000000.00000000.1312713225.0000000000992000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameasGhj.exeL vs wOBmA8bj8d.exe
          Source: wOBmA8bj8d.exe, 00000003.00000002.1911860198.000000000120D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wOBmA8bj8d.exe
          Source: wOBmA8bj8d.exeBinary or memory string: OriginalFilenameasGhj.exeL vs wOBmA8bj8d.exe
          Source: wOBmA8bj8d.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: wOBmA8bj8d.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal68.troj.evad.winEXE@3/1@0/0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wOBmA8bj8d.exe.logJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMutant created: NULL
          Source: wOBmA8bj8d.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: wOBmA8bj8d.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: wOBmA8bj8d.exeVirustotal: Detection: 65%
          Source: wOBmA8bj8d.exeReversingLabs: Detection: 75%
          Source: unknownProcess created: C:\Users\user\Desktop\wOBmA8bj8d.exe "C:\Users\user\Desktop\wOBmA8bj8d.exe"
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess created: C:\Users\user\Desktop\wOBmA8bj8d.exe "C:\Users\user\Desktop\wOBmA8bj8d.exe"
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess created: C:\Users\user\Desktop\wOBmA8bj8d.exe "C:\Users\user\Desktop\wOBmA8bj8d.exe"Jump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeSection loaded: iconcodecservice.dllJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: wOBmA8bj8d.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: wOBmA8bj8d.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: wOBmA8bj8d.exe, 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: wOBmA8bj8d.exe, wOBmA8bj8d.exe, 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_004031D0 push eax; ret 3_2_004031D2
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_004169E7 push 0F6CFD2Bh; ret 3_2_00416A18
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00423A0A push esp; ret 3_2_00423A0D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00419359 push ds; ret 3_2_0041935B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00408325 push dword ptr [ebx+5Dh]; ret 3_2_0040830B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00417388 push edi; ret 3_2_0041738D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00419477 push edx; ret 3_2_00419485
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00408403 push 00000074h; iretd 3_2_0040840B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00417411 push eax; ret 3_2_00417414
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00411D6F push ds; iretd 3_2_00411DBD
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00411D7B push ds; iretd 3_2_00411DBD
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0041758A push ebp; ret 3_2_004175A6
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0040D66A push ecx; iretd 3_2_0040D6D9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00414E05 push cs; retf 3_2_00414E14
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0040860D push cs; retf 3_2_0040860E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00413E93 pushfd ; ret 3_2_00413F00
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00413EBC pushfd ; ret 3_2_00413F00
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011109AD push ecx; mov dword ptr [esp], ecx3_2_011109B6
          Source: wOBmA8bj8d.exeStatic PE information: section name: .text entropy: 7.736685802424399
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: 2B20000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: 2D30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: 2B80000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: 5330000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: 6330000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: 6460000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: 7460000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: A200000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: B200000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: B690000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: C690000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0115096E rdtsc 3_2_0115096E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeAPI coverage: 0.7 %
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exe TID: 7772Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exe TID: 7936Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0115096E rdtsc 3_2_0115096E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_00417B63 LdrLoadDll,3_2_00417B63
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BA118 mov ecx, dword ptr fs:[00000030h]3_2_011BA118
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BA118 mov eax, dword ptr fs:[00000030h]3_2_011BA118
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BA118 mov eax, dword ptr fs:[00000030h]3_2_011BA118
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BA118 mov eax, dword ptr fs:[00000030h]3_2_011BA118
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D0115 mov eax, dword ptr fs:[00000030h]3_2_011D0115
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov eax, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov ecx, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov eax, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov eax, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov ecx, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov eax, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov eax, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov ecx, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov eax, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE10E mov ecx, dword ptr fs:[00000030h]3_2_011BE10E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01140124 mov eax, dword ptr fs:[00000030h]3_2_01140124
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A8158 mov eax, dword ptr fs:[00000030h]3_2_011A8158
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116154 mov eax, dword ptr fs:[00000030h]3_2_01116154
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116154 mov eax, dword ptr fs:[00000030h]3_2_01116154
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110C156 mov eax, dword ptr fs:[00000030h]3_2_0110C156
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A4144 mov eax, dword ptr fs:[00000030h]3_2_011A4144
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A4144 mov eax, dword ptr fs:[00000030h]3_2_011A4144
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A4144 mov ecx, dword ptr fs:[00000030h]3_2_011A4144
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A4144 mov eax, dword ptr fs:[00000030h]3_2_011A4144
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A4144 mov eax, dword ptr fs:[00000030h]3_2_011A4144
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119019F mov eax, dword ptr fs:[00000030h]3_2_0119019F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119019F mov eax, dword ptr fs:[00000030h]3_2_0119019F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119019F mov eax, dword ptr fs:[00000030h]3_2_0119019F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119019F mov eax, dword ptr fs:[00000030h]3_2_0119019F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110A197 mov eax, dword ptr fs:[00000030h]3_2_0110A197
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110A197 mov eax, dword ptr fs:[00000030h]3_2_0110A197
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110A197 mov eax, dword ptr fs:[00000030h]3_2_0110A197
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01150185 mov eax, dword ptr fs:[00000030h]3_2_01150185
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CC188 mov eax, dword ptr fs:[00000030h]3_2_011CC188
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CC188 mov eax, dword ptr fs:[00000030h]3_2_011CC188
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B4180 mov eax, dword ptr fs:[00000030h]3_2_011B4180
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B4180 mov eax, dword ptr fs:[00000030h]3_2_011B4180
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E1D0 mov eax, dword ptr fs:[00000030h]3_2_0118E1D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E1D0 mov eax, dword ptr fs:[00000030h]3_2_0118E1D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0118E1D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E1D0 mov eax, dword ptr fs:[00000030h]3_2_0118E1D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E1D0 mov eax, dword ptr fs:[00000030h]3_2_0118E1D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D61C3 mov eax, dword ptr fs:[00000030h]3_2_011D61C3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D61C3 mov eax, dword ptr fs:[00000030h]3_2_011D61C3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011401F8 mov eax, dword ptr fs:[00000030h]3_2_011401F8
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E61E5 mov eax, dword ptr fs:[00000030h]3_2_011E61E5
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112E016 mov eax, dword ptr fs:[00000030h]3_2_0112E016
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112E016 mov eax, dword ptr fs:[00000030h]3_2_0112E016
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112E016 mov eax, dword ptr fs:[00000030h]3_2_0112E016
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112E016 mov eax, dword ptr fs:[00000030h]3_2_0112E016
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01194000 mov ecx, dword ptr fs:[00000030h]3_2_01194000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B2000 mov eax, dword ptr fs:[00000030h]3_2_011B2000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B2000 mov eax, dword ptr fs:[00000030h]3_2_011B2000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B2000 mov eax, dword ptr fs:[00000030h]3_2_011B2000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B2000 mov eax, dword ptr fs:[00000030h]3_2_011B2000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B2000 mov eax, dword ptr fs:[00000030h]3_2_011B2000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B2000 mov eax, dword ptr fs:[00000030h]3_2_011B2000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B2000 mov eax, dword ptr fs:[00000030h]3_2_011B2000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B2000 mov eax, dword ptr fs:[00000030h]3_2_011B2000
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A6030 mov eax, dword ptr fs:[00000030h]3_2_011A6030
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110A020 mov eax, dword ptr fs:[00000030h]3_2_0110A020
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110C020 mov eax, dword ptr fs:[00000030h]3_2_0110C020
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01112050 mov eax, dword ptr fs:[00000030h]3_2_01112050
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01196050 mov eax, dword ptr fs:[00000030h]3_2_01196050
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113C073 mov eax, dword ptr fs:[00000030h]3_2_0113C073
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111208A mov eax, dword ptr fs:[00000030h]3_2_0111208A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D60B8 mov eax, dword ptr fs:[00000030h]3_2_011D60B8
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D60B8 mov ecx, dword ptr fs:[00000030h]3_2_011D60B8
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A80A8 mov eax, dword ptr fs:[00000030h]3_2_011A80A8
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011920DE mov eax, dword ptr fs:[00000030h]3_2_011920DE
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110C0F0 mov eax, dword ptr fs:[00000030h]3_2_0110C0F0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011520F0 mov ecx, dword ptr fs:[00000030h]3_2_011520F0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0110A0E3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011180E9 mov eax, dword ptr fs:[00000030h]3_2_011180E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011960E0 mov eax, dword ptr fs:[00000030h]3_2_011960E0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110C310 mov ecx, dword ptr fs:[00000030h]3_2_0110C310
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01130310 mov ecx, dword ptr fs:[00000030h]3_2_01130310
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A30B mov eax, dword ptr fs:[00000030h]3_2_0114A30B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A30B mov eax, dword ptr fs:[00000030h]3_2_0114A30B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A30B mov eax, dword ptr fs:[00000030h]3_2_0114A30B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119035C mov eax, dword ptr fs:[00000030h]3_2_0119035C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119035C mov eax, dword ptr fs:[00000030h]3_2_0119035C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119035C mov eax, dword ptr fs:[00000030h]3_2_0119035C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119035C mov ecx, dword ptr fs:[00000030h]3_2_0119035C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119035C mov eax, dword ptr fs:[00000030h]3_2_0119035C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119035C mov eax, dword ptr fs:[00000030h]3_2_0119035C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B8350 mov ecx, dword ptr fs:[00000030h]3_2_011B8350
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DA352 mov eax, dword ptr fs:[00000030h]3_2_011DA352
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01192349 mov eax, dword ptr fs:[00000030h]3_2_01192349
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B437C mov eax, dword ptr fs:[00000030h]3_2_011B437C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01108397 mov eax, dword ptr fs:[00000030h]3_2_01108397
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01108397 mov eax, dword ptr fs:[00000030h]3_2_01108397
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01108397 mov eax, dword ptr fs:[00000030h]3_2_01108397
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110E388 mov eax, dword ptr fs:[00000030h]3_2_0110E388
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110E388 mov eax, dword ptr fs:[00000030h]3_2_0110E388
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110E388 mov eax, dword ptr fs:[00000030h]3_2_0110E388
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113438F mov eax, dword ptr fs:[00000030h]3_2_0113438F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113438F mov eax, dword ptr fs:[00000030h]3_2_0113438F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE3DB mov eax, dword ptr fs:[00000030h]3_2_011BE3DB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE3DB mov eax, dword ptr fs:[00000030h]3_2_011BE3DB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE3DB mov ecx, dword ptr fs:[00000030h]3_2_011BE3DB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BE3DB mov eax, dword ptr fs:[00000030h]3_2_011BE3DB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B43D4 mov eax, dword ptr fs:[00000030h]3_2_011B43D4
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B43D4 mov eax, dword ptr fs:[00000030h]3_2_011B43D4
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CC3CD mov eax, dword ptr fs:[00000030h]3_2_011CC3CD
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A3C0 mov eax, dword ptr fs:[00000030h]3_2_0111A3C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A3C0 mov eax, dword ptr fs:[00000030h]3_2_0111A3C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A3C0 mov eax, dword ptr fs:[00000030h]3_2_0111A3C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A3C0 mov eax, dword ptr fs:[00000030h]3_2_0111A3C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A3C0 mov eax, dword ptr fs:[00000030h]3_2_0111A3C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A3C0 mov eax, dword ptr fs:[00000030h]3_2_0111A3C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011183C0 mov eax, dword ptr fs:[00000030h]3_2_011183C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011183C0 mov eax, dword ptr fs:[00000030h]3_2_011183C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011183C0 mov eax, dword ptr fs:[00000030h]3_2_011183C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011183C0 mov eax, dword ptr fs:[00000030h]3_2_011183C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112E3F0 mov eax, dword ptr fs:[00000030h]3_2_0112E3F0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112E3F0 mov eax, dword ptr fs:[00000030h]3_2_0112E3F0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112E3F0 mov eax, dword ptr fs:[00000030h]3_2_0112E3F0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011463FF mov eax, dword ptr fs:[00000030h]3_2_011463FF
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011203E9 mov eax, dword ptr fs:[00000030h]3_2_011203E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011203E9 mov eax, dword ptr fs:[00000030h]3_2_011203E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011203E9 mov eax, dword ptr fs:[00000030h]3_2_011203E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011203E9 mov eax, dword ptr fs:[00000030h]3_2_011203E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011203E9 mov eax, dword ptr fs:[00000030h]3_2_011203E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011203E9 mov eax, dword ptr fs:[00000030h]3_2_011203E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011203E9 mov eax, dword ptr fs:[00000030h]3_2_011203E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011203E9 mov eax, dword ptr fs:[00000030h]3_2_011203E9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110823B mov eax, dword ptr fs:[00000030h]3_2_0110823B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110A250 mov eax, dword ptr fs:[00000030h]3_2_0110A250
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116259 mov eax, dword ptr fs:[00000030h]3_2_01116259
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CA250 mov eax, dword ptr fs:[00000030h]3_2_011CA250
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CA250 mov eax, dword ptr fs:[00000030h]3_2_011CA250
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01198243 mov eax, dword ptr fs:[00000030h]3_2_01198243
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01198243 mov ecx, dword ptr fs:[00000030h]3_2_01198243
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C0274 mov eax, dword ptr fs:[00000030h]3_2_011C0274
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01114260 mov eax, dword ptr fs:[00000030h]3_2_01114260
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01114260 mov eax, dword ptr fs:[00000030h]3_2_01114260
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01114260 mov eax, dword ptr fs:[00000030h]3_2_01114260
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110826B mov eax, dword ptr fs:[00000030h]3_2_0110826B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E284 mov eax, dword ptr fs:[00000030h]3_2_0114E284
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E284 mov eax, dword ptr fs:[00000030h]3_2_0114E284
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01190283 mov eax, dword ptr fs:[00000030h]3_2_01190283
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01190283 mov eax, dword ptr fs:[00000030h]3_2_01190283
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01190283 mov eax, dword ptr fs:[00000030h]3_2_01190283
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011202A0 mov eax, dword ptr fs:[00000030h]3_2_011202A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011202A0 mov eax, dword ptr fs:[00000030h]3_2_011202A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A62A0 mov eax, dword ptr fs:[00000030h]3_2_011A62A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A62A0 mov ecx, dword ptr fs:[00000030h]3_2_011A62A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A62A0 mov eax, dword ptr fs:[00000030h]3_2_011A62A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A62A0 mov eax, dword ptr fs:[00000030h]3_2_011A62A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A62A0 mov eax, dword ptr fs:[00000030h]3_2_011A62A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A62A0 mov eax, dword ptr fs:[00000030h]3_2_011A62A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A2C3 mov eax, dword ptr fs:[00000030h]3_2_0111A2C3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A2C3 mov eax, dword ptr fs:[00000030h]3_2_0111A2C3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A2C3 mov eax, dword ptr fs:[00000030h]3_2_0111A2C3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A2C3 mov eax, dword ptr fs:[00000030h]3_2_0111A2C3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A2C3 mov eax, dword ptr fs:[00000030h]3_2_0111A2C3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011202E1 mov eax, dword ptr fs:[00000030h]3_2_011202E1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011202E1 mov eax, dword ptr fs:[00000030h]3_2_011202E1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011202E1 mov eax, dword ptr fs:[00000030h]3_2_011202E1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A6500 mov eax, dword ptr fs:[00000030h]3_2_011A6500
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E4500 mov eax, dword ptr fs:[00000030h]3_2_011E4500
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E4500 mov eax, dword ptr fs:[00000030h]3_2_011E4500
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E4500 mov eax, dword ptr fs:[00000030h]3_2_011E4500
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E4500 mov eax, dword ptr fs:[00000030h]3_2_011E4500
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E4500 mov eax, dword ptr fs:[00000030h]3_2_011E4500
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E4500 mov eax, dword ptr fs:[00000030h]3_2_011E4500
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E4500 mov eax, dword ptr fs:[00000030h]3_2_011E4500
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120535 mov eax, dword ptr fs:[00000030h]3_2_01120535
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120535 mov eax, dword ptr fs:[00000030h]3_2_01120535
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120535 mov eax, dword ptr fs:[00000030h]3_2_01120535
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120535 mov eax, dword ptr fs:[00000030h]3_2_01120535
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120535 mov eax, dword ptr fs:[00000030h]3_2_01120535
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120535 mov eax, dword ptr fs:[00000030h]3_2_01120535
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E53E mov eax, dword ptr fs:[00000030h]3_2_0113E53E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E53E mov eax, dword ptr fs:[00000030h]3_2_0113E53E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E53E mov eax, dword ptr fs:[00000030h]3_2_0113E53E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E53E mov eax, dword ptr fs:[00000030h]3_2_0113E53E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E53E mov eax, dword ptr fs:[00000030h]3_2_0113E53E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01118550 mov eax, dword ptr fs:[00000030h]3_2_01118550
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01118550 mov eax, dword ptr fs:[00000030h]3_2_01118550
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114656A mov eax, dword ptr fs:[00000030h]3_2_0114656A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114656A mov eax, dword ptr fs:[00000030h]3_2_0114656A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114656A mov eax, dword ptr fs:[00000030h]3_2_0114656A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E59C mov eax, dword ptr fs:[00000030h]3_2_0114E59C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01112582 mov eax, dword ptr fs:[00000030h]3_2_01112582
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01112582 mov ecx, dword ptr fs:[00000030h]3_2_01112582
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01144588 mov eax, dword ptr fs:[00000030h]3_2_01144588
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011345B1 mov eax, dword ptr fs:[00000030h]3_2_011345B1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011345B1 mov eax, dword ptr fs:[00000030h]3_2_011345B1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011905A7 mov eax, dword ptr fs:[00000030h]3_2_011905A7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011905A7 mov eax, dword ptr fs:[00000030h]3_2_011905A7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011905A7 mov eax, dword ptr fs:[00000030h]3_2_011905A7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011165D0 mov eax, dword ptr fs:[00000030h]3_2_011165D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A5D0 mov eax, dword ptr fs:[00000030h]3_2_0114A5D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A5D0 mov eax, dword ptr fs:[00000030h]3_2_0114A5D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E5CF mov eax, dword ptr fs:[00000030h]3_2_0114E5CF
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E5CF mov eax, dword ptr fs:[00000030h]3_2_0114E5CF
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011125E0 mov eax, dword ptr fs:[00000030h]3_2_011125E0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E5E7 mov eax, dword ptr fs:[00000030h]3_2_0113E5E7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E5E7 mov eax, dword ptr fs:[00000030h]3_2_0113E5E7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E5E7 mov eax, dword ptr fs:[00000030h]3_2_0113E5E7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E5E7 mov eax, dword ptr fs:[00000030h]3_2_0113E5E7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E5E7 mov eax, dword ptr fs:[00000030h]3_2_0113E5E7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E5E7 mov eax, dword ptr fs:[00000030h]3_2_0113E5E7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E5E7 mov eax, dword ptr fs:[00000030h]3_2_0113E5E7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E5E7 mov eax, dword ptr fs:[00000030h]3_2_0113E5E7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114C5ED mov eax, dword ptr fs:[00000030h]3_2_0114C5ED
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114C5ED mov eax, dword ptr fs:[00000030h]3_2_0114C5ED
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01148402 mov eax, dword ptr fs:[00000030h]3_2_01148402
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01148402 mov eax, dword ptr fs:[00000030h]3_2_01148402
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01148402 mov eax, dword ptr fs:[00000030h]3_2_01148402
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A430 mov eax, dword ptr fs:[00000030h]3_2_0114A430
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110E420 mov eax, dword ptr fs:[00000030h]3_2_0110E420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110E420 mov eax, dword ptr fs:[00000030h]3_2_0110E420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110E420 mov eax, dword ptr fs:[00000030h]3_2_0110E420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110C427 mov eax, dword ptr fs:[00000030h]3_2_0110C427
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01196420 mov eax, dword ptr fs:[00000030h]3_2_01196420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01196420 mov eax, dword ptr fs:[00000030h]3_2_01196420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01196420 mov eax, dword ptr fs:[00000030h]3_2_01196420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01196420 mov eax, dword ptr fs:[00000030h]3_2_01196420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01196420 mov eax, dword ptr fs:[00000030h]3_2_01196420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01196420 mov eax, dword ptr fs:[00000030h]3_2_01196420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01196420 mov eax, dword ptr fs:[00000030h]3_2_01196420
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113245A mov eax, dword ptr fs:[00000030h]3_2_0113245A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CA456 mov eax, dword ptr fs:[00000030h]3_2_011CA456
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110645D mov eax, dword ptr fs:[00000030h]3_2_0110645D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E443 mov eax, dword ptr fs:[00000030h]3_2_0114E443
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E443 mov eax, dword ptr fs:[00000030h]3_2_0114E443
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E443 mov eax, dword ptr fs:[00000030h]3_2_0114E443
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E443 mov eax, dword ptr fs:[00000030h]3_2_0114E443
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E443 mov eax, dword ptr fs:[00000030h]3_2_0114E443
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E443 mov eax, dword ptr fs:[00000030h]3_2_0114E443
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E443 mov eax, dword ptr fs:[00000030h]3_2_0114E443
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114E443 mov eax, dword ptr fs:[00000030h]3_2_0114E443
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113A470 mov eax, dword ptr fs:[00000030h]3_2_0113A470
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113A470 mov eax, dword ptr fs:[00000030h]3_2_0113A470
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113A470 mov eax, dword ptr fs:[00000030h]3_2_0113A470
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119C460 mov ecx, dword ptr fs:[00000030h]3_2_0119C460
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011CA49A mov eax, dword ptr fs:[00000030h]3_2_011CA49A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011444B0 mov ecx, dword ptr fs:[00000030h]3_2_011444B0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119A4B0 mov eax, dword ptr fs:[00000030h]3_2_0119A4B0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011164AB mov eax, dword ptr fs:[00000030h]3_2_011164AB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011104E5 mov ecx, dword ptr fs:[00000030h]3_2_011104E5
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01110710 mov eax, dword ptr fs:[00000030h]3_2_01110710
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01140710 mov eax, dword ptr fs:[00000030h]3_2_01140710
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114C700 mov eax, dword ptr fs:[00000030h]3_2_0114C700
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114273C mov eax, dword ptr fs:[00000030h]3_2_0114273C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114273C mov ecx, dword ptr fs:[00000030h]3_2_0114273C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114273C mov eax, dword ptr fs:[00000030h]3_2_0114273C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118C730 mov eax, dword ptr fs:[00000030h]3_2_0118C730
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114C720 mov eax, dword ptr fs:[00000030h]3_2_0114C720
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114C720 mov eax, dword ptr fs:[00000030h]3_2_0114C720
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01110750 mov eax, dword ptr fs:[00000030h]3_2_01110750
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119E75D mov eax, dword ptr fs:[00000030h]3_2_0119E75D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152750 mov eax, dword ptr fs:[00000030h]3_2_01152750
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152750 mov eax, dword ptr fs:[00000030h]3_2_01152750
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01194755 mov eax, dword ptr fs:[00000030h]3_2_01194755
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114674D mov esi, dword ptr fs:[00000030h]3_2_0114674D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114674D mov eax, dword ptr fs:[00000030h]3_2_0114674D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114674D mov eax, dword ptr fs:[00000030h]3_2_0114674D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01118770 mov eax, dword ptr fs:[00000030h]3_2_01118770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120770 mov eax, dword ptr fs:[00000030h]3_2_01120770
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B678E mov eax, dword ptr fs:[00000030h]3_2_011B678E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C47A0 mov eax, dword ptr fs:[00000030h]3_2_011C47A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011107AF mov eax, dword ptr fs:[00000030h]3_2_011107AF
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111C7C0 mov eax, dword ptr fs:[00000030h]3_2_0111C7C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011907C3 mov eax, dword ptr fs:[00000030h]3_2_011907C3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011147FB mov eax, dword ptr fs:[00000030h]3_2_011147FB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011147FB mov eax, dword ptr fs:[00000030h]3_2_011147FB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119E7E1 mov eax, dword ptr fs:[00000030h]3_2_0119E7E1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011327ED mov eax, dword ptr fs:[00000030h]3_2_011327ED
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011327ED mov eax, dword ptr fs:[00000030h]3_2_011327ED
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011327ED mov eax, dword ptr fs:[00000030h]3_2_011327ED
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01152619 mov eax, dword ptr fs:[00000030h]3_2_01152619
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E609 mov eax, dword ptr fs:[00000030h]3_2_0118E609
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112260B mov eax, dword ptr fs:[00000030h]3_2_0112260B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112260B mov eax, dword ptr fs:[00000030h]3_2_0112260B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112260B mov eax, dword ptr fs:[00000030h]3_2_0112260B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112260B mov eax, dword ptr fs:[00000030h]3_2_0112260B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112260B mov eax, dword ptr fs:[00000030h]3_2_0112260B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112260B mov eax, dword ptr fs:[00000030h]3_2_0112260B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112260B mov eax, dword ptr fs:[00000030h]3_2_0112260B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01146620 mov eax, dword ptr fs:[00000030h]3_2_01146620
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01148620 mov eax, dword ptr fs:[00000030h]3_2_01148620
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112E627 mov eax, dword ptr fs:[00000030h]3_2_0112E627
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111262C mov eax, dword ptr fs:[00000030h]3_2_0111262C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112C640 mov eax, dword ptr fs:[00000030h]3_2_0112C640
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01142674 mov eax, dword ptr fs:[00000030h]3_2_01142674
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D866E mov eax, dword ptr fs:[00000030h]3_2_011D866E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D866E mov eax, dword ptr fs:[00000030h]3_2_011D866E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A660 mov eax, dword ptr fs:[00000030h]3_2_0114A660
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A660 mov eax, dword ptr fs:[00000030h]3_2_0114A660
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01114690 mov eax, dword ptr fs:[00000030h]3_2_01114690
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01114690 mov eax, dword ptr fs:[00000030h]3_2_01114690
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011466B0 mov eax, dword ptr fs:[00000030h]3_2_011466B0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114C6A6 mov eax, dword ptr fs:[00000030h]3_2_0114C6A6
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0114A6C7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A6C7 mov eax, dword ptr fs:[00000030h]3_2_0114A6C7
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011906F1 mov eax, dword ptr fs:[00000030h]3_2_011906F1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011906F1 mov eax, dword ptr fs:[00000030h]3_2_011906F1
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E6F2 mov eax, dword ptr fs:[00000030h]3_2_0118E6F2
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E6F2 mov eax, dword ptr fs:[00000030h]3_2_0118E6F2
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E6F2 mov eax, dword ptr fs:[00000030h]3_2_0118E6F2
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E6F2 mov eax, dword ptr fs:[00000030h]3_2_0118E6F2
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01108918 mov eax, dword ptr fs:[00000030h]3_2_01108918
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01108918 mov eax, dword ptr fs:[00000030h]3_2_01108918
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119C912 mov eax, dword ptr fs:[00000030h]3_2_0119C912
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E908 mov eax, dword ptr fs:[00000030h]3_2_0118E908
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118E908 mov eax, dword ptr fs:[00000030h]3_2_0118E908
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A892B mov eax, dword ptr fs:[00000030h]3_2_011A892B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119892A mov eax, dword ptr fs:[00000030h]3_2_0119892A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01190946 mov eax, dword ptr fs:[00000030h]3_2_01190946
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B4978 mov eax, dword ptr fs:[00000030h]3_2_011B4978
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B4978 mov eax, dword ptr fs:[00000030h]3_2_011B4978
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119C97C mov eax, dword ptr fs:[00000030h]3_2_0119C97C
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01136962 mov eax, dword ptr fs:[00000030h]3_2_01136962
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01136962 mov eax, dword ptr fs:[00000030h]3_2_01136962
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01136962 mov eax, dword ptr fs:[00000030h]3_2_01136962
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0115096E mov eax, dword ptr fs:[00000030h]3_2_0115096E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0115096E mov edx, dword ptr fs:[00000030h]3_2_0115096E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0115096E mov eax, dword ptr fs:[00000030h]3_2_0115096E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011989B3 mov esi, dword ptr fs:[00000030h]3_2_011989B3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011989B3 mov eax, dword ptr fs:[00000030h]3_2_011989B3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011989B3 mov eax, dword ptr fs:[00000030h]3_2_011989B3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011229A0 mov eax, dword ptr fs:[00000030h]3_2_011229A0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011109AD mov eax, dword ptr fs:[00000030h]3_2_011109AD
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011109AD mov eax, dword ptr fs:[00000030h]3_2_011109AD
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A9D0 mov eax, dword ptr fs:[00000030h]3_2_0111A9D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A9D0 mov eax, dword ptr fs:[00000030h]3_2_0111A9D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A9D0 mov eax, dword ptr fs:[00000030h]3_2_0111A9D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A9D0 mov eax, dword ptr fs:[00000030h]3_2_0111A9D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A9D0 mov eax, dword ptr fs:[00000030h]3_2_0111A9D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111A9D0 mov eax, dword ptr fs:[00000030h]3_2_0111A9D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011449D0 mov eax, dword ptr fs:[00000030h]3_2_011449D0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DA9D3 mov eax, dword ptr fs:[00000030h]3_2_011DA9D3
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A69C0 mov eax, dword ptr fs:[00000030h]3_2_011A69C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011429F9 mov eax, dword ptr fs:[00000030h]3_2_011429F9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011429F9 mov eax, dword ptr fs:[00000030h]3_2_011429F9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119E9E0 mov eax, dword ptr fs:[00000030h]3_2_0119E9E0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119C810 mov eax, dword ptr fs:[00000030h]3_2_0119C810
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B483A mov eax, dword ptr fs:[00000030h]3_2_011B483A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B483A mov eax, dword ptr fs:[00000030h]3_2_011B483A
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114A830 mov eax, dword ptr fs:[00000030h]3_2_0114A830
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01132835 mov eax, dword ptr fs:[00000030h]3_2_01132835
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01132835 mov eax, dword ptr fs:[00000030h]3_2_01132835
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01132835 mov eax, dword ptr fs:[00000030h]3_2_01132835
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01132835 mov ecx, dword ptr fs:[00000030h]3_2_01132835
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01132835 mov eax, dword ptr fs:[00000030h]3_2_01132835
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01132835 mov eax, dword ptr fs:[00000030h]3_2_01132835
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01140854 mov eax, dword ptr fs:[00000030h]3_2_01140854
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01114859 mov eax, dword ptr fs:[00000030h]3_2_01114859
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01114859 mov eax, dword ptr fs:[00000030h]3_2_01114859
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01122840 mov ecx, dword ptr fs:[00000030h]3_2_01122840
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A6870 mov eax, dword ptr fs:[00000030h]3_2_011A6870
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A6870 mov eax, dword ptr fs:[00000030h]3_2_011A6870
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119E872 mov eax, dword ptr fs:[00000030h]3_2_0119E872
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119E872 mov eax, dword ptr fs:[00000030h]3_2_0119E872
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119C89D mov eax, dword ptr fs:[00000030h]3_2_0119C89D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01110887 mov eax, dword ptr fs:[00000030h]3_2_01110887
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113E8C0 mov eax, dword ptr fs:[00000030h]3_2_0113E8C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E08C0 mov eax, dword ptr fs:[00000030h]3_2_011E08C0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114C8F9 mov eax, dword ptr fs:[00000030h]3_2_0114C8F9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114C8F9 mov eax, dword ptr fs:[00000030h]3_2_0114C8F9
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DA8E4 mov eax, dword ptr fs:[00000030h]3_2_011DA8E4
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118EB1D mov eax, dword ptr fs:[00000030h]3_2_0118EB1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118EB1D mov eax, dword ptr fs:[00000030h]3_2_0118EB1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118EB1D mov eax, dword ptr fs:[00000030h]3_2_0118EB1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118EB1D mov eax, dword ptr fs:[00000030h]3_2_0118EB1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118EB1D mov eax, dword ptr fs:[00000030h]3_2_0118EB1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118EB1D mov eax, dword ptr fs:[00000030h]3_2_0118EB1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118EB1D mov eax, dword ptr fs:[00000030h]3_2_0118EB1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118EB1D mov eax, dword ptr fs:[00000030h]3_2_0118EB1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118EB1D mov eax, dword ptr fs:[00000030h]3_2_0118EB1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113EB20 mov eax, dword ptr fs:[00000030h]3_2_0113EB20
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113EB20 mov eax, dword ptr fs:[00000030h]3_2_0113EB20
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D8B28 mov eax, dword ptr fs:[00000030h]3_2_011D8B28
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011D8B28 mov eax, dword ptr fs:[00000030h]3_2_011D8B28
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BEB50 mov eax, dword ptr fs:[00000030h]3_2_011BEB50
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C4B4B mov eax, dword ptr fs:[00000030h]3_2_011C4B4B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C4B4B mov eax, dword ptr fs:[00000030h]3_2_011C4B4B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011B8B42 mov eax, dword ptr fs:[00000030h]3_2_011B8B42
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A6B40 mov eax, dword ptr fs:[00000030h]3_2_011A6B40
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011A6B40 mov eax, dword ptr fs:[00000030h]3_2_011A6B40
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011DAB40 mov eax, dword ptr fs:[00000030h]3_2_011DAB40
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0110CB7E mov eax, dword ptr fs:[00000030h]3_2_0110CB7E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120BBE mov eax, dword ptr fs:[00000030h]3_2_01120BBE
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120BBE mov eax, dword ptr fs:[00000030h]3_2_01120BBE
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C4BB0 mov eax, dword ptr fs:[00000030h]3_2_011C4BB0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C4BB0 mov eax, dword ptr fs:[00000030h]3_2_011C4BB0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BEBD0 mov eax, dword ptr fs:[00000030h]3_2_011BEBD0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01130BCB mov eax, dword ptr fs:[00000030h]3_2_01130BCB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01130BCB mov eax, dword ptr fs:[00000030h]3_2_01130BCB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01130BCB mov eax, dword ptr fs:[00000030h]3_2_01130BCB
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01110BCD mov eax, dword ptr fs:[00000030h]3_2_01110BCD
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01110BCD mov eax, dword ptr fs:[00000030h]3_2_01110BCD
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01110BCD mov eax, dword ptr fs:[00000030h]3_2_01110BCD
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01118BF0 mov eax, dword ptr fs:[00000030h]3_2_01118BF0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01118BF0 mov eax, dword ptr fs:[00000030h]3_2_01118BF0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01118BF0 mov eax, dword ptr fs:[00000030h]3_2_01118BF0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119CBF0 mov eax, dword ptr fs:[00000030h]3_2_0119CBF0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113EBFC mov eax, dword ptr fs:[00000030h]3_2_0113EBFC
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0119CA11 mov eax, dword ptr fs:[00000030h]3_2_0119CA11
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01134A35 mov eax, dword ptr fs:[00000030h]3_2_01134A35
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01134A35 mov eax, dword ptr fs:[00000030h]3_2_01134A35
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114CA38 mov eax, dword ptr fs:[00000030h]3_2_0114CA38
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114CA24 mov eax, dword ptr fs:[00000030h]3_2_0114CA24
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0113EA2E mov eax, dword ptr fs:[00000030h]3_2_0113EA2E
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116A50 mov eax, dword ptr fs:[00000030h]3_2_01116A50
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116A50 mov eax, dword ptr fs:[00000030h]3_2_01116A50
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116A50 mov eax, dword ptr fs:[00000030h]3_2_01116A50
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116A50 mov eax, dword ptr fs:[00000030h]3_2_01116A50
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116A50 mov eax, dword ptr fs:[00000030h]3_2_01116A50
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116A50 mov eax, dword ptr fs:[00000030h]3_2_01116A50
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01116A50 mov eax, dword ptr fs:[00000030h]3_2_01116A50
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120A5B mov eax, dword ptr fs:[00000030h]3_2_01120A5B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01120A5B mov eax, dword ptr fs:[00000030h]3_2_01120A5B
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118CA72 mov eax, dword ptr fs:[00000030h]3_2_0118CA72
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0118CA72 mov eax, dword ptr fs:[00000030h]3_2_0118CA72
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114CA6F mov eax, dword ptr fs:[00000030h]3_2_0114CA6F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114CA6F mov eax, dword ptr fs:[00000030h]3_2_0114CA6F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114CA6F mov eax, dword ptr fs:[00000030h]3_2_0114CA6F
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011BEA60 mov eax, dword ptr fs:[00000030h]3_2_011BEA60
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01148A90 mov edx, dword ptr fs:[00000030h]3_2_01148A90
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA80 mov eax, dword ptr fs:[00000030h]3_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA80 mov eax, dword ptr fs:[00000030h]3_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA80 mov eax, dword ptr fs:[00000030h]3_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA80 mov eax, dword ptr fs:[00000030h]3_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA80 mov eax, dword ptr fs:[00000030h]3_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA80 mov eax, dword ptr fs:[00000030h]3_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA80 mov eax, dword ptr fs:[00000030h]3_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA80 mov eax, dword ptr fs:[00000030h]3_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0111EA80 mov eax, dword ptr fs:[00000030h]3_2_0111EA80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011E4A80 mov eax, dword ptr fs:[00000030h]3_2_011E4A80
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01118AA0 mov eax, dword ptr fs:[00000030h]3_2_01118AA0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01118AA0 mov eax, dword ptr fs:[00000030h]3_2_01118AA0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01166AA4 mov eax, dword ptr fs:[00000030h]3_2_01166AA4
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01110AD0 mov eax, dword ptr fs:[00000030h]3_2_01110AD0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01144AD0 mov eax, dword ptr fs:[00000030h]3_2_01144AD0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01144AD0 mov eax, dword ptr fs:[00000030h]3_2_01144AD0
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01166ACC mov eax, dword ptr fs:[00000030h]3_2_01166ACC
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01166ACC mov eax, dword ptr fs:[00000030h]3_2_01166ACC
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01166ACC mov eax, dword ptr fs:[00000030h]3_2_01166ACC
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114AAEE mov eax, dword ptr fs:[00000030h]3_2_0114AAEE
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0114AAEE mov eax, dword ptr fs:[00000030h]3_2_0114AAEE
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01106D10 mov eax, dword ptr fs:[00000030h]3_2_01106D10
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01106D10 mov eax, dword ptr fs:[00000030h]3_2_01106D10
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01106D10 mov eax, dword ptr fs:[00000030h]3_2_01106D10
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_01144D1D mov eax, dword ptr fs:[00000030h]3_2_01144D1D
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C8D10 mov eax, dword ptr fs:[00000030h]3_2_011C8D10
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_011C8D10 mov eax, dword ptr fs:[00000030h]3_2_011C8D10
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeCode function: 3_2_0112AD00 mov eax, dword ptr fs:[00000030h]3_2_0112AD00
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeMemory written: C:\Users\user\Desktop\wOBmA8bj8d.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeProcess created: C:\Users\user\Desktop\wOBmA8bj8d.exe "C:\Users\user\Desktop\wOBmA8bj8d.exe"Jump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeQueries volume information: C:\Users\user\Desktop\wOBmA8bj8d.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\wOBmA8bj8d.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 3.2.wOBmA8bj8d.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.wOBmA8bj8d.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.1912714690.0000000001430000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 3.2.wOBmA8bj8d.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.wOBmA8bj8d.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.1912714690.0000000001430000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading
          111
          Process Injection
          1
          Masquerading
          OS Credential Dumping2
          Security Software Discovery
          Remote Services1
          Archive Collected Data
          1
          Encrypted Channel
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading
          1
          Disable or Modify Tools
          LSASS Memory1
          Process Discovery
          Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion
          Security Account Manager41
          Virtualization/Sandbox Evasion
          SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection
          NTDS12
          System Information Discovery
          Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information
          LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
          Obfuscated Files or Information
          Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
          Software Packing
          DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading
          Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          wOBmA8bj8d.exe65%VirustotalBrowse
          wOBmA8bj8d.exe75%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
          wOBmA8bj8d.exe100%Joe Sandbox ML
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          NameIPActiveMaliciousAntivirus DetectionReputation
          s-part-0017.t-0009.t-msedge.net
          13.107.246.45
          truefalse
            high
            NameSourceMaliciousAntivirus DetectionReputation
            http://www.elderscrolls.com/skyrim/characterwOBmA8bj8d.exefalse
              high
              http://www.elderscrolls.com/skyrim/characterTwOBmA8bj8d.exefalse
                high
                http://www.elderscrolls.com/skyrim/playerwOBmA8bj8d.exe, 00000000.00000002.1347152991.0000000002D3A000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  No contacted IP infos
                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1588584
                  Start date and time:2025-01-11 02:43:22 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 41s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:8
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:wOBmA8bj8d.exe
                  renamed because original name is a hash value
                  Original Sample Name:907ff2758c6ec2890d8104c1e6b0b0cf367b5778e8f7947952b9e9ade62d97ed.exe
                  Detection:MAL
                  Classification:mal68.troj.evad.winEXE@3/1@0/0
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 97%
                  • Number of executed functions: 42
                  • Number of non-executed functions: 276
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 13.107.246.45, 184.28.90.27, 4.175.87.197
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  TimeTypeDescription
                  20:44:18API Interceptor4x Sleep call for process: wOBmA8bj8d.exe modified
                  No context
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  s-part-0017.t-0009.t-msedge.netKtPCqWWnqM.exeGet hashmaliciousUnknownBrowse
                  • 13.107.246.45
                  kQibsaGS2E.exeGet hashmaliciousUnknownBrowse
                  • 13.107.246.45
                  1907125702104121563.jsGet hashmaliciousStrela DownloaderBrowse
                  • 13.107.246.45
                  2937924646314313784.jsGet hashmaliciousStrela DownloaderBrowse
                  • 13.107.246.45
                  RdichqztBg.exeGet hashmaliciousFormBookBrowse
                  • 13.107.246.45
                  AraK29dzhH.exeGet hashmaliciousFormBookBrowse
                  • 13.107.246.45
                  YrCSUX2O3I.exeGet hashmaliciousGuLoaderBrowse
                  • 13.107.246.45
                  http://unikuesolutions.com/ck/bd/%7BRANDOM_NUMBER05%7D/YmVuc29uLmxpbkB2aGFjb3JwLmNvbQ==Get hashmaliciousUnknownBrowse
                  • 13.107.246.45
                  uG3I84bQEr.exeGet hashmaliciousFormBookBrowse
                  • 13.107.246.45
                  12621132703258916868.jsGet hashmaliciousStrela DownloaderBrowse
                  • 13.107.246.45
                  No context
                  No context
                  No context
                  Process:C:\Users\user\Desktop\wOBmA8bj8d.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1216
                  Entropy (8bit):5.34331486778365
                  Encrypted:false
                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                  Malicious:true
                  Reputation:high, very likely benign file
                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Entropy (8bit):7.73172480703287
                  TrID:
                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  • Win32 Executable (generic) a (10002005/4) 49.75%
                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                  • Windows Screen Saver (13104/52) 0.07%
                  • Generic Win/DOS Executable (2004/3) 0.01%
                  File name:wOBmA8bj8d.exe
                  File size:832'000 bytes
                  MD5:a81c16543d1f97c790541810704c3e15
                  SHA1:406ac745f2d77888b77dccf7f182de70006688a2
                  SHA256:907ff2758c6ec2890d8104c1e6b0b0cf367b5778e8f7947952b9e9ade62d97ed
                  SHA512:ab891ba77a59741f23ecb55fbd62b68e80474be7a689c3d11c1fec06f37a191b1fa0f51fc78fe4fb797c63a22264622fef92b51b63495d1ef26c8ae80692231e
                  SSDEEP:12288:r1yMXt2IPms4e0kRgSm0EyRxXiYyddYzT/BCQAbajs15xAWMCgIRj6AK4Etf0TYs:r1yNIOeG/CXiTdcT/Btw5MKWJ3q
                  TLSH:0705E09C7650F48FC943CA358E60FD74AA546DBA9307D203AAD72DEFF91D8568E040E2
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q.Qg..............0.................. ........@.. ....................................@................................
                  Icon Hash:0697f0b9b0b1d827
                  Entrypoint:0x4cb09e
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Time Stamp:0x67511D71 [Thu Dec 5 03:26:41 2024 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                  Instruction
                  jmp dword ptr [00402000h]
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0xcb04c0x4f.text
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xcc0000x1bb0.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xce0000xc.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x20000xc90a40xc9200b79445a342366a53294c16d0175344bfFalse0.8876558615599751data7.736685802424399IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rsrc0xcc0000x1bb00x1c00a03f45e58970486e54683a13b899e422False0.8683035714285714data7.378374621657166IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0xce0000xc0x20014e9a6ba866ed5b392b5fef1fda9e0beFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_ICON0xcc0e80x174ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9639624539054643
                  RT_GROUP_ICON0xcd8380x14data1.05
                  RT_VERSION0xcd84c0x360data0.4236111111111111
                  DLLImport
                  mscoree.dll_CorExeMain
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Jan 11, 2025 02:44:16.246334076 CET1.1.1.1192.168.2.100x6e0aNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                  Jan 11, 2025 02:44:16.246334076 CET1.1.1.1192.168.2.100x6e0aNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                  Click to jump to process

                  Click to jump to process

                  Click to dive into process behavior distribution

                  Click to jump to process

                  Target ID:0
                  Start time:20:44:17
                  Start date:10/01/2025
                  Path:C:\Users\user\Desktop\wOBmA8bj8d.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\wOBmA8bj8d.exe"
                  Imagebase:0x990000
                  File size:832'000 bytes
                  MD5 hash:A81C16543D1F97C790541810704C3E15
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  Target ID:3
                  Start time:20:44:20
                  Start date:10/01/2025
                  Path:C:\Users\user\Desktop\wOBmA8bj8d.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\wOBmA8bj8d.exe"
                  Imagebase:0x640000
                  File size:832'000 bytes
                  MD5 hash:A81C16543D1F97C790541810704C3E15
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1912714690.0000000001430000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:low
                  Has exited:true

                  Reset < >

                    Execution Graph

                    Execution Coverage:11.4%
                    Dynamic/Decrypted Code Coverage:100%
                    Signature Coverage:8.1%
                    Total number of Nodes:161
                    Total number of Limit Nodes:7
                    execution_graph 21544 998e7e8 21545 998e973 21544->21545 21547 998e80e 21544->21547 21547->21545 21548 998b010 21547->21548 21549 998ea68 PostMessageW 21548->21549 21550 998ead4 21549->21550 21550->21547 21342 2b29d58 21343 2b29d7a 21342->21343 21346 2b29bc0 21343->21346 21345 2b29dd1 21347 2b29bcb 21346->21347 21350 2b29bec 21347->21350 21349 2b2a3ea 21349->21345 21351 2b29bf7 21350->21351 21354 2b29c0c 21351->21354 21353 2b2a725 21353->21349 21355 2b29c17 21354->21355 21358 2b29c3c 21355->21358 21357 2b2a802 21357->21353 21359 2b29c47 21358->21359 21362 2b29c6c 21359->21362 21361 2b2a914 21361->21357 21363 2b29c77 21362->21363 21366 2b2d5e0 21363->21366 21365 2b2d738 21365->21361 21367 2b2d5eb 21366->21367 21368 2b2f1ba 21367->21368 21370 2b2f218 21367->21370 21368->21365 21371 2b2f25b 21370->21371 21372 2b2f266 KiUserCallbackDispatcher 21371->21372 21373 2b2f290 21371->21373 21372->21373 21373->21368 21374 998cf34 21376 998cb54 21374->21376 21375 998cec6 21376->21375 21380 998d588 21376->21380 21396 998d5ee 21376->21396 21413 998d578 21376->21413 21381 998d5a2 21380->21381 21386 998d5aa 21381->21386 21429 998dfd9 21381->21429 21434 998df47 21381->21434 21439 998daa7 21381->21439 21444 998dba2 21381->21444 21451 998d9a1 21381->21451 21456 998dccd 21381->21456 21461 998dc8c 21381->21461 21466 998e04b 21381->21466 21472 998dc29 21381->21472 21477 998e136 21381->21477 21481 998dc51 21381->21481 21486 998da7d 21381->21486 21491 998dbdb 21381->21491 21386->21376 21397 998d57c 21396->21397 21398 998d5f1 21396->21398 21399 998dfd9 2 API calls 21397->21399 21400 998dbdb 2 API calls 21397->21400 21401 998da7d 2 API calls 21397->21401 21402 998dc51 2 API calls 21397->21402 21403 998d5aa 21397->21403 21404 998e136 2 API calls 21397->21404 21405 998dc29 2 API calls 21397->21405 21406 998e04b 2 API calls 21397->21406 21407 998dc8c 2 API calls 21397->21407 21408 998dccd 2 API calls 21397->21408 21409 998d9a1 2 API calls 21397->21409 21410 998dba2 4 API calls 21397->21410 21411 998daa7 2 API calls 21397->21411 21412 998df47 2 API calls 21397->21412 21398->21376 21399->21403 21400->21403 21401->21403 21402->21403 21403->21376 21404->21403 21405->21403 21406->21403 21407->21403 21408->21403 21409->21403 21410->21403 21411->21403 21412->21403 21414 998d588 21413->21414 21415 998d5aa 21414->21415 21416 998dfd9 2 API calls 21414->21416 21417 998dbdb 2 API calls 21414->21417 21418 998da7d 2 API calls 21414->21418 21419 998dc51 2 API calls 21414->21419 21420 998e136 2 API calls 21414->21420 21421 998dc29 2 API calls 21414->21421 21422 998e04b 2 API calls 21414->21422 21423 998dc8c 2 API calls 21414->21423 21424 998dccd 2 API calls 21414->21424 21425 998d9a1 2 API calls 21414->21425 21426 998dba2 4 API calls 21414->21426 21427 998daa7 2 API calls 21414->21427 21428 998df47 2 API calls 21414->21428 21415->21376 21416->21415 21417->21415 21418->21415 21419->21415 21420->21415 21421->21415 21422->21415 21423->21415 21424->21415 21425->21415 21426->21415 21427->21415 21428->21415 21430 998dfdf 21429->21430 21496 998c268 21430->21496 21500 998c264 21430->21500 21431 998dc73 21431->21386 21435 998e47a 21434->21435 21504 998c318 21435->21504 21508 998c313 21435->21508 21436 998d970 21436->21386 21440 998daad 21439->21440 21441 998d970 21440->21441 21512 998c738 21440->21512 21516 998c72c 21440->21516 21441->21386 21447 998c318 Wow64SetThreadContext 21444->21447 21448 998c313 Wow64SetThreadContext 21444->21448 21445 998dbbc 21449 998c268 ResumeThread 21445->21449 21450 998c264 ResumeThread 21445->21450 21446 998dc73 21446->21386 21447->21445 21448->21445 21449->21446 21450->21446 21452 998d9b7 21451->21452 21454 998c738 CreateProcessA 21452->21454 21455 998c72c CreateProcessA 21452->21455 21453 998d970 21453->21386 21454->21453 21455->21453 21457 998dcd3 21456->21457 21459 998c268 ResumeThread 21457->21459 21460 998c264 ResumeThread 21457->21460 21458 998dc73 21458->21386 21459->21458 21460->21458 21520 998c598 21461->21520 21524 998c5a0 21461->21524 21462 998dbee 21462->21461 21463 998d970 21462->21463 21463->21386 21468 998dff0 21466->21468 21467 998e1bc 21467->21386 21468->21467 21470 998c268 ResumeThread 21468->21470 21471 998c264 ResumeThread 21468->21471 21469 998dc73 21469->21386 21470->21469 21471->21469 21473 998dc2f 21472->21473 21528 998c4ae 21473->21528 21532 998c4b0 21473->21532 21474 998e3cf 21479 998c4ae WriteProcessMemory 21477->21479 21480 998c4b0 WriteProcessMemory 21477->21480 21478 998e164 21479->21478 21480->21478 21482 998e3ee 21481->21482 21536 998c3ec 21482->21536 21540 998c3f0 21482->21540 21483 998e40c 21487 998d9a5 21486->21487 21489 998c738 CreateProcessA 21487->21489 21490 998c72c CreateProcessA 21487->21490 21488 998d970 21488->21386 21489->21488 21490->21488 21492 998dbe8 21491->21492 21494 998c4ae WriteProcessMemory 21492->21494 21495 998c4b0 WriteProcessMemory 21492->21495 21493 998e363 21494->21493 21495->21493 21497 998c2a8 ResumeThread 21496->21497 21499 998c2d9 21497->21499 21499->21431 21501 998c268 ResumeThread 21500->21501 21503 998c2d9 21501->21503 21503->21431 21505 998c35d Wow64SetThreadContext 21504->21505 21507 998c3a5 21505->21507 21507->21436 21509 998c35d Wow64SetThreadContext 21508->21509 21511 998c3a5 21509->21511 21511->21436 21513 998c7c1 CreateProcessA 21512->21513 21515 998c983 21513->21515 21517 998c738 CreateProcessA 21516->21517 21519 998c983 21517->21519 21521 998c5a0 ReadProcessMemory 21520->21521 21523 998c62f 21521->21523 21523->21462 21525 998c5eb ReadProcessMemory 21524->21525 21527 998c62f 21525->21527 21527->21462 21529 998c4b0 WriteProcessMemory 21528->21529 21531 998c54f 21529->21531 21531->21474 21533 998c4f8 WriteProcessMemory 21532->21533 21535 998c54f 21533->21535 21535->21474 21537 998c3f0 VirtualAllocEx 21536->21537 21539 998c46d 21537->21539 21539->21483 21541 998c430 VirtualAllocEx 21540->21541 21543 998c46d 21541->21543 21543->21483
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: PM/|
                    • API String ID: 0-3651455831
                    • Opcode ID: 90478e682213db2f6ac1fcbf09ba4d7ac9f6cd6fbbfd95789c17984853fd6391
                    • Instruction ID: c07819a55a2928f4f0a251f17d78c5f6027ccdcfe2cc872a0b31ec749a0414dd
                    • Opcode Fuzzy Hash: 90478e682213db2f6ac1fcbf09ba4d7ac9f6cd6fbbfd95789c17984853fd6391
                    • Instruction Fuzzy Hash: DAD106B4E05629CFCB58CFA9D94469DFBB2FF89240F2081AAD419E7754DB349942CF10
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: PM/|
                    • API String ID: 0-3651455831
                    • Opcode ID: 5488fc34bc14408ed3b4cc3cd82fc0465f900d61667717bab9b44658d2f22cc2
                    • Instruction ID: e7ee1524535f9912787af461f698985446b8a55abd21255493390af249c812c1
                    • Opcode Fuzzy Hash: 5488fc34bc14408ed3b4cc3cd82fc0465f900d61667717bab9b44658d2f22cc2
                    • Instruction Fuzzy Hash: 54D106B4E01229DFCB58CFA9D94469DFBB2FF89240F2080AAD41AE7754DB349942CF14
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: _](
                    • API String ID: 0-2717989756
                    • Opcode ID: 2c83f0695e2373a502b9a58a0331f749a2bf7928e45f7e66a5dae5b14f381824
                    • Instruction ID: cd2b4f687d76eb315a70c6a1bac3470070d84acab029ab661e2cfaa87a8b3008
                    • Opcode Fuzzy Hash: 2c83f0695e2373a502b9a58a0331f749a2bf7928e45f7e66a5dae5b14f381824
                    • Instruction Fuzzy Hash: D3A1E3B4E002189FDB18DFAAD9846ADFBF2FF88350F14806AD519AB364DB345942CF50
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: _](
                    • API String ID: 0-2717989756
                    • Opcode ID: e50a6372b32afcc5e9be21fc90218ba546ceadff641094f8223f6316a20c99b1
                    • Instruction ID: 59543a08211b1a693fe1c812941f2ad8b4310078ae2b2c545ba0b9950ccad7d9
                    • Opcode Fuzzy Hash: e50a6372b32afcc5e9be21fc90218ba546ceadff641094f8223f6316a20c99b1
                    • Instruction Fuzzy Hash: 2CA1E574E002189FDB08DFAAD9946ADFBF2FF88350F14806AD519A7364DB745942CF50
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e3cffe868b9dcaa597ecc1cee9eab6256c5a0a6f6cede0390018b2f4ea867dd1
                    • Instruction ID: b9b21f0dd23c00ff37cfd8725506189384fb71d1aa58a9da17dd9e59776773cb
                    • Opcode Fuzzy Hash: e3cffe868b9dcaa597ecc1cee9eab6256c5a0a6f6cede0390018b2f4ea867dd1
                    • Instruction Fuzzy Hash: 70328C71B012049FEB18EB75C550BAEB7FAAF88700F2454ADE14ADB7A0DB35D905CB90
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 48713d34c429251a79d7bb929d7257f5c0a161a40e70089fa634385fb4702720
                    • Instruction ID: 694cd81509dbacb55c6abd716c9d5bdee9816b3572d1936efeb62d678879697f
                    • Opcode Fuzzy Hash: 48713d34c429251a79d7bb929d7257f5c0a161a40e70089fa634385fb4702720
                    • Instruction Fuzzy Hash: F6E1BC70E08205CFE724EFA8D8417ABBBB5FB45300F14896EE596EB391D7349846CB52
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cd6915f8d93fce9b67c473ded852497d98be6eb3eaf3f846b094b1382e93ad4c
                    • Instruction ID: 15d18edca3f0bc7abb0c14146844e7c83d72511a1066a0e1b14e413eb34bd89c
                    • Opcode Fuzzy Hash: cd6915f8d93fce9b67c473ded852497d98be6eb3eaf3f846b094b1382e93ad4c
                    • Instruction Fuzzy Hash: 2F910374E152198FCB08CFAAC9846DEFBB2BF89310F24806AD429BB255D7349945CF14
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6ff3a2d33a3938e4078f0784556a6ada762fa221c0a40913438b7ea32e533e98
                    • Instruction ID: 7b75dd11a31cf0ece3dc53cf8095a6e71b0a30cbe04aaf380a426ffac6c2b157
                    • Opcode Fuzzy Hash: 6ff3a2d33a3938e4078f0784556a6ada762fa221c0a40913438b7ea32e533e98
                    • Instruction Fuzzy Hash: C691E474E112198FDB08CFAAC9846DEFBB2BF88310F24942AD429BB355D7349945CF54
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: aa670340ecba12df8039bd1eb997a37a4efd929cd333fab6d201a9dea2d0654c
                    • Instruction ID: d2fb0bac30d80acbdce7dd22ebf6b074ddb771412eb8a2f1b39179015a6621d5
                    • Opcode Fuzzy Hash: aa670340ecba12df8039bd1eb997a37a4efd929cd333fab6d201a9dea2d0654c
                    • Instruction Fuzzy Hash: 0E612870E05319DFEB58DFAAC84079EFBB2BF89200F14D4AAC509AB254D7304A85CF55
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cfce2edcb97256e9458061ad8c7394a8e7992bc39baa4913d146f938130ae993
                    • Instruction ID: d56f5c8b5d7e397b43bdf1d4ff38da4ac2e39d9732fbde44fabeb0c9180c0290
                    • Opcode Fuzzy Hash: cfce2edcb97256e9458061ad8c7394a8e7992bc39baa4913d146f938130ae993
                    • Instruction Fuzzy Hash: 7A513770E1421ADFDB08CFAAD9406AEFBF2EF89310F24D06AD419A7255D7344A42CF94
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b2c59ffa89a06aa54a9088c0a2620358f23eb928f43824cb4c0ceff582128bd5
                    • Instruction ID: 10e31d908a0e8c8efae2b625926c4da8b2c0ef6cbc253f1ed5de3283ba3d02a1
                    • Opcode Fuzzy Hash: b2c59ffa89a06aa54a9088c0a2620358f23eb928f43824cb4c0ceff582128bd5
                    • Instruction Fuzzy Hash: 0A31F775E012188BDB18CFA6D9406DEFBF2AFC9310F14C06AD409AB368DB355A86CF50
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0eb8da805862c8b86af4e4b137ea5689b19980140977c6e9ad82abe82f3eb7e0
                    • Instruction ID: 8c591527ca721af58c30a176ae767dd099aa53c2feda72f90c6632ca69d7d51e
                    • Opcode Fuzzy Hash: 0eb8da805862c8b86af4e4b137ea5689b19980140977c6e9ad82abe82f3eb7e0
                    • Instruction Fuzzy Hash: AF214738809218CFCB20EF50C458BF9BBB8FB4A355F04949AD40EA72D2C3359A85CF10

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 290 998c72c-998c7cd 293 998c7cf-998c7d9 290->293 294 998c806-998c826 290->294 293->294 295 998c7db-998c7dd 293->295 299 998c828-998c832 294->299 300 998c85f-998c88e 294->300 297 998c7df-998c7e9 295->297 298 998c800-998c803 295->298 301 998c7eb 297->301 302 998c7ed-998c7fc 297->302 298->294 299->300 304 998c834-998c836 299->304 308 998c890-998c89a 300->308 309 998c8c7-998c981 CreateProcessA 300->309 301->302 302->302 303 998c7fe 302->303 303->298 305 998c838-998c842 304->305 306 998c859-998c85c 304->306 310 998c844 305->310 311 998c846-998c855 305->311 306->300 308->309 312 998c89c-998c89e 308->312 322 998c98a-998ca10 309->322 323 998c983-998c989 309->323 310->311 311->311 313 998c857 311->313 314 998c8a0-998c8aa 312->314 315 998c8c1-998c8c4 312->315 313->306 317 998c8ac 314->317 318 998c8ae-998c8bd 314->318 315->309 317->318 318->318 319 998c8bf 318->319 319->315 333 998ca20-998ca24 322->333 334 998ca12-998ca16 322->334 323->322 335 998ca34-998ca38 333->335 336 998ca26-998ca2a 333->336 334->333 337 998ca18 334->337 339 998ca48-998ca4c 335->339 340 998ca3a-998ca3e 335->340 336->335 338 998ca2c 336->338 337->333 338->335 342 998ca5e-998ca65 339->342 343 998ca4e-998ca54 339->343 340->339 341 998ca40 340->341 341->339 344 998ca7c 342->344 345 998ca67-998ca76 342->345 343->342 346 998ca7d 344->346 345->344 346->346
                    APIs
                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0998C96E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: CreateProcess
                    • String ID:
                    • API String ID: 963392458-0
                    • Opcode ID: 340bf752f86adebe2e28db1e8a57bd003e6526fb2f86047953e5321b0fede00e
                    • Instruction ID: 7cfd3e86e2b5d55edd2e0117f3c7e1911632af7e1974e37366bbc781287509d0
                    • Opcode Fuzzy Hash: 340bf752f86adebe2e28db1e8a57bd003e6526fb2f86047953e5321b0fede00e
                    • Instruction Fuzzy Hash: F4A17D71D003599FEB24DF68C841BDEBBB6BF44310F1485A9E888E7240EB759985CFA1

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 348 998c738-998c7cd 350 998c7cf-998c7d9 348->350 351 998c806-998c826 348->351 350->351 352 998c7db-998c7dd 350->352 356 998c828-998c832 351->356 357 998c85f-998c88e 351->357 354 998c7df-998c7e9 352->354 355 998c800-998c803 352->355 358 998c7eb 354->358 359 998c7ed-998c7fc 354->359 355->351 356->357 361 998c834-998c836 356->361 365 998c890-998c89a 357->365 366 998c8c7-998c981 CreateProcessA 357->366 358->359 359->359 360 998c7fe 359->360 360->355 362 998c838-998c842 361->362 363 998c859-998c85c 361->363 367 998c844 362->367 368 998c846-998c855 362->368 363->357 365->366 369 998c89c-998c89e 365->369 379 998c98a-998ca10 366->379 380 998c983-998c989 366->380 367->368 368->368 370 998c857 368->370 371 998c8a0-998c8aa 369->371 372 998c8c1-998c8c4 369->372 370->363 374 998c8ac 371->374 375 998c8ae-998c8bd 371->375 372->366 374->375 375->375 376 998c8bf 375->376 376->372 390 998ca20-998ca24 379->390 391 998ca12-998ca16 379->391 380->379 392 998ca34-998ca38 390->392 393 998ca26-998ca2a 390->393 391->390 394 998ca18 391->394 396 998ca48-998ca4c 392->396 397 998ca3a-998ca3e 392->397 393->392 395 998ca2c 393->395 394->390 395->392 399 998ca5e-998ca65 396->399 400 998ca4e-998ca54 396->400 397->396 398 998ca40 397->398 398->396 401 998ca7c 399->401 402 998ca67-998ca76 399->402 400->399 403 998ca7d 401->403 402->401 403->403
                    APIs
                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0998C96E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: CreateProcess
                    • String ID:
                    • API String ID: 963392458-0
                    • Opcode ID: 84dc45384ebcffea25d6019cd8e0b8bf6300d41efd3adb042d4c9b73dd22dbf5
                    • Instruction ID: eb696548f618157d2cbf5f3e3bba4807c483fa790dc37ba1d433044384a07da6
                    • Opcode Fuzzy Hash: 84dc45384ebcffea25d6019cd8e0b8bf6300d41efd3adb042d4c9b73dd22dbf5
                    • Instruction Fuzzy Hash: 5F917C71D003599FEF24DF68C841BDEBBB6BF44310F1485A9E888A7240EB759985CFA1

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 405 998c4ae-998c4fe 408 998c50e-998c54d WriteProcessMemory 405->408 409 998c500-998c50c 405->409 411 998c54f-998c555 408->411 412 998c556-998c586 408->412 409->408 411->412
                    APIs
                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0998C540
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: MemoryProcessWrite
                    • String ID:
                    • API String ID: 3559483778-0
                    • Opcode ID: 5b98aa494b8aaad33b4b2bbb73f018792ff9a3173757049c4e12c16051e450d8
                    • Instruction ID: 796d11afaa2e0375d472b734b4ba72d6c869f7defc4108dcb3e5e31e768233bd
                    • Opcode Fuzzy Hash: 5b98aa494b8aaad33b4b2bbb73f018792ff9a3173757049c4e12c16051e450d8
                    • Instruction Fuzzy Hash: 782146B19003599FDF10DFAAC880BDEBBF5FF48310F10882AE959A7240D7789955CBA4

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 416 998c4b0-998c4fe 418 998c50e-998c54d WriteProcessMemory 416->418 419 998c500-998c50c 416->419 421 998c54f-998c555 418->421 422 998c556-998c586 418->422 419->418 421->422
                    APIs
                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0998C540
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: MemoryProcessWrite
                    • String ID:
                    • API String ID: 3559483778-0
                    • Opcode ID: fb7dcda74678345f65ccd8a2bd1d93a49326ef852f6df306c1178b49f2c2bb73
                    • Instruction ID: 2da21b0be53295a7c41a15588fd05339acaa09aa24a3c57366e5dbcd06a5e823
                    • Opcode Fuzzy Hash: fb7dcda74678345f65ccd8a2bd1d93a49326ef852f6df306c1178b49f2c2bb73
                    • Instruction Fuzzy Hash: 592126B19003499FDF10DFAAC881BDEBBF5FF48310F108829E959A7240D7799955CBA4

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 426 998c598-998c62d ReadProcessMemory 430 998c62f-998c635 426->430 431 998c636-998c666 426->431 430->431
                    APIs
                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0998C620
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: MemoryProcessRead
                    • String ID:
                    • API String ID: 1726664587-0
                    • Opcode ID: 217463a712f59f9987b0a72e100ad8ff6783c594bfb7360012069f9a3ca06426
                    • Instruction ID: 2a998d83fad8c5685355918125f05d1965a65a2d311f46b0c352875c41f329e8
                    • Opcode Fuzzy Hash: 217463a712f59f9987b0a72e100ad8ff6783c594bfb7360012069f9a3ca06426
                    • Instruction Fuzzy Hash: ED2139B1D003499FDB10DFAAD8817EEBBF5FF48320F10842AE958A7240D7799951CBA4

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 445 998c318-998c363 447 998c373-998c3a3 Wow64SetThreadContext 445->447 448 998c365-998c371 445->448 450 998c3ac-998c3dc 447->450 451 998c3a5-998c3ab 447->451 448->447 451->450
                    APIs
                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0998C396
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: ContextThreadWow64
                    • String ID:
                    • API String ID: 983334009-0
                    • Opcode ID: 581f8e8d951c3561eda49e838d42c00292634c9a919dc6fb3686d11a88018a92
                    • Instruction ID: 9a4db797a8797d8dd5400f991206cbed59938c1757bed2c54a7ef7d258ef46de
                    • Opcode Fuzzy Hash: 581f8e8d951c3561eda49e838d42c00292634c9a919dc6fb3686d11a88018a92
                    • Instruction Fuzzy Hash: 76211571D003098FDB10DFAAC4857EEBBF4EF48320F14842AD559A7241DB79A945CFA5

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 435 998c313-998c363 437 998c373-998c3a3 Wow64SetThreadContext 435->437 438 998c365-998c371 435->438 440 998c3ac-998c3dc 437->440 441 998c3a5-998c3ab 437->441 438->437 441->440
                    APIs
                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0998C396
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: ContextThreadWow64
                    • String ID:
                    • API String ID: 983334009-0
                    • Opcode ID: 692189861f5a809bf1a834a789a9b7b59f3dc629dd21babf59bd0f694274a87f
                    • Instruction ID: e9c0a33d2cd40c95c74d953423086acac7e76d00e87fde8f709f834a2d5aad90
                    • Opcode Fuzzy Hash: 692189861f5a809bf1a834a789a9b7b59f3dc629dd21babf59bd0f694274a87f
                    • Instruction Fuzzy Hash: 0B2123B1D003098FDB14DFAAC4857EEBBF4EB88310F14842EE959A7240D7799946CFA5

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 455 998c5a0-998c62d ReadProcessMemory 458 998c62f-998c635 455->458 459 998c636-998c666 455->459 458->459
                    APIs
                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0998C620
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: MemoryProcessRead
                    • String ID:
                    • API String ID: 1726664587-0
                    • Opcode ID: f21f3ed6bcda3e720850dbe62ff72f0be0c46d67b6ecb67c770c882389fef2bb
                    • Instruction ID: 46f1ee8a96bf0340f189658f07969cf2f7b8280a991e2155e8aea9c4a10d9466
                    • Opcode Fuzzy Hash: f21f3ed6bcda3e720850dbe62ff72f0be0c46d67b6ecb67c770c882389fef2bb
                    • Instruction Fuzzy Hash: F32116B1D003499FDB10DFAAC880BEEBBF5FF48310F108429E958A7240D7799951CBA4

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 463 998c3ec-998c46b VirtualAllocEx 467 998c46d-998c473 463->467 468 998c474-998c499 463->468 467->468
                    APIs
                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0998C45E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: 7a100634501d4225b0d0415e4fcd154c2cb1958e8b9a42f0f7ffac9cb3e64e41
                    • Instruction ID: 9acd90329e914ed76b89f4e5710ef259f59df8d021c53ca6e318e745391a9b61
                    • Opcode Fuzzy Hash: 7a100634501d4225b0d0415e4fcd154c2cb1958e8b9a42f0f7ffac9cb3e64e41
                    • Instruction Fuzzy Hash: 511189728003088FDB20DFAAC840BEFBBF9EF48310F108819E555A7250D7759955CFA0

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 472 998c3f0-998c46b VirtualAllocEx 475 998c46d-998c473 472->475 476 998c474-998c499 472->476 475->476
                    APIs
                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0998C45E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: 1a70087f8c763d557035893ed053eb9d54702b5da393c94b1309ab5532db0b36
                    • Instruction ID: a71d184a30086fe4c78adce51e59ec72818447dcb22a0e8504d1b5c72d7e66e1
                    • Opcode Fuzzy Hash: 1a70087f8c763d557035893ed053eb9d54702b5da393c94b1309ab5532db0b36
                    • Instruction Fuzzy Hash: 0B1167729003488FDB20DFAAC844BEFBBF5EF48320F148819E555A7250C779A951CFA4

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 480 998c264-998c2d7 ResumeThread 484 998c2d9-998c2df 480->484 485 998c2e0-998c305 480->485 484->485
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: ResumeThread
                    • String ID:
                    • API String ID: 947044025-0
                    • Opcode ID: 409020018cf6f322685e1aaf4095e82a9c30c8de8609ba5d1d9664e411d88a63
                    • Instruction ID: eac36dd07ee0e0ccb3e90a04724ad6309be1a62afd2decaeb1777f0023886ad5
                    • Opcode Fuzzy Hash: 409020018cf6f322685e1aaf4095e82a9c30c8de8609ba5d1d9664e411d88a63
                    • Instruction Fuzzy Hash: 711104B19003498FDB20DFAAC44579EBBF9AB88220F248819D559A7240D679A945CBA4

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 489 2b2f218-2b2f264 491 2b2f2b2-2b2f2cb 489->491 492 2b2f266-2b2f28e KiUserCallbackDispatcher 489->492 493 2b2f290-2b2f296 492->493 494 2b2f297-2b2f2ab 492->494 493->494 494->491
                    APIs
                    • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 02B2F27D
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: CallbackDispatcherUser
                    • String ID:
                    • API String ID: 2492992576-0
                    • Opcode ID: 2d9cf6589e372c9601aba5592eca5c3d19c34200bdfad1f6b737abb272b663c5
                    • Instruction ID: 9c91a923077e70faaa44d6047dab266dd0dfd1259d2d9f9c2163693d1c5b624f
                    • Opcode Fuzzy Hash: 2d9cf6589e372c9601aba5592eca5c3d19c34200bdfad1f6b737abb272b663c5
                    • Instruction Fuzzy Hash: 6D11C4B5805398CFDB10CF99C1053EEBFF4EB05314F148499D99AA7642C3795A14CFA5

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 496 998c268-998c2d7 ResumeThread 499 998c2d9-998c2df 496->499 500 998c2e0-998c305 496->500 499->500
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: ResumeThread
                    • String ID:
                    • API String ID: 947044025-0
                    • Opcode ID: 0187917ed5c8b5d49199f0d62d281efa056d533188603a3c47039f6afee68e6d
                    • Instruction ID: dc75ccd76e79ffa0d09fdfb5f9069d8554cb2cbc06da71736ca05d4e5c9cbab9
                    • Opcode Fuzzy Hash: 0187917ed5c8b5d49199f0d62d281efa056d533188603a3c47039f6afee68e6d
                    • Instruction Fuzzy Hash: D51128B1D003498FDB20DFAAC44579EFBF5EB48320F148819D559A7240D679A945CBA4
                    APIs
                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 0998EAC5
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: MessagePost
                    • String ID:
                    • API String ID: 410705778-0
                    • Opcode ID: 5ff61d0a8d5e1a35f2d2abede6af558cfb9c74213f34282eeed4fa0a14aec966
                    • Instruction ID: a9ed23462fb0a61a9ef70df44f18f1183bc9e7bc1d28746c8f74684fbb953181
                    • Opcode Fuzzy Hash: 5ff61d0a8d5e1a35f2d2abede6af558cfb9c74213f34282eeed4fa0a14aec966
                    • Instruction Fuzzy Hash: 341106B5800349DFDB10DF9AD445BDEBBF8FB48310F108819E925A7600D375A944CFA5
                    Memory Dump Source
                    • Source File: 00000000.00000002.1346647170.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_110d000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 88e27befda27c5e0505bf798c3c0e771faebc5e28c3ee9a03d92612da82ebd4c
                    • Instruction ID: f00576874f8d03b0dc9bfa0f5bf3bc483d5a7be60310535c54ddc2c0db801db7
                    • Opcode Fuzzy Hash: 88e27befda27c5e0505bf798c3c0e771faebc5e28c3ee9a03d92612da82ebd4c
                    • Instruction Fuzzy Hash: CB2148B2904204DFDF0ADF94E8C0B56BF65FB84314F21C169E9094B687C3B6E456C7A2
                    Memory Dump Source
                    • Source File: 00000000.00000002.1346686883.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_111d000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: edcb919e11f2246a689980c38943b9e7811a27d4eca29d89d9ce1f13b8d4b7e4
                    • Instruction ID: 521523f64d988df6364eb5596e15e17903807be233c97a6542ea57dab86cd528
                    • Opcode Fuzzy Hash: edcb919e11f2246a689980c38943b9e7811a27d4eca29d89d9ce1f13b8d4b7e4
                    • Instruction Fuzzy Hash: 5B21F571504244EFDF09DF94E5C8B55FBA5FB84324F20C67DE9094B25AC336D446CA62
                    Memory Dump Source
                    • Source File: 00000000.00000002.1346686883.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_111d000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7e69c03523438dc0eb8cc5a06b38facba568f489256b49a4c83af58a99332892
                    • Instruction ID: a2ad7afc253da890ac380bc963860d96baf38292678ca850f44921feedf87d3d
                    • Opcode Fuzzy Hash: 7e69c03523438dc0eb8cc5a06b38facba568f489256b49a4c83af58a99332892
                    • Instruction Fuzzy Hash: A0212275604304EFDF19DF54E988B16FB65EB84314F20C5BDE80A4B28AC33AD847CA62
                    Memory Dump Source
                    • Source File: 00000000.00000002.1346647170.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_110d000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                    • Instruction ID: 123db5688da7f76a6fe4d28df8b2a8894efc320ad0ded40401919b05e8eece00
                    • Opcode Fuzzy Hash: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                    • Instruction Fuzzy Hash: 9511CD72804280CFCF06CF94D5C0B56BF71FB84314F24C6A9D8094BA56C336E456CBA2
                    Memory Dump Source
                    • Source File: 00000000.00000002.1346686883.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_111d000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                    • Instruction ID: f3b378cb168c6937db18c46a38c48af780673def911c4dbf416e6af6d5eaed5c
                    • Opcode Fuzzy Hash: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                    • Instruction Fuzzy Hash: C611BE75504280CFCB16CF58E5C4B15FB61FB44314F24C6A9D8094B65AC33AD44ACBA2
                    Memory Dump Source
                    • Source File: 00000000.00000002.1346686883.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_111d000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                    • Instruction ID: 82867f5121be5b2865379b679c9b5f68617958b7a405446c86581c10be8fcf84
                    • Opcode Fuzzy Hash: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                    • Instruction Fuzzy Hash: 3011BB75504280DFCB0ACF58D5C4B55FBA1FB84224F24C6A9D8494B69AC33AD40ACB62
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: 4;f4$ ;$ ;
                    • API String ID: 0-3816757831
                    • Opcode ID: f2af36eb3007e1959305ab32e35c0cefe431c796cfa15baf6fb67138b0802e4c
                    • Instruction ID: 1795af723eac4f2b156859187ee6f1bc24082543c754d56711ae9fe9ed08a7e1
                    • Opcode Fuzzy Hash: f2af36eb3007e1959305ab32e35c0cefe431c796cfa15baf6fb67138b0802e4c
                    • Instruction Fuzzy Hash: 95712674E1022A9FDB04CF95D580AEEFBB2FF89311F109569D915EB214C3349A85CF91
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: _8s$_8s
                    • API String ID: 0-309263179
                    • Opcode ID: 06ce2f648b14847ef70941ffb545f82e205e86b227f8bb59bab2fc6ee6aa5829
                    • Instruction ID: c44e439fc0a3e2556052e0d6c1f86338662cb3a8bf250640166ebb62ff596106
                    • Opcode Fuzzy Hash: 06ce2f648b14847ef70941ffb545f82e205e86b227f8bb59bab2fc6ee6aa5829
                    • Instruction Fuzzy Hash: 6951F474E04219CFCB18CFAAC9809EEFBF2FF89210F54946AD519BB214D3349A45CB64
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: _8s
                    • API String ID: 0-3505524079
                    • Opcode ID: 282a553d17eca6bc87dfc6be307895e5d6b6eef3d62b1c29faa4b3d02cbfd4eb
                    • Instruction ID: 04dff7835a6f2eb0f4912e01d6d999718f4267ae305e05aa4006902e336e2672
                    • Opcode Fuzzy Hash: 282a553d17eca6bc87dfc6be307895e5d6b6eef3d62b1c29faa4b3d02cbfd4eb
                    • Instruction Fuzzy Hash: A451D474E05219CFCB18CFAAC9819EEFBF2BF89210F64946AD519B7214D3309A45CB64
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7026f8aeca72e8924d2edb191d8c28605f67c8095ddf369606824361b5c95b54
                    • Instruction ID: 9c13da2318988e7f4e47299a0ae670515b36129ca6045b4dd002e35d39f1aa87
                    • Opcode Fuzzy Hash: 7026f8aeca72e8924d2edb191d8c28605f67c8095ddf369606824361b5c95b54
                    • Instruction Fuzzy Hash: 53E11B74E0021A9FDB14DFA9C580AAEFBB2FF49305F248169E454AB355D731AD42CFA0
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3760d9961d6bea8d673ce07936bb2669a2f08e98195af83073702cd5f1870684
                    • Instruction ID: eea722ae4ea491a1515023805af7596c02bf3a4468e66ec4d4d168027130e875
                    • Opcode Fuzzy Hash: 3760d9961d6bea8d673ce07936bb2669a2f08e98195af83073702cd5f1870684
                    • Instruction Fuzzy Hash: FBE1E874E0021A8FDB14DFA9C580AAEFBF6FF89305F248169E454AB355D731A942CF60
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 651f647aec60342d2292a6827b3b29ca93947e70460635e101691be9512bb886
                    • Instruction ID: 667b633852b84f1817b935f0a3160a6f0fd1a253e2fdbe334a89ee4414c84836
                    • Opcode Fuzzy Hash: 651f647aec60342d2292a6827b3b29ca93947e70460635e101691be9512bb886
                    • Instruction Fuzzy Hash: A9E12A74E012198FDB14DFA9C580AAEFBB2FF89305F24816AE404AB355D735AD42CF60
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 242a944ed1dede741903801b157c01ea5554e297910b0ff9b8695fd15e11fa43
                    • Instruction ID: d068f8449ee02d2976a38f5250efe19ddaee2cc57f6485c8cd36dd6dc4b3e02c
                    • Opcode Fuzzy Hash: 242a944ed1dede741903801b157c01ea5554e297910b0ff9b8695fd15e11fa43
                    • Instruction Fuzzy Hash: F5E11CB4E012198FDB14DFA8C580AAEFBB2FF89305F24816AD454AB355D734AD42DF60
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e91828a8308505cd4ce0966c7329b6b82d48b9a5a0b250e35def47b6c2185ea3
                    • Instruction ID: 8bdfb940f8f42cb281d51d456d329d670a5c60ccdfdd03946e29c394a1ae8e60
                    • Opcode Fuzzy Hash: e91828a8308505cd4ce0966c7329b6b82d48b9a5a0b250e35def47b6c2185ea3
                    • Instruction Fuzzy Hash: 61E11A74E0021A9FDB14DFA8C580AAEFBB2FF89305F248169D454AB355D735AD42CFA0
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f900242ea6a73bdd5455236cb1d14ac461be4afb2c167d36ac9505cdb6c46c46
                    • Instruction ID: 28fa9148e4bc63440b8c4f6b049cc1b5208720fd698b547496e2ca08f7cc371c
                    • Opcode Fuzzy Hash: f900242ea6a73bdd5455236cb1d14ac461be4afb2c167d36ac9505cdb6c46c46
                    • Instruction Fuzzy Hash: 56510974E0021A8FDB14DFA9C5805AEBBF6BF89300F248169D418AB356D7359942CFA1
                    Memory Dump Source
                    • Source File: 00000000.00000002.1368319803.0000000009980000.00000040.00000800.00020000.00000000.sdmp, Offset: 09980000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_9980000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5413df72b86ae0ef0b8f1e4a85aa0d664730f830badc82277a8589b0382ec597
                    • Instruction ID: 5b494cf62f9bea2161920960d3a281596ce74f4c44d9a691fdd2766ed33b100a
                    • Opcode Fuzzy Hash: 5413df72b86ae0ef0b8f1e4a85aa0d664730f830badc82277a8589b0382ec597
                    • Instruction Fuzzy Hash: B0511974E1021A8FDB14DFA9C5806AEFBF2BF89300F24C16AD408A7356D7359942CFA1
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ed0ddc9e75833b79cc5473abca9d98903573faa14cde7c316990fd3c557d2f3c
                    • Instruction ID: 1ab229289f10288283c4ed4640f709c0d3e78d4946996deddc3b492af3068572
                    • Opcode Fuzzy Hash: ed0ddc9e75833b79cc5473abca9d98903573faa14cde7c316990fd3c557d2f3c
                    • Instruction Fuzzy Hash: 0D4108B0D0161ADBCB18CFA9C5815AEFBF2FB89310F64C46AC419B7254E7309A45CB94
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dafd462fc3684d4d04befa8fa0560f9748fa95fa24240ffe6aaab4a7eaa7741f
                    • Instruction ID: 756ad1b81ce056e5161ec0803ae8cea37603af3dc9846c963b135877bb9750c6
                    • Opcode Fuzzy Hash: dafd462fc3684d4d04befa8fa0560f9748fa95fa24240ffe6aaab4a7eaa7741f
                    • Instruction Fuzzy Hash: 0F4108B0D0561ADBCB08CFA9C5815AEFBF2EB89310F64D469C419B7214E7349A45CB94
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a24149de3e070d293eec96c985743aefea4bedbcd5418471b99d43f85bda83e6
                    • Instruction ID: 50f0c2aa529eb726b112419d121467c6d710680c87cc59e6b6b51c0077d92a28
                    • Opcode Fuzzy Hash: a24149de3e070d293eec96c985743aefea4bedbcd5418471b99d43f85bda83e6
                    • Instruction Fuzzy Hash: 5C41E870E0161ADFDB58CFAAC4809AEFBF2FB88300F54C46AD819A7254D7349A55CF94
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 33b9b949453fdecfaf1cc335f921bdb27632c7bdb7d73c4eb33003436dfe50e2
                    • Instruction ID: 92e1d91ca25821e2a844170f881a1555542a04c37122233619d045508ef334e9
                    • Opcode Fuzzy Hash: 33b9b949453fdecfaf1cc335f921bdb27632c7bdb7d73c4eb33003436dfe50e2
                    • Instruction Fuzzy Hash: 5341E8B0E0161ADFCB18CFAAC4805EEFBF2BB88300F54C469D419A7254D7345A55CF94
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ea4f99300af3cb4a0cf5c1522e03744edf11049af69260b2bf5643e764935ffe
                    • Instruction ID: 7300dafd3ace282f52f360714312cc7fbe54268ef8e310f7085d618c2e6d71b6
                    • Opcode Fuzzy Hash: ea4f99300af3cb4a0cf5c1522e03744edf11049af69260b2bf5643e764935ffe
                    • Instruction Fuzzy Hash: E0414A74E06319CFDB54DFAAC58069EFBB2EF99200F14D899C149B7215D3309985CF54
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8bc621c419a2dc8cf8206445c419f716f91aa4084ef4f1165d03e98cf637a428
                    • Instruction ID: 3626604fa83d32c70419cecead8423a21d86f92e6ae0404da133434a69b43f18
                    • Opcode Fuzzy Hash: 8bc621c419a2dc8cf8206445c419f716f91aa4084ef4f1165d03e98cf637a428
                    • Instruction Fuzzy Hash: BA318A74E06329CFDB54DFA9C58069EFBB2EF99200F10E89AC14AB7215D3309986CF54
                    Memory Dump Source
                    • Source File: 00000000.00000002.1347015936.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2b20000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8ffb8ec290a1b14cd25fa80a6ee28ee055684440fe3a668e47f921f5300dc1b8
                    • Instruction ID: c994611ab13855550d20d432e96565813d0b106a9e9a16c8c9e551e2ea1a1125
                    • Opcode Fuzzy Hash: 8ffb8ec290a1b14cd25fa80a6ee28ee055684440fe3a668e47f921f5300dc1b8
                    • Instruction Fuzzy Hash: B2319C74E06329CFDB54DFA9C58069EFBB2EF98200F10D89AC14AB7215D3309985CF54

                    Execution Graph

                    Execution Coverage:0.8%
                    Dynamic/Decrypted Code Coverage:5.1%
                    Signature Coverage:9.3%
                    Total number of Nodes:118
                    Total number of Limit Nodes:15
                    execution_graph 93418 42fa63 93419 42fa73 93418->93419 93420 42fa79 93418->93420 93423 42eaa3 93420->93423 93422 42fa9f 93426 42cc63 93423->93426 93425 42eabb 93425->93422 93427 42cc7d 93426->93427 93428 42cc8b RtlAllocateHeap 93427->93428 93428->93425 93429 4250a3 93434 4250bc 93429->93434 93430 425149 93431 425104 93437 42e9c3 93431->93437 93434->93430 93434->93431 93435 425144 93434->93435 93436 42e9c3 RtlFreeHeap 93435->93436 93436->93430 93440 42cca3 93437->93440 93439 425114 93441 42ccbd 93440->93441 93442 42cccb RtlFreeHeap 93441->93442 93442->93439 93529 424d13 93530 424d2f 93529->93530 93531 424d57 93530->93531 93532 424d6b 93530->93532 93534 42c953 NtClose 93531->93534 93533 42c953 NtClose 93532->93533 93535 424d74 93533->93535 93536 424d60 93534->93536 93539 42eae3 RtlAllocateHeap 93535->93539 93538 424d7f 93539->93538 93540 42bfb3 93541 42bfcd 93540->93541 93544 1152df0 LdrInitializeThunk 93541->93544 93542 42bff2 93544->93542 93443 417b63 93445 417b87 93443->93445 93444 417b8e 93445->93444 93446 417bc3 LdrLoadDll 93445->93446 93447 417bda 93445->93447 93446->93447 93545 41a8f3 93546 41a90b 93545->93546 93548 41a962 93545->93548 93546->93548 93549 41e833 93546->93549 93550 41e859 93549->93550 93554 41e94d 93550->93554 93555 42fb93 93550->93555 93552 41e8eb 93553 42c003 LdrInitializeThunk 93552->93553 93552->93554 93553->93554 93554->93548 93556 42fb03 93555->93556 93557 42fb60 93556->93557 93558 42eaa3 RtlAllocateHeap 93556->93558 93557->93552 93559 42fb3d 93558->93559 93560 42e9c3 RtlFreeHeap 93559->93560 93560->93557 93561 414033 93565 414050 93561->93565 93563 4140ac 93564 4140b6 93565->93564 93566 41b773 RtlFreeHeap LdrInitializeThunk 93565->93566 93566->93563 93567 1152b60 LdrInitializeThunk 93448 4248a4 93449 4248c5 93448->93449 93452 42c953 93449->93452 93451 4248ec 93453 42c96d 93452->93453 93454 42c97b NtClose 93453->93454 93454->93451 93455 40192a 93457 40192e 93455->93457 93456 40198b 93457->93456 93460 42ff33 93457->93460 93458 401a50 93458->93458 93463 42e573 93460->93463 93464 42e599 93463->93464 93473 407403 93464->93473 93466 42e5af 93467 42e60b 93466->93467 93476 41b463 93466->93476 93467->93458 93469 42e5ce 93470 42e5e3 93469->93470 93471 42cce3 ExitProcess 93469->93471 93487 42cce3 93470->93487 93471->93470 93490 416823 93473->93490 93475 407410 93475->93466 93477 41b48f 93476->93477 93508 41b353 93477->93508 93480 41b4bc 93481 41b4c7 93480->93481 93484 42c953 NtClose 93480->93484 93481->93469 93482 41b4f0 93482->93469 93483 41b4d4 93483->93482 93485 42c953 NtClose 93483->93485 93484->93481 93486 41b4e6 93485->93486 93486->93469 93488 42cd00 93487->93488 93489 42cd11 ExitProcess 93488->93489 93489->93467 93491 416840 93490->93491 93493 416853 93491->93493 93494 42d393 93491->93494 93493->93475 93496 42d3ad 93494->93496 93495 42d3dc 93495->93493 93496->93495 93501 42c003 93496->93501 93499 42e9c3 RtlFreeHeap 93500 42d452 93499->93500 93500->93493 93502 42c01d 93501->93502 93505 1152c0a 93502->93505 93503 42c046 93503->93499 93506 1152c11 93505->93506 93507 1152c1f LdrInitializeThunk 93505->93507 93506->93503 93507->93503 93509 41b449 93508->93509 93510 41b36d 93508->93510 93509->93480 93509->93483 93514 42c093 93510->93514 93513 42c953 NtClose 93513->93509 93515 42c0b0 93514->93515 93518 11535c0 LdrInitializeThunk 93515->93518 93516 41b43d 93516->93513 93518->93516 93519 42502c 93520 425032 93519->93520 93521 42c953 NtClose 93520->93521 93523 425037 93520->93523 93522 42505c 93521->93522

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 18 417b63-417b7f 19 417b87-417b8c 18->19 20 417b82 call 42f5a3 18->20 21 417b92-417ba0 call 42fba3 19->21 22 417b8e-417b91 19->22 20->19 25 417bb0-417bc1 call 42e043 21->25 26 417ba2-417bad call 42fe43 21->26 31 417bc3-417bd7 LdrLoadDll 25->31 32 417bda-417bdd 25->32 26->25 31->32
                    APIs
                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417BD5
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_400000_wOBmA8bj8d.jbxd
                    Yara matches
                    Similarity
                    • API ID: Load
                    • String ID:
                    • API String ID: 2234796835-0
                    • Opcode ID: b799f33cdfcceec68cf2461573a55d2e37cccfb65537d172954ac166eadf2d1b
                    • Instruction ID: 122384901a9c5e31b0cbf47cd83ed5cb9323d92cb62f98cf8b450b2778bc3db3
                    • Opcode Fuzzy Hash: b799f33cdfcceec68cf2461573a55d2e37cccfb65537d172954ac166eadf2d1b
                    • Instruction Fuzzy Hash: D60171B1E0420DBBDF10DBE1DC42FDEB3789B14308F4081AAE90897241F639EB588B95

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 43 42c953-42c989 call 404643 call 42db53 NtClose
                    APIs
                    • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C984
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_400000_wOBmA8bj8d.jbxd
                    Yara matches
                    Similarity
                    • API ID: Close
                    • String ID:
                    • API String ID: 3535843008-0
                    • Opcode ID: 2f59229fe5a35477addfa38c4a351323b046b53500d51ab444dffaebc889c80f
                    • Instruction ID: a1a1041c0e6c1b94269db6ff4cf73d3451205fe7691f058a31b8fa4964ffe1e3
                    • Opcode Fuzzy Hash: 2f59229fe5a35477addfa38c4a351323b046b53500d51ab444dffaebc889c80f
                    • Instruction Fuzzy Hash: 2EE08676300614BBD510FA5ADC01F97775CEFC6714F404419FA4867341D675B91487F4

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 57 1152b60-1152b6c LdrInitializeThunk
                    APIs
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: bc70912eddb58c8ec84e8832b1057632a99781501895dcd1638683b48423bff5
                    • Instruction ID: 5b6eaa4235d127a0a004f47779db97b8bc6393253d11205d267b302e4d095d97
                    • Opcode Fuzzy Hash: bc70912eddb58c8ec84e8832b1057632a99781501895dcd1638683b48423bff5
                    • Instruction Fuzzy Hash: 179002A12025000341097158451461A400E97E0201B55C021E5015590DC62689A16225

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 59 1152df0-1152dfc LdrInitializeThunk
                    APIs
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: fcf7fdaa2ef7cd45eb9f741595c69ce5b49850ff75971f28490d6d02361d887f
                    • Instruction ID: 945bb15a9e74c9176f322739e3747e474a684fee1a2fe0f937942d665f812b3b
                    • Opcode Fuzzy Hash: fcf7fdaa2ef7cd45eb9f741595c69ce5b49850ff75971f28490d6d02361d887f
                    • Instruction Fuzzy Hash: 2D90027120150413D1157158460470B000D97D0241F95C412A4425558DD7578A62A221

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 58 1152c70-1152c7c LdrInitializeThunk
                    APIs
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: ac120ae0c5d8c836ca76579bdafcad31fb2f74cc5a9eca7aab3815da021f9923
                    • Instruction ID: f3bcd175eb350b559f734e37e3c7565396fb1128024c07278c9b7f29d6374982
                    • Opcode Fuzzy Hash: ac120ae0c5d8c836ca76579bdafcad31fb2f74cc5a9eca7aab3815da021f9923
                    • Instruction Fuzzy Hash: 5990027120158802D1147158850474E000997D0301F59C411A8425658DC79689A17221

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 60 11535c0-11535cc LdrInitializeThunk
                    APIs
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 28d3ee007b3dc78f8da78f8421c904dbc3b9e89cdaac4ae98e2d6c8542492bdb
                    • Instruction ID: 0ea91a6d57d86fa95667d3bf1f04059187b436ef6871522357c81edc32e0da84
                    • Opcode Fuzzy Hash: 28d3ee007b3dc78f8da78f8421c904dbc3b9e89cdaac4ae98e2d6c8542492bdb
                    • Instruction Fuzzy Hash: 3D90027160560402D1047158461470A100997D0201F65C411A4425568DC7968A6166A2

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 33 42cc63-42cca1 call 404643 call 42db53 RtlAllocateHeap
                    APIs
                    • RtlAllocateHeap.NTDLL(?,0041E8EB,?,?,00000000,?,0041E8EB,?,?,?), ref: 0042CC9C
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_400000_wOBmA8bj8d.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocateHeap
                    • String ID:
                    • API String ID: 1279760036-0
                    • Opcode ID: ac00b1638777126d2cea74cea7df9c0d5320b23dccd002bc6f264aef07eeb62c
                    • Instruction ID: 7c74d4e41703ecf2ac74f9d9b4895f51b419b40aa0f09aed774a1cc672b14946
                    • Opcode Fuzzy Hash: ac00b1638777126d2cea74cea7df9c0d5320b23dccd002bc6f264aef07eeb62c
                    • Instruction Fuzzy Hash: 3DE09AB22042187BCA14EF5AEC41F9B37ACEFC9710F004419FA08A7341D675BA108BB8

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 38 42cca3-42cce1 call 404643 call 42db53 RtlFreeHeap
                    APIs
                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,3777EA40,00000007,00000000,00000004,00000000,004173E4,000000F4), ref: 0042CCDC
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_400000_wOBmA8bj8d.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: b80920223b0d3d6ec0276f1483e88535983c36a14dc249cb946427c0f6602cca
                    • Instruction ID: 17ffdd14cf893de34d185b730fd02e884b2db9c7d9af60b921a6e04f82d44752
                    • Opcode Fuzzy Hash: b80920223b0d3d6ec0276f1483e88535983c36a14dc249cb946427c0f6602cca
                    • Instruction Fuzzy Hash: C8E06D712002047BC610EE49DC42F9B37ACEFC5714F004419F908A7341D674B9108AB8

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 48 42cce3-42cd1f call 404643 call 42db53 ExitProcess
                    APIs
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911238603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_400000_wOBmA8bj8d.jbxd
                    Yara matches
                    Similarity
                    • API ID: ExitProcess
                    • String ID:
                    • API String ID: 621844428-0
                    • Opcode ID: e5ead24424c220527bba2a4c9ff2b6f981b37aac09ced8e85fba16840dc346b3
                    • Instruction ID: db584931667c167d052b57122e12c945e868705e8a3680be29b3f7ccc7343bef
                    • Opcode Fuzzy Hash: e5ead24424c220527bba2a4c9ff2b6f981b37aac09ced8e85fba16840dc346b3
                    • Instruction Fuzzy Hash: 49E04F356442147BC610AA5ADC01F9B775CEBC5754F414419FA0CA7241D675791187E4

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 53 1152c0a-1152c0f 54 1152c11-1152c18 53->54 55 1152c1f-1152c26 LdrInitializeThunk 53->55
                    APIs
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 862d2e00b54952e649897569a7ab2fad74c36f8df576f96cc91bc6f63b0648b9
                    • Instruction ID: 775a4f7fb2e93a96f8d9df3b689a9b457a25d286df91556b084168dbfbe86990
                    • Opcode Fuzzy Hash: 862d2e00b54952e649897569a7ab2fad74c36f8df576f96cc91bc6f63b0648b9
                    • Instruction Fuzzy Hash: 67B09B729015C5C5DB55E764470871B790477D0701F25C061D6130641F4739C1D1E275
                    Strings
                    • *** An Access Violation occurred in %ws:%s, xrefs: 011C8F3F
                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 011C8FEF
                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 011C8DA3
                    • The instruction at %p referenced memory at %p., xrefs: 011C8EE2
                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 011C8F2D
                    • *** enter .cxr %p for the context, xrefs: 011C8FBD
                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 011C8DC4
                    • *** Inpage error in %ws:%s, xrefs: 011C8EC8
                    • *** then kb to get the faulting stack, xrefs: 011C8FCC
                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 011C8E86
                    • *** enter .exr %p for the exception record, xrefs: 011C8FA1
                    • The instruction at %p tried to %s , xrefs: 011C8F66
                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 011C8D8C
                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 011C8DB5
                    • Go determine why that thread has not released the critical section., xrefs: 011C8E75
                    • This failed because of error %Ix., xrefs: 011C8EF6
                    • write to, xrefs: 011C8F56
                    • The resource is owned exclusively by thread %p, xrefs: 011C8E24
                    • an invalid address, %p, xrefs: 011C8F7F
                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 011C8F34
                    • read from, xrefs: 011C8F5D, 011C8F62
                    • a NULL pointer, xrefs: 011C8F90
                    • *** Resource timeout (%p) in %ws:%s, xrefs: 011C8E02
                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 011C8F26
                    • The critical section is owned by thread %p., xrefs: 011C8E69
                    • The resource is owned shared by %d threads, xrefs: 011C8E2E
                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 011C8E3F
                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 011C8DD3
                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 011C8E4B
                    • <unknown>, xrefs: 011C8D2E, 011C8D81, 011C8E00, 011C8E49, 011C8EC7, 011C8F3E
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                    • API String ID: 0-108210295
                    • Opcode ID: 1a3309aa46388133365335ada0e5a3ef935d2cf4d50ef18882b4e6e450935d99
                    • Instruction ID: 4b8daf8154181c3091fe1c8bcfc49746e3622c570a680ba1652030b3999409bb
                    • Opcode Fuzzy Hash: 1a3309aa46388133365335ada0e5a3ef935d2cf4d50ef18882b4e6e450935d99
                    • Instruction Fuzzy Hash: 7181D475A40216BFDB1E9A198C85F6B3F35EB66F54F05008CF214AF192E3B18852CA63
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-2160512332
                    • Opcode ID: 72b268f614786a935b6d002a25b42da61fe7000b300d23817009e10c82f272e6
                    • Instruction ID: 4409f6d4ce749cc8de424cd17c4a0156074efd1098514c073c115887008f6ac5
                    • Opcode Fuzzy Hash: 72b268f614786a935b6d002a25b42da61fe7000b300d23817009e10c82f272e6
                    • Instruction Fuzzy Hash: C4929E71604342AFEB29CF29C880F6BB7E8BB84754F04492DFAA5D7251D774E844CB92
                    Strings
                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0118540A, 01185496, 01185519
                    • Invalid debug info address of this critical section, xrefs: 011854B6
                    • Address of the debug info found in the active list., xrefs: 011854AE, 011854FA
                    • corrupted critical section, xrefs: 011854C2
                    • Critical section address., xrefs: 01185502
                    • Thread is in a state in which it cannot own a critical section, xrefs: 01185543
                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011854CE
                    • double initialized or corrupted critical section, xrefs: 01185508
                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011854E2
                    • Critical section address, xrefs: 01185425, 011854BC, 01185534
                    • 8, xrefs: 011852E3
                    • Thread identifier, xrefs: 0118553A
                    • undeleted critical section in freed memory, xrefs: 0118542B
                    • Critical section debug info address, xrefs: 0118541F, 0118552E
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                    • API String ID: 0-2368682639
                    • Opcode ID: 49e910a31329e91d038022643859fe49ff592c36e1f8d251279c30722468bb9a
                    • Instruction ID: d1f6b90d3c12e204f70f61ac4ccc46c74fe5bb3ca2152cfd5184e4914c33adea
                    • Opcode Fuzzy Hash: 49e910a31329e91d038022643859fe49ff592c36e1f8d251279c30722468bb9a
                    • Instruction Fuzzy Hash: 0981A2B1A40348EFDB69CF99C845BAEBBB5FB04B04F10811EF644BB650D371A941CB50
                    Strings
                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011822E4
                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01182412
                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01182624
                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011824C0
                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 0118261F
                    • @, xrefs: 0118259B
                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011825EB
                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01182602
                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01182506
                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01182498
                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01182409
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                    • API String ID: 0-4009184096
                    • Opcode ID: 4f2b29edd37816ef34a62add80ed52446b587b7b1e100ce11f3081beac5e6b97
                    • Instruction ID: 1fb3172bc13a4ed3f67f2d2d9c01227b32c33a747eb1e604df8229f14a96950a
                    • Opcode Fuzzy Hash: 4f2b29edd37816ef34a62add80ed52446b587b7b1e100ce11f3081beac5e6b97
                    • Instruction Fuzzy Hash: E80280B1D002299BDB39DB54CC80BD9B7B8AF54704F4141DAEA09A7241DB709FC4CF69
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                    • API String ID: 0-2515994595
                    • Opcode ID: dab58d47a2ef8fab73fbec4375f4f06188a7e6bf7b2370e665db6e26fa6fe36e
                    • Instruction ID: edfa8b24a236b49b5b1009cdd321f7a220716e1a24ff82de6debdfe8518712c2
                    • Opcode Fuzzy Hash: dab58d47a2ef8fab73fbec4375f4f06188a7e6bf7b2370e665db6e26fa6fe36e
                    • Instruction Fuzzy Hash: 6851A0B15043069BD32DDF19C988BEBBBECAF94A54F144A1EE999C3241E770D604CBD2
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                    • API String ID: 0-3197712848
                    • Opcode ID: 6659d35dcf915a157abd6854820c67ea14404a918c750f9924c142fdec202507
                    • Instruction ID: 0bf499adacbb9af9d3d496b48eea309644ad3a08042c2eed88c71d4aac3353e6
                    • Opcode Fuzzy Hash: 6659d35dcf915a157abd6854820c67ea14404a918c750f9924c142fdec202507
                    • Instruction Fuzzy Hash: 4F12E0716083628FD32DDF28D444BAAB7E4BF84708F050A1DF9858B691E738D954CB92
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                    • API String ID: 0-1700792311
                    • Opcode ID: 796a668570e38f62653964e16299a2e527045c1ac40c04d3581a58778aa09739
                    • Instruction ID: cf62e1b778cddff9748c2c0927e7f16a5faf5ba0bf7da80ed9a18751cc923ab5
                    • Opcode Fuzzy Hash: 796a668570e38f62653964e16299a2e527045c1ac40c04d3581a58778aa09739
                    • Instruction Fuzzy Hash: 65D1ED39904682DFDB2ADF68C444AAEFBF1FF6AB04F08805DF5859B252C7749981CB14
                    Strings
                    • VerifierFlags, xrefs: 01198C50
                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01198A67
                    • VerifierDebug, xrefs: 01198CA5
                    • AVRF: -*- final list of providers -*- , xrefs: 01198B8F
                    • HandleTraces, xrefs: 01198C8F
                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01198A3D
                    • VerifierDlls, xrefs: 01198CBD
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                    • API String ID: 0-3223716464
                    • Opcode ID: 7d90638ea81bb874e7f38185035958a4996e61f98588b7129fb761ec4735a697
                    • Instruction ID: 6a80a2507c0040f08d12d4d848991e03507951a812795b17f3aeebbf2628a563
                    • Opcode Fuzzy Hash: 7d90638ea81bb874e7f38185035958a4996e61f98588b7129fb761ec4735a697
                    • Instruction Fuzzy Hash: 4291467164135AAFDF2AEF289884F5A77E4AF55B18F05051CFA51AF282C730EC41CB91
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                    • API String ID: 0-1109411897
                    • Opcode ID: f8890b4d2183348e5826ff39f1d3cc9988c4f33432d14e5df43b2c988c547828
                    • Instruction ID: 7b7d525d5046cff27fd936ce948564081f103c6251602d305ee22f24ee980c41
                    • Opcode Fuzzy Hash: f8890b4d2183348e5826ff39f1d3cc9988c4f33432d14e5df43b2c988c547828
                    • Instruction Fuzzy Hash: 58A25874A0562A8FDB69CF18CC987A9FBB1AF45304F1442E9D90DA7394DB309E85CF01
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-792281065
                    • Opcode ID: b93df9ba80f56e787e61b22e5f0ceed70c91f3edf4c339c19c365edfe7a7fb02
                    • Instruction ID: 5736c612b12f6784a95e1f1b169dd99c94f9173704258c238a15a7b3d9634c03
                    • Opcode Fuzzy Hash: b93df9ba80f56e787e61b22e5f0ceed70c91f3edf4c339c19c365edfe7a7fb02
                    • Instruction Fuzzy Hash: F0912C30B00316DBEB2EEF58E849BAA7BA1BF51F1CF04411DD5106BA82DB749841CB91
                    Strings
                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01169A01
                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01169A2A
                    • minkernel\ntdll\ldrinit.c, xrefs: 01169A11, 01169A3A
                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011699ED
                    • LdrpInitShimEngine, xrefs: 011699F4, 01169A07, 01169A30
                    • apphelp.dll, xrefs: 01106496
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-204845295
                    • Opcode ID: 159c9aeeb034274b5246c7db10aced546df915947e8b4d4714e9c4deb8b9379c
                    • Instruction ID: 9a03d47a78dcb0439fdb42254ccd00f47f450a934b7214ba92c4ccbadcf9778e
                    • Opcode Fuzzy Hash: 159c9aeeb034274b5246c7db10aced546df915947e8b4d4714e9c4deb8b9379c
                    • Instruction Fuzzy Hash: F15100716083049FE72EDF24D845BAB77E8FB84648F00091EF5859B1A1E771E914CB92
                    Strings
                    • SXS: %s() passed the empty activation context, xrefs: 01182165
                    • RtlGetAssemblyStorageRoot, xrefs: 01182160, 0118219A, 011821BA
                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011821BF
                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01182178
                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0118219F
                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01182180
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                    • API String ID: 0-861424205
                    • Opcode ID: 0d268405bbf4fed0b80cee0ea7ea17c31e7d6f035c846cb6a2f06b855b3ffb88
                    • Instruction ID: 592c0c68dc34388186aeb7001e2f619ad4b91e23b1c1e169fad27c075089e0cc
                    • Opcode Fuzzy Hash: 0d268405bbf4fed0b80cee0ea7ea17c31e7d6f035c846cb6a2f06b855b3ffb88
                    • Instruction Fuzzy Hash: 6A314B3AF402157BEB2ADA999C42F5B7F78DF65E80F05405DFB04AB140D3709A41C7A2
                    Strings
                    • Loading import redirection DLL: '%wZ', xrefs: 01188170
                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 011881E5
                    • LdrpInitializeProcess, xrefs: 0114C6C4
                    • minkernel\ntdll\ldrinit.c, xrefs: 0114C6C3
                    • LdrpInitializeImportRedirection, xrefs: 01188177, 011881EB
                    • minkernel\ntdll\ldrredirect.c, xrefs: 01188181, 011881F5
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                    • API String ID: 0-475462383
                    • Opcode ID: 4dee4001ced9bd979af1610e6258fe1bbea851bba743e46273535ecd3a110217
                    • Instruction ID: e74547d38e8bcc41617a16e49ecfeeac62cec1e34aac92bcc4d34ee9e9a1fc7d
                    • Opcode Fuzzy Hash: 4dee4001ced9bd979af1610e6258fe1bbea851bba743e46273535ecd3a110217
                    • Instruction Fuzzy Hash: C03102716457429FD328EB28D84AE1AB7D5AFD4B14F00455CF9856B291E720EC05CBA2
                    APIs
                      • Part of subcall function 01152DF0: LdrInitializeThunk.NTDLL ref: 01152DFA
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01150BA3
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01150BB6
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01150D60
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01150D74
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                    • String ID:
                    • API String ID: 1404860816-0
                    • Opcode ID: c358d82716b32567a3f2d352f90c7f5c2c3b2ab88ff0bf86f2c26a1cdfc19742
                    • Instruction ID: 089be91dbe1dc2e84ac12b810476df8cd2a877f5a056e46a61476e1d61675d08
                    • Opcode Fuzzy Hash: c358d82716b32567a3f2d352f90c7f5c2c3b2ab88ff0bf86f2c26a1cdfc19742
                    • Instruction Fuzzy Hash: 15427E71900719DFDB69CF68C880BAAB7F4FF48304F1485A9E999DB241E770A984CF61
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                    • API String ID: 0-3126994380
                    • Opcode ID: 6a9f3861081ba17ac4f7935752daa34ee5647c3a8bade8fd63351973088dfed0
                    • Instruction ID: a8794860c20687d3875e6e13caa97cc57d0f92567622364ae0396d258f49ada7
                    • Opcode Fuzzy Hash: 6a9f3861081ba17ac4f7935752daa34ee5647c3a8bade8fd63351973088dfed0
                    • Instruction Fuzzy Hash: 6F92CD71A042699FDB2DCF68C444BAEBBF1FF49304F188059E899AB391D338A951CF50
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                    • API String ID: 0-379654539
                    • Opcode ID: ac2841516501b941bcc4dfc0367ee7a7388129912e0f0db35fd747d11b876abf
                    • Instruction ID: 725c69ebf63d8a4b36e3865ec912949617682f3dab777b4525cc2d0a6423359e
                    • Opcode Fuzzy Hash: ac2841516501b941bcc4dfc0367ee7a7388129912e0f0db35fd747d11b876abf
                    • Instruction Fuzzy Hash: 6FC18870109382CFD719CF58D040B6ABBF4BF84708F04886AF9958B659E738DA4ACB53
                    Strings
                    • @, xrefs: 01148591
                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0114855E
                    • LdrpInitializeProcess, xrefs: 01148422
                    • minkernel\ntdll\ldrinit.c, xrefs: 01148421
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-1918872054
                    • Opcode ID: 0c7ea7baeedd8e7656fceb51676a191d1e5b07711d1d94b7c90edfc17e6d7410
                    • Instruction ID: ee7a41e231f919c565cda3252f3f80b8136acbae334d1217a3af1c0733849784
                    • Opcode Fuzzy Hash: 0c7ea7baeedd8e7656fceb51676a191d1e5b07711d1d94b7c90edfc17e6d7410
                    • Instruction Fuzzy Hash: 29917C71508345EFD729EF65C840FABBAE8FB84B58F44492EFA8496151E334D904CBA2
                    Strings
                    • .Local, xrefs: 011428D8
                    • SXS: %s() passed the empty activation context, xrefs: 011821DE
                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011822B6
                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011821D9, 011822B1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                    • API String ID: 0-1239276146
                    • Opcode ID: 8de97ab12e6b429885ed9ad4005161fdd3f8d44890fac2c4373d4b4091485497
                    • Instruction ID: 98d98c66484d74bdebb17cd26012b2bc1068b764f960a7267e6060139e4b6337
                    • Opcode Fuzzy Hash: 8de97ab12e6b429885ed9ad4005161fdd3f8d44890fac2c4373d4b4091485497
                    • Instruction Fuzzy Hash: 73A1F13590022ADBDB2DCF68D884BA9B7B1BF58754F1541E9E908AB251E7309EC1CF81
                    Strings
                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01183456
                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0118342A
                    • RtlDeactivateActivationContext, xrefs: 01183425, 01183432, 01183451
                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01183437
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                    • API String ID: 0-1245972979
                    • Opcode ID: eca55d5f2ce1931cd48e0f8939659abfb4ab667256b94474371859d6359d97f1
                    • Instruction ID: 738390a2a1c657e62e135261254839d86532495e21a76142551b52500832ca20
                    • Opcode Fuzzy Hash: eca55d5f2ce1931cd48e0f8939659abfb4ab667256b94474371859d6359d97f1
                    • Instruction Fuzzy Hash: 5F6135326107129BD72EDF1CC842B2AB7E5FF90F50F19852DE9A59BA81D730E801CB95
                    Strings
                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0117106B
                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01170FE5
                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01171028
                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011710AE
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                    • API String ID: 0-1468400865
                    • Opcode ID: 193852b17d8165c4bc59127d8e83d7923f0edc434c3ce1c64c2c506a949e46ed
                    • Instruction ID: f1c0d9f02dcd4bfc69508f4e2956b4422b4ba48747dab6cc6bbc0a4a296bd306
                    • Opcode Fuzzy Hash: 193852b17d8165c4bc59127d8e83d7923f0edc434c3ce1c64c2c506a949e46ed
                    • Instruction Fuzzy Hash: E971D0B1904305EFCB65DF14C884B97BFA9AF55798F000468F9498B28AD375D588CFD2
                    Strings
                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0118362F
                    • LdrpFindDllActivationContext, xrefs: 01183636, 01183662
                    • Querying the active activation context failed with status 0x%08lx, xrefs: 0118365C
                    • minkernel\ntdll\ldrsnap.c, xrefs: 01183640, 0118366C
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                    • API String ID: 0-3779518884
                    • Opcode ID: 48217d04773ae483dacc7e59843bc3b48b2254191852409aa872a7b563ed9a97
                    • Instruction ID: 2e4f0663e26399afe2fe14b0452f6da9cb2c430a8a92b127806803aebcd7d69c
                    • Opcode Fuzzy Hash: 48217d04773ae483dacc7e59843bc3b48b2254191852409aa872a7b563ed9a97
                    • Instruction Fuzzy Hash: 0E314B229006519FEF3EEA0CD849B2DB6A4BB21E54F0A8129D6C457952D7B0DC8087D5
                    Strings
                    • LdrpDynamicShimModule, xrefs: 0117A998
                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0117A992
                    • minkernel\ntdll\ldrinit.c, xrefs: 0117A9A2
                    • apphelp.dll, xrefs: 01132462
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-176724104
                    • Opcode ID: 8001b49b0beacc2f34832c859fe80033a453b4db764aee9dc8e4549835b1e87e
                    • Instruction ID: 0c8d5a04295403a6764cbb3e67ed2feb7f85dccd5711946cc94ca9f2ca09e767
                    • Opcode Fuzzy Hash: 8001b49b0beacc2f34832c859fe80033a453b4db764aee9dc8e4549835b1e87e
                    • Instruction Fuzzy Hash: 6A312C71600201EFDB3EEF5DB849A6EBBB4FF84714F1A0159E90167356D7B05991CB80
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                    • API String ID: 0-4253913091
                    • Opcode ID: 32e8e74a18d492e962440027394acb333078b9a84fb0b8176560f59eb763fec2
                    • Instruction ID: c3def61dd91ebf5de88594f8f993d1c0774a7786d17096f794710d9588e054ef
                    • Opcode Fuzzy Hash: 32e8e74a18d492e962440027394acb333078b9a84fb0b8176560f59eb763fec2
                    • Instruction Fuzzy Hash: 3EF1BE30B00616DFEB1DCF68C894B6AB7B6FF49304F148268E5169B392D734E991CB91
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: $@
                    • API String ID: 0-1077428164
                    • Opcode ID: 01f180a2d4b34a43289562809eb19fa3caff7eff2e0663767eebba5906ece368
                    • Instruction ID: 161c4d881b811b3fe7aebb0cd235db58412852baa7b60ef2fd3deb2e8e8f0189
                    • Opcode Fuzzy Hash: 01f180a2d4b34a43289562809eb19fa3caff7eff2e0663767eebba5906ece368
                    • Instruction Fuzzy Hash: 43C270B16083419FE729CF28C880BABBBE5AFC8754F05892DF98987345D734D945CB92
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: FilterFullPath$UseFilter$\??\
                    • API String ID: 0-2779062949
                    • Opcode ID: 7355f35b5386a2abd5dab1da9c90404037726c291638b82e3b717ec4f6addc78
                    • Instruction ID: 4cb80959cf49f14e411c0ad01f319ebce5b826b4b04c8fe7f3b45c2e8a1e49bb
                    • Opcode Fuzzy Hash: 7355f35b5386a2abd5dab1da9c90404037726c291638b82e3b717ec4f6addc78
                    • Instruction Fuzzy Hash: 43A16E72D112299BDB35DF68CC88BEAB7B8EF48714F1041E9E908A7250D7359E84CF90
                    Strings
                    • Failed to allocated memory for shimmed module list, xrefs: 0117A10F
                    • minkernel\ntdll\ldrinit.c, xrefs: 0117A121
                    • LdrpCheckModule, xrefs: 0117A117
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-161242083
                    • Opcode ID: 959d1d689be7417ea5c43c1f06cf0f60cda3e5299b67819a5b40e0169d9bc835
                    • Instruction ID: 8baa406f88ae7721c99572b4d4c2836143abccf252289ad8d313794ffcf162a3
                    • Opcode Fuzzy Hash: 959d1d689be7417ea5c43c1f06cf0f60cda3e5299b67819a5b40e0169d9bc835
                    • Instruction Fuzzy Hash: CB71D070A00205DFDB2EDF68E984AAEB7F4FF88604F19456DE90297356E734AD41CB41
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                    • API String ID: 0-1334570610
                    • Opcode ID: 35034b05331166fada5c8cef3818fdd303c90f0357bb2584308748fe8b27d411
                    • Instruction ID: 870867e45931910c8b07508145991747459f2decbe5847ebdbd8538cefaf7aeb
                    • Opcode Fuzzy Hash: 35034b05331166fada5c8cef3818fdd303c90f0357bb2584308748fe8b27d411
                    • Instruction Fuzzy Hash: 7461AC746043159FDB2DCF28C484B6ABBF2FF49308F14865AE4598B292D770E891CB91
                    Strings
                    • Failed to reallocate the system dirs string !, xrefs: 011882D7
                    • LdrpInitializePerUserWindowsDirectory, xrefs: 011882DE
                    • minkernel\ntdll\ldrinit.c, xrefs: 011882E8
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-1783798831
                    • Opcode ID: a404d3dcccc9be8fc5a04971a5bf233283a999a8b328a46cd64152ef49d66afc
                    • Instruction ID: 7d61e646718e5fe00545b85a65e5ba655d2e501e0684ad3fd9ae6be7d675faa3
                    • Opcode Fuzzy Hash: a404d3dcccc9be8fc5a04971a5bf233283a999a8b328a46cd64152ef49d66afc
                    • Instruction Fuzzy Hash: 32412471545301AFD72AEB68EC44B5B77E8AF44A54F00462AF949C7292E774D800CBD1
                    Strings
                    • @, xrefs: 011CC1F1
                    • PreferredUILanguages, xrefs: 011CC212
                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 011CC1C5
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                    • API String ID: 0-2968386058
                    • Opcode ID: 3a5c3420ed516fdb5e557743d5868ef94ef55adda775a689bb56625fcd3223f5
                    • Instruction ID: 5968e77f969bd729c19ba52148d7abfa7ca0c2f7c4df4a13bb6f4ca0150bdc37
                    • Opcode Fuzzy Hash: 3a5c3420ed516fdb5e557743d5868ef94ef55adda775a689bb56625fcd3223f5
                    • Instruction Fuzzy Hash: 72416671E00219EBDF19DAD8C851FEEBBBAAB64B04F14406EE619F7240D7749E44CB90
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                    • API String ID: 0-1373925480
                    • Opcode ID: 2e91c6fd21cdac8e7832ffbefdc488bd7c7bdffddce2ee082891c6c61a0ace24
                    • Instruction ID: ce28dfea1f7169ce614c80902e28afcff79eba97fe923f1f8c7a1cff1aec7090
                    • Opcode Fuzzy Hash: 2e91c6fd21cdac8e7832ffbefdc488bd7c7bdffddce2ee082891c6c61a0ace24
                    • Instruction Fuzzy Hash: 2C4126359003588BEB2DDBE8D840BACBFB4FF55354F58046AD911EBB82D7B4A901CB11
                    Strings
                    • LdrpCheckRedirection, xrefs: 0119488F
                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01194888
                    • minkernel\ntdll\ldrredirect.c, xrefs: 01194899
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                    • API String ID: 0-3154609507
                    • Opcode ID: ee2f1b7a19549e6cb1d1f3288e05bba12c17ca48e38e37b50503120e2667e87f
                    • Instruction ID: 7b4b5d4fb4e8ceb637882b0af743cf3c563c53c65fa38528e8dd2047ed5c3f32
                    • Opcode Fuzzy Hash: ee2f1b7a19549e6cb1d1f3288e05bba12c17ca48e38e37b50503120e2667e87f
                    • Instruction Fuzzy Hash: 4C41E732A146519FCF2DCE9DD640A267BE4EF49A54F06065DEDA4DBB11D330D802CB81
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                    • API String ID: 0-2558761708
                    • Opcode ID: 63dab59985fdf4d3c2515ab38d5f248664836ef79aac376027c7823895e221ec
                    • Instruction ID: 5bb8a512c607e10bbe8f489ac08b334e826683088fb32bf203ae65d621fbbe1c
                    • Opcode Fuzzy Hash: 63dab59985fdf4d3c2515ab38d5f248664836ef79aac376027c7823895e221ec
                    • Instruction Fuzzy Hash: 8811E1353541129FDB6ECB18C454B36B7A6EF45619F19822DF406CB391EB30E850C756
                    Strings
                    • Process initialization failed with status 0x%08lx, xrefs: 011920F3
                    • minkernel\ntdll\ldrinit.c, xrefs: 01192104
                    • LdrpInitializationFailure, xrefs: 011920FA
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                    • API String ID: 0-2986994758
                    • Opcode ID: b89ff562ac04c3aa6a4be4397d44fa60af8352c1240318fd32c5bd70d96ace58
                    • Instruction ID: c65fcd17dd13081d1106a391cbdc91035ad1d7e2310bcc9d277005956cdca8fa
                    • Opcode Fuzzy Hash: b89ff562ac04c3aa6a4be4397d44fa60af8352c1240318fd32c5bd70d96ace58
                    • Instruction Fuzzy Hash: CCF0C275641308BFEB28E64DDC47F99376CFB40B58F54006DFB506B682E3B0A950CA91
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: #%u
                    • API String ID: 48624451-232158463
                    • Opcode ID: 7d863da81fe4b835624ebfb99554e78133f96fb0c4996998b0cccd52d27fb537
                    • Instruction ID: d2fdedf95773b9cec522411cc15f513e315a879bb63bbc09c301f068ea4b5c8f
                    • Opcode Fuzzy Hash: 7d863da81fe4b835624ebfb99554e78133f96fb0c4996998b0cccd52d27fb537
                    • Instruction Fuzzy Hash: A0717A71A0015A9FDB09DFA8C984BAEB7F8FF18348F154165E904E7251EB38EE51CB60
                    Strings
                    • LdrResSearchResource Enter, xrefs: 0111AA13
                    • LdrResSearchResource Exit, xrefs: 0111AA25
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                    • API String ID: 0-4066393604
                    • Opcode ID: 59877f070ea6549527d3646421aa39de775ad60a3b39d1fe5da0b7f7b2080c51
                    • Instruction ID: 3368334767c6b9800853cf6e555aea1d26954234fb63ca251f05e0a0105974a0
                    • Opcode Fuzzy Hash: 59877f070ea6549527d3646421aa39de775ad60a3b39d1fe5da0b7f7b2080c51
                    • Instruction Fuzzy Hash: 2FE1B171A012999FEF2ECEA8E980BAEFFB9BF04314F150436EA11E7245D7349941CB51
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: `$`
                    • API String ID: 0-197956300
                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                    • Instruction ID: e853552934fa1a130efdc98cd839adb7fcff2a0e6ab645251dbdcf6271c50d7e
                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                    • Instruction Fuzzy Hash: 32C1C2312043469BEB29CF28D841B6BBBE5BFC4318F184A2DF696CB290D775E505CB42
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID: Legacy$UEFI
                    • API String ID: 2994545307-634100481
                    • Opcode ID: 6b50d03404a261eb37ea3da859f13c2f1899e38c1fccfa843b5944fc3e3965df
                    • Instruction ID: 5b59bc3c50e71b27b2be0653d23574e689c4f7d9a5c28932d17ad05429069236
                    • Opcode Fuzzy Hash: 6b50d03404a261eb37ea3da859f13c2f1899e38c1fccfa843b5944fc3e3965df
                    • Instruction Fuzzy Hash: 72616C71E117199FDB18EFA9C840BAEBBB9FB45704F14802DEA59EB251E731A900CF50
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: @$MUI
                    • API String ID: 0-17815947
                    • Opcode ID: 1f9d8986b0b2455cb6bb279ef02be8bccff0bc99e3951cfb6b3fd0a2bcb3102f
                    • Instruction ID: 4d7bfafcd5ef7ea3dc99f448dc4720dcc328742d53c18d9c183d10f562022f46
                    • Opcode Fuzzy Hash: 1f9d8986b0b2455cb6bb279ef02be8bccff0bc99e3951cfb6b3fd0a2bcb3102f
                    • Instruction Fuzzy Hash: A0514971E0061DAFDF15DFE9CC80AEEBBB8EB48758F10452AEA11B7681D7349905CB60
                    Strings
                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0111063D
                    • kLsE, xrefs: 01110540
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                    • API String ID: 0-2547482624
                    • Opcode ID: d0863a856d64aa3c4407bbef7dbb0a0272d0e226fcbe64c52cbda041ee39483b
                    • Instruction ID: 33de604759a17b088fc323aed43f67febef2097b136a94be1ce078c68ba5ffd2
                    • Opcode Fuzzy Hash: d0863a856d64aa3c4407bbef7dbb0a0272d0e226fcbe64c52cbda041ee39483b
                    • Instruction Fuzzy Hash: EE51AD719047428FD729EF28C5446A7FBE4AF88304F104C3EFAEA87245E7709985CB92
                    Strings
                    • RtlpResUltimateFallbackInfo Exit, xrefs: 0111A309
                    • RtlpResUltimateFallbackInfo Enter, xrefs: 0111A2FB
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                    • API String ID: 0-2876891731
                    • Opcode ID: f691ae1542e8ca8e2cef881b772856cbd8099b6cc5cf006cce4635059c6a4b9d
                    • Instruction ID: f663023e1266ecc09e74490bb2fb214741a5c771de025973a3c768fe878eed53
                    • Opcode Fuzzy Hash: f691ae1542e8ca8e2cef881b772856cbd8099b6cc5cf006cce4635059c6a4b9d
                    • Instruction Fuzzy Hash: C641FF30A19299DBDB2ECF69D840B6EBBB4FF84704F2440A5E910DB395E3B5DA01CB51
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID: Cleanup Group$Threadpool!
                    • API String ID: 2994545307-4008356553
                    • Opcode ID: a9a6f18889193d05ec3604051b9470ab4a1972d486ca929f85ab064d0bcf555b
                    • Instruction ID: 1e9e3bc0231fd517323a12a89c732bb1e89cf71f8b66308e7c8de190d7b06e1e
                    • Opcode Fuzzy Hash: a9a6f18889193d05ec3604051b9470ab4a1972d486ca929f85ab064d0bcf555b
                    • Instruction Fuzzy Hash: A101F4B2280700EFD311DF14ED49F1677E8EB84B19F028939A659CB590E774D804CB4A
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: MUI
                    • API String ID: 0-1339004836
                    • Opcode ID: 25999db175725057dbfb8fd5e92dc00e2e26d891436fc47caaf581d9919fdf9a
                    • Instruction ID: d7b57db608cf41fd6880122baf88d241e18608c0875b31de1346f741420eb6aa
                    • Opcode Fuzzy Hash: 25999db175725057dbfb8fd5e92dc00e2e26d891436fc47caaf581d9919fdf9a
                    • Instruction Fuzzy Hash: 79828A75E402198BEF29CFA8D884BEDFBB1BF48350F148179D919AB258D7309941CB91
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: @
                    • API String ID: 0-2766056989
                    • Opcode ID: 793b1b39a0526c68fe0b4ac23570d2a5e14d7e8261b9683d6fcee4295d94da4e
                    • Instruction ID: b316c3608eaa36a067dc54969e615f3bd61174db135a206e8a2796cd3d1b966f
                    • Opcode Fuzzy Hash: 793b1b39a0526c68fe0b4ac23570d2a5e14d7e8261b9683d6fcee4295d94da4e
                    • Instruction Fuzzy Hash: 2522D2702046618BEB2DCF2DE0D43F2BBF1AF45300F09849AD9968F286D735E552CB61
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: aa587cd2ac4f8fffe7a41e04b869ae422b6b0fd94404e6d5eb933263b86c6652
                    • Instruction ID: 2e2ee6d64bb331ac80ac84db50fc19b3adb7ec4fb45fa7a4568d359029b15f83
                    • Opcode Fuzzy Hash: aa587cd2ac4f8fffe7a41e04b869ae422b6b0fd94404e6d5eb933263b86c6652
                    • Instruction Fuzzy Hash: 07916072900219AFEB29DF95CC85FEEBBB8EF58754F100025F610AB194D774AD04CBA0
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: d7c6473f916bf4b5107cbc9ad6a267df78796f1366e87a1c282e77aa243844b8
                    • Instruction ID: 3c20627ddeeca9fa208119c30d5baa64a81f5b2d833d2638c5df95a53df1af1b
                    • Opcode Fuzzy Hash: d7c6473f916bf4b5107cbc9ad6a267df78796f1366e87a1c282e77aa243844b8
                    • Instruction Fuzzy Hash: 8E91BF32902609AFDB2AAFA5DC84FEFBB79EF85744F100029F511A7260E7749901CB91
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: GlobalTags
                    • API String ID: 0-1106856819
                    • Opcode ID: 2761eafb55a5572dfefa90815c0319a4fbff2cb589cfe6eeb4f0cb42a4a8d12d
                    • Instruction ID: 7c85ce8269563817827a99fd9c83012c52e09720d88d0b7be1922a5271827042
                    • Opcode Fuzzy Hash: 2761eafb55a5572dfefa90815c0319a4fbff2cb589cfe6eeb4f0cb42a4a8d12d
                    • Instruction Fuzzy Hash: EA715CB5E0021A8FDF2DEF98D5906EDBBB2BF48704F14C12AE506AB245E7319941CF90
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: .mui
                    • API String ID: 0-1199573805
                    • Opcode ID: 1b0b1bb2fca3dc2a57f43169341f39b827041e54d265d2314bcc95321f27ade8
                    • Instruction ID: 83daf7b63cfd895f7136b84282bfcca3889f0c77cb5b42836fa40a7f6b46d486
                    • Opcode Fuzzy Hash: 1b0b1bb2fca3dc2a57f43169341f39b827041e54d265d2314bcc95321f27ade8
                    • Instruction Fuzzy Hash: 2C51BB72D002369BDF18DFA9D980AEEBBB4BF09654F058129EA13B7641D3749C01CBE4
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: EXT-
                    • API String ID: 0-1948896318
                    • Opcode ID: 440412ce61f44e6ef22294ac0df1cdd6aaf1593a3f3e4e0897f5ef1026b3139e
                    • Instruction ID: fd2b8d37af8f7b8a7943cc1fd001aff49ba8c9834087de4912b2fe005a18cc21
                    • Opcode Fuzzy Hash: 440412ce61f44e6ef22294ac0df1cdd6aaf1593a3f3e4e0897f5ef1026b3139e
                    • Instruction Fuzzy Hash: C641A07260A7229BD729DB75C840B6BBBE8AF88718F04092DFA84D7180E774D914C7D7
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: BinaryHash
                    • API String ID: 0-2202222882
                    • Opcode ID: abbca16ca7388284db4000eb9c670433430d5adf80884d4309fa40d60f27a547
                    • Instruction ID: 0cd4b0d617698f8c8f7567c8465499ea18a13c321064c4fe72f21395857da268
                    • Opcode Fuzzy Hash: abbca16ca7388284db4000eb9c670433430d5adf80884d4309fa40d60f27a547
                    • Instruction Fuzzy Hash: 784143B1D1052DABDB25EB60CC84FDEB77CAB55718F0085A5AA18A7140DB309E898FA4
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: #
                    • API String ID: 0-1885708031
                    • Opcode ID: f1f34318bd7f2fc8745daca7aecdb1e1994cdf3633d22f958de5c6290e6c7738
                    • Instruction ID: 75f058222ad2248990b312267023907d5661dc2d06e5ccb782c0cf9f999392cd
                    • Opcode Fuzzy Hash: f1f34318bd7f2fc8745daca7aecdb1e1994cdf3633d22f958de5c6290e6c7738
                    • Instruction Fuzzy Hash: 08316835A003199BEB3ADF78C854BEEBFB8DF04704F984028EA50AB282D775D905CB50
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: BinaryName
                    • API String ID: 0-215506332
                    • Opcode ID: 518fb59b3fd73d241f81e2c3c659d9c54698402a1affb8b5930a6504312051d3
                    • Instruction ID: 8b6cb77223023d43ec89761c28fc993ed2caf04221a8ced69747ac1256e1cbb6
                    • Opcode Fuzzy Hash: 518fb59b3fd73d241f81e2c3c659d9c54698402a1affb8b5930a6504312051d3
                    • Instruction Fuzzy Hash: 7231D136900919EFEB1DEA59C855FEBBB74EB807A0F018129E915A7250D7309E04DFE0
                    Strings
                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0119895E
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                    • API String ID: 0-702105204
                    • Opcode ID: 0dbd9b2705a1893f293faa25c3d35f4f1296cfad59d0f5c5968065de5b4470ca
                    • Instruction ID: 4d193e92eb8f52ae731b5bff8fbcee846173c8187fd798ae62d256664ae2673e
                    • Opcode Fuzzy Hash: 0dbd9b2705a1893f293faa25c3d35f4f1296cfad59d0f5c5968065de5b4470ca
                    • Instruction Fuzzy Hash: 62012B3231020AAFEF2E5B56DC88A56BB65FFC7258B04012CF65106553DB606C81CB93
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 25328d8facc63c78c8d7fd40c3f60c03fd365316b41ae4ee654373edbb952402
                    • Instruction ID: f2d1692ca8a15b35da3e2c44d78cb59f51c72b8e7a1f9bc8fdb57211da4e27bd
                    • Opcode Fuzzy Hash: 25328d8facc63c78c8d7fd40c3f60c03fd365316b41ae4ee654373edbb952402
                    • Instruction Fuzzy Hash: 1B42C2316083419FD72DCF68C8D0AABBBE5BF98344F08492DFA9697250D774E849CB52
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0bf88a55293b9bc0fa77efed3f257e1ab6c817ba709ac3d06d72c81b4c936d16
                    • Instruction ID: 8cb6349706c28c424b1f1971b3acd8ce995cc98e8683b151af09e6fdee232baa
                    • Opcode Fuzzy Hash: 0bf88a55293b9bc0fa77efed3f257e1ab6c817ba709ac3d06d72c81b4c936d16
                    • Instruction Fuzzy Hash: FF427F75E002198FEB29CF69C841BADBBF5BF88305F548199E948EB241D7349D81CF50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9feffcfaa91afcbd34f947cfba4d13a7832b4a5e33541ec7d28a744dfb726122
                    • Instruction ID: fdaae547a1abef149519040f261668e96a1c4ff80d580dfe41faaf71be8d0883
                    • Opcode Fuzzy Hash: 9feffcfaa91afcbd34f947cfba4d13a7832b4a5e33541ec7d28a744dfb726122
                    • Instruction Fuzzy Hash: 6032BB70A00B568FEB2DCF69C8447AEBBF2BF84704F24411DE5869B385E735A812CB51
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c04d7d07300be4846a5823ec32e268884afe3d39fe5b6e4e87cf838a10b005e5
                    • Instruction ID: 41d55792acf36dfd3a284fc5c568b5174d8afb819ee91f1abaa2ff3ca23b85c7
                    • Opcode Fuzzy Hash: c04d7d07300be4846a5823ec32e268884afe3d39fe5b6e4e87cf838a10b005e5
                    • Instruction Fuzzy Hash: 6E32DB71A04205DFDB29CFA8C480BAEBBF1FF48310F248569E956AB395D771E841CB91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                    • Instruction ID: f9cb19b66aaaa96d7a5655c00d62e80284cce0efce7d891c53b804940f9fc6d5
                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                    • Instruction Fuzzy Hash: 28F16E71E0021A9BDF1DCF99C590BEEBBF5AF88714F098129E905AB748E734D841CB64
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2db98f77a4ad6acb56c9f7daead4bdde1dc9ada347be8bf22d8ece364bbc966c
                    • Instruction ID: 47f3c5e742fb47636e312fb227d53318184f0e86729bc375f88bf2d0c1a7a152
                    • Opcode Fuzzy Hash: 2db98f77a4ad6acb56c9f7daead4bdde1dc9ada347be8bf22d8ece364bbc966c
                    • Instruction Fuzzy Hash: 38D10279E0060A8BDF0DCF69C841AFEBBF1BF88306F598169D955A7241E735E901CB60
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ed276756bff730904ff0c7f575ed11539b2e890487562ec474eecd702da67d73
                    • Instruction ID: 66482853b34f46eb5ba92962e3345aee77e3c1f462fe0c5b3dcedc7f866e8d8e
                    • Opcode Fuzzy Hash: ed276756bff730904ff0c7f575ed11539b2e890487562ec474eecd702da67d73
                    • Instruction Fuzzy Hash: C7E18D71608342CFC719CF28C490A6AFBE1FF89314F05896DE9958B355EB72E905CB92
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 61565ae6107d93fedfbbc82d3b9047867d0ecb9ee29a356e4d085f4f03c71cb5
                    • Instruction ID: 85197ca5333e34092b43743b7f4e1d5db58b96722f458a3afc5f23c8cbf57f54
                    • Opcode Fuzzy Hash: 61565ae6107d93fedfbbc82d3b9047867d0ecb9ee29a356e4d085f4f03c71cb5
                    • Instruction Fuzzy Hash: 1CD1F471F08606DBDB1EDF69C880ABAB7A5BF54308F05422DE916DB2C0EB71E951CB50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                    • Instruction ID: 6fef0b31054c6651617a794a0e960c05e5f30cc34878dfc3f72ac2c3f4a887cf
                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                    • Instruction Fuzzy Hash: 60B14374A006099FDF28DF99C940AABBBB5FF86304F14446DAA62D7791DB34E905CB10
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                    • Instruction ID: 59adec711cd3aeaaf50e9809bb461e011e6b6fb702efb526e94b87382ecb57fe
                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                    • Instruction Fuzzy Hash: 65B13831600656AFDB2EDB68C850BBEBBF6AF88304F150659E652D7381DB30ED41CB91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 89eeb2e32ecb7de6b41cb6b2bb9e800eb219e961f41156bd26e6b8b86078851a
                    • Instruction ID: e7e1b32953d2eac176f7e3f746505832d7e059f1b62842663fd850bb6aaea82d
                    • Opcode Fuzzy Hash: 89eeb2e32ecb7de6b41cb6b2bb9e800eb219e961f41156bd26e6b8b86078851a
                    • Instruction Fuzzy Hash: D0C136751083419FE768CF19C484BAABBF5FF88304F44896DE98987295DB74E908CB92
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f9362ac52fd81428c14ff395c961900142113b8a100d855b50466c32092459ed
                    • Instruction ID: 08ab9651331f9be970e1e5f6fc3682d68e51d28b2b4ffa37a50d56f3ea8112fc
                    • Opcode Fuzzy Hash: f9362ac52fd81428c14ff395c961900142113b8a100d855b50466c32092459ed
                    • Instruction Fuzzy Hash: E9B19174B002668BDB79DF58C880BA9B3B5EF44704F0486E9D50AE7281EB71DD86CF61
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2fd0395ec86c58f3d5bfb592a5ae2ed9672d9bb66a39895ddb13ab4c046b2967
                    • Instruction ID: fcd3bb9a0b4d024e8e9aff417f7bb32cf1ddd6a3f36f71a6fa15ae56d7eb759f
                    • Opcode Fuzzy Hash: 2fd0395ec86c58f3d5bfb592a5ae2ed9672d9bb66a39895ddb13ab4c046b2967
                    • Instruction Fuzzy Hash: 74A12771E0171A9FEB2EDB98C848FAEBBB4AF44714F050121EA20AB395D7749D41CBD1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 02c7f398f9550f91543a2a02a39e186f9b0720cc57c5b9f2c1677d1d67f9b907
                    • Instruction ID: 7ac58f6c16720db7fc67bf340e1ef15e921d4abbcfeb51a4cf24490c9594b4b9
                    • Opcode Fuzzy Hash: 02c7f398f9550f91543a2a02a39e186f9b0720cc57c5b9f2c1677d1d67f9b907
                    • Instruction Fuzzy Hash: 32A1B570B0061ADFDB6DDFA9C591BBABBB1FF48318F144129EE5597282DB34A801CB50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d3a2698543a1cb24a02fee8d36991654b1c4ddf0a3a887c13091a41e86cf14d5
                    • Instruction ID: 67d3d5239bcbc406c3fcdba5f77949d9acc1cdd612e637fc5a081f0b5a65035c
                    • Opcode Fuzzy Hash: d3a2698543a1cb24a02fee8d36991654b1c4ddf0a3a887c13091a41e86cf14d5
                    • Instruction Fuzzy Hash: 24A1FE72A00A12DFD72ADF98C984F6AB7E9FF48708F410628E585DBA51D334EC10CB91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1b49f437fb2f42f799585873e90da595d9d77834a945bf1fbc955cac4912fec3
                    • Instruction ID: 6d553eb978ba3e30e6a6770af66122530b405f1cb74edb4448dbfec93925f75c
                    • Opcode Fuzzy Hash: 1b49f437fb2f42f799585873e90da595d9d77834a945bf1fbc955cac4912fec3
                    • Instruction Fuzzy Hash: E4917171D04216AFDF19CFA8D894BAEBBB5AF48710F154169E624EB341D734EA00DBB0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 329c281381ff9e36529b8a9e20b8e24e36647d6b3c56785b229e08f015e2d217
                    • Instruction ID: 1f4d9f305a613729267360887fcf00b9959bb4aeda33badfa30205b2e3c7d1d2
                    • Opcode Fuzzy Hash: 329c281381ff9e36529b8a9e20b8e24e36647d6b3c56785b229e08f015e2d217
                    • Instruction Fuzzy Hash: 35914535A0166ACBEB2CDB58C840BBD7BB1EF94728F058169E905DB381FB34D821CB51
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f790b919c983ddc39d32577cfb552b1ac10c0fbf258db217efd25514e82bc60e
                    • Instruction ID: b8e19a8a7f9cf2c25f530c9af3d17a406c907727f8450140e075e90303079354
                    • Opcode Fuzzy Hash: f790b919c983ddc39d32577cfb552b1ac10c0fbf258db217efd25514e82bc60e
                    • Instruction Fuzzy Hash: 9581A4B1A00616DBDB2CCF69C850ABEBBF9FB48700F14852EE455D7640E735D950CB94
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                    • Instruction ID: ddfde06eb107e341153937d43d101b5531eab658fd769e060038f185ec95c487
                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                    • Instruction Fuzzy Hash: F281A131A0061A9FDF1DCF98D890AAEBBF6FF84314F198569D9169B384D734E902CB40
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1cb828137d706f2ec4e6af9025a8c94340d61499cf66f758a627100e3168cf32
                    • Instruction ID: 95eee2a8642e28d90d8056c827fb06a9f50a347c843b021fe7c2e38368d6904d
                    • Opcode Fuzzy Hash: 1cb828137d706f2ec4e6af9025a8c94340d61499cf66f758a627100e3168cf32
                    • Instruction Fuzzy Hash: 8771B17160471A9FDB2DCF19C980B6EB7ECBB48258F018929E955C7200E731E864CB92
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ecace5f5df5b6f0aefec234e61cd9caf67785860f2afa886f407bc394c7556d0
                    • Instruction ID: 6489c01b4de4c57f610d1be7eb3446657be5829c489063f311716edf0ebfc70e
                    • Opcode Fuzzy Hash: ecace5f5df5b6f0aefec234e61cd9caf67785860f2afa886f407bc394c7556d0
                    • Instruction Fuzzy Hash: 44818071A05609EFDB2ADFA8C880EEEBBF9FF88714F104429E555A7250D730AC45CB60
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 159a25c90df779796834c7ecb312eca60c29ba418393738a0f4c318fa9a1c20d
                    • Instruction ID: c3ce200fb3e8071bfad8d99b6cb710dabb799f9205d0f4be3b3ed424b16d54b7
                    • Opcode Fuzzy Hash: 159a25c90df779796834c7ecb312eca60c29ba418393738a0f4c318fa9a1c20d
                    • Instruction Fuzzy Hash: D671BD75D00669DBCB2A8F59D8947FEBBB1FF58710F15421AE942AB351E7309810CBA0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fd7313fefbc5c013916426cf84800d98749f8e19182cb756bfa2f992027979fe
                    • Instruction ID: 046fa1aa9706376e13e7700802c707bd1570cb60581f9ff60110b75c6eaf6d34
                    • Opcode Fuzzy Hash: fd7313fefbc5c013916426cf84800d98749f8e19182cb756bfa2f992027979fe
                    • Instruction Fuzzy Hash: AD71F370904206EFDB29CF9DD958A9EBBF9FFA0B10F00825EE601A765AD731C940CB54
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6dcd14458087724bcc4964453e46842a533a2c438687d7ef0ebcbe2a2a2270ca
                    • Instruction ID: e3b0c706506b02eec69debd6e210bd3f65cb7572d4f4c1b91193d26ce95309c2
                    • Opcode Fuzzy Hash: 6dcd14458087724bcc4964453e46842a533a2c438687d7ef0ebcbe2a2a2270ca
                    • Instruction Fuzzy Hash: 257104326046528FD32ADF2CC480B6AB7E5FF94314F0585A9E898CB352DB34DC56CB92
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                    • Instruction ID: e6d9e5720068a7e1d400dca138c3f993f9816f3348586e253f5e5f72c8a74f4a
                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                    • Instruction Fuzzy Hash: 5C719C71A0021AEFDB18DFA9C980AEEBBB8FF48714F104469E515E7250DB34EA41CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8ea8c77ed8cd4fe386c13b137cdb7339db0e3ea04da590f8317308d93817dab4
                    • Instruction ID: 4886d97921e95d4c22d534b032f8e1f62796bde6757d290526c70e20661a67dd
                    • Opcode Fuzzy Hash: 8ea8c77ed8cd4fe386c13b137cdb7339db0e3ea04da590f8317308d93817dab4
                    • Instruction Fuzzy Hash: 3271F23A200B01EFE73ACF18C844F6ABFE6EF44724F594528E6168B2A0D775E945CB50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 23731791ce2f295830244b8d980c0adca5a7b2e0fdc8ef2a40972ed246f4f1b0
                    • Instruction ID: 1923d51aa7d70074f11134fb3a0f0b1bcd12e282cac63191be74b7c3ea3e397b
                    • Opcode Fuzzy Hash: 23731791ce2f295830244b8d980c0adca5a7b2e0fdc8ef2a40972ed246f4f1b0
                    • Instruction Fuzzy Hash: B881A172A083558FDB2DDF98D488B6DB7B1BB48314F16822DDA00AB386D774DD42CB94
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5d624003f3b118eb99c8c1ee2f2a6ad77a6d9a36a0fa6dec563d29c5656440f5
                    • Instruction ID: f48ad3c27fd167dba18da202ac3f0ae6fb482804be5e0d3f93055474b98a5c66
                    • Opcode Fuzzy Hash: 5d624003f3b118eb99c8c1ee2f2a6ad77a6d9a36a0fa6dec563d29c5656440f5
                    • Instruction Fuzzy Hash: A951EF72504716AFD32ADE68D844A5BFBE9EFD4B14F050A2DBA80DB140E730ED04C7A2
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 34063682c37b80b24d377f412cc45c7e501fddfe77f91873770b8fba0ef395a1
                    • Instruction ID: 3bfe94801b049fe2bc575b01e4afd39b693dafdf920ad37e0f6a379fbaee632e
                    • Opcode Fuzzy Hash: 34063682c37b80b24d377f412cc45c7e501fddfe77f91873770b8fba0ef395a1
                    • Instruction Fuzzy Hash: 2951AD70900705DBD729DF6AC8C0BABFBF8BF94B14F10461EE296576A0C7B0A945CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b8e86f863971c9ff237a529cc189c52642352d3fc8c0754aee226a857bcf4768
                    • Instruction ID: d75d714aafdb50551b750df17582c28baa1efc3aab189c3e446ddfd378f32905
                    • Opcode Fuzzy Hash: b8e86f863971c9ff237a529cc189c52642352d3fc8c0754aee226a857bcf4768
                    • Instruction Fuzzy Hash: 7651BE71201A15DFCB2AEF69C980E6AB3F9FF58B58F41042AE612C7260D738ED11CB50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2d15659f6ad3155babcd77296e486e8dbd8330b724fd8f8d785d8fae9baeb4b5
                    • Instruction ID: 873a5327cb90ce28f956878ac8595cf5f4e0bf7f8c49f34ad06aabfbed28e317
                    • Opcode Fuzzy Hash: 2d15659f6ad3155babcd77296e486e8dbd8330b724fd8f8d785d8fae9baeb4b5
                    • Instruction Fuzzy Hash: 16517C716083129FD758DF29D880AABBBE5FFC8208F48892DF596C7661E730D905CB52
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                    • Instruction ID: 45a975604bfc414bd5c7f3bc125039b8fc5f77520441efe32d36cf18966970e2
                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                    • Instruction Fuzzy Hash: E651B171E0461AABDF1ADF98C440BFEBBB5AF85754F044069EA01AB344D734DD84CBA4
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                    • Instruction ID: dedcadb76da948bc72cc3c4f68edd1eed5c0bc4a8601da80fc9aef028a3fc624
                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                    • Instruction Fuzzy Hash: C051B771D0221AEFEF29DF94C894BAEBB75AF00328F154665D93367290D7349E40CBA1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b7e8ee31b15f0e44e79d2d962dbfeef00446b3c093b396259584312b51558cb6
                    • Instruction ID: 0b20422eae489c2b261bbe5cc663ad8bcce3f8a75f06edf6563c47f696e060f2
                    • Opcode Fuzzy Hash: b7e8ee31b15f0e44e79d2d962dbfeef00446b3c093b396259584312b51558cb6
                    • Instruction Fuzzy Hash: FC41D371701611DBEB2DDB2DC894FBFBBAAEF90620F088219E955872C1DB34E801C791
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c1a2bbc3c57afeb5188fac0edb1c35280fc3665e806b13279cbfbb63957edc4f
                    • Instruction ID: 65e337a0a2e176a9c12eb53b2c7d7c7c1b9cfc611bb2ff9f02b093631c34278b
                    • Opcode Fuzzy Hash: c1a2bbc3c57afeb5188fac0edb1c35280fc3665e806b13279cbfbb63957edc4f
                    • Instruction Fuzzy Hash: 4051BC7190021ADFCF28DFA8D880A9EBBF9FF48358B114619D5A5A3705E734AE01CBD0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 59863b2f82fc035f30cc488674024f192736add57946678cb83aefdd1b22e695
                    • Instruction ID: 11251333844eefae228509b4b4a360bf3a5e2e786e53e699e4a950c7337b34b4
                    • Opcode Fuzzy Hash: 59863b2f82fc035f30cc488674024f192736add57946678cb83aefdd1b22e695
                    • Instruction Fuzzy Hash: EA41F8716802119FDF2EEF69B8C4B6A3765AB55B0CF06412CEE07AB243D7719840CB91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                    • Instruction ID: 7465231bdad5afe420f433d5e1fa2e8c786faac28d133f5ba433f76a4f7f09c8
                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                    • Instruction Fuzzy Hash: 97412B326007169FCB2DCF68D880A6AB7A9FF80314B05472EE95687640EB30FC14C7D2
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 384bbfe47429fc93d931f22398c7a5a106d9d41c16bd3f61e2ed04f5827986f0
                    • Instruction ID: 9ac86778634d41835dd9798afdaabad4b1ce5dbb7620663727c0319b2920e4e2
                    • Opcode Fuzzy Hash: 384bbfe47429fc93d931f22398c7a5a106d9d41c16bd3f61e2ed04f5827986f0
                    • Instruction Fuzzy Hash: E441BD35900219DBDB18DF9AC440AEEBBB4BF4CB14F15812AFA15EB380E7359C41CBA5
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6727d522e93488585218718afc1086705bc4e2ecd13cd4eb4ba18c943ed2cf67
                    • Instruction ID: bc7713059376f1c2592268b203739464d32061fe9174cd3212d1dbdc6358f77c
                    • Opcode Fuzzy Hash: 6727d522e93488585218718afc1086705bc4e2ecd13cd4eb4ba18c943ed2cf67
                    • Instruction Fuzzy Hash: 7541C1712053029FDB29DF28C884A5FB7F9FF88228F014929E566C371AEB35E8558B51
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                    • Instruction ID: 2215b032262f19eeb78765eb44459448d5d956ddc8c50679938e63ca37637b9d
                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                    • Instruction Fuzzy Hash: A5514975A00615CFDB19DF9CC480AAEF7B2FF84710F2881AAD915A7351D774AE42CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d1da851a06e05d43ac24f70cf47c0ca84467c832066706629fec41ed6fdd5056
                    • Instruction ID: ea1affd0df0b6c85a8041b33fa658e712392d91d8764882fadd6c4a5e44db4ec
                    • Opcode Fuzzy Hash: d1da851a06e05d43ac24f70cf47c0ca84467c832066706629fec41ed6fdd5056
                    • Instruction Fuzzy Hash: E651E770900216DBDB2ECB28CC04BE9BBB1FF15318F1482B9E529A72D5E7759991CF41
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a0139a0534e7e0b9fdb8f585fa47cd07ace647727c136e588f4441818b0b1153
                    • Instruction ID: ca9c87786170c9dff0b236218eab497280335e82aed4f626baeed587189f5d4f
                    • Opcode Fuzzy Hash: a0139a0534e7e0b9fdb8f585fa47cd07ace647727c136e588f4441818b0b1153
                    • Instruction Fuzzy Hash: A741AE35E01228DBDB29DF6CC940BEEB7B8AF59750F0101A5E908AB241DB359E81CF91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                    • Instruction ID: 265950bdb6f3b4d9156cc2352433de4976b333e454a0dab2869444f3f5c125b8
                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                    • Instruction Fuzzy Hash: CD41D575B00206ABEB1DDF99CC84ABFBBBAAF88714F154069E904A7341DB70DD01C7A0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2e7a199a2a0a6f11aadc3186ab1c8bcb3cdc54a138a8fbd22b821e21c1f05ae5
                    • Instruction ID: fb847be1bbe6b947f802524224750e0d82ca4a1fa129174bd9c775208802e23b
                    • Opcode Fuzzy Hash: 2e7a199a2a0a6f11aadc3186ab1c8bcb3cdc54a138a8fbd22b821e21c1f05ae5
                    • Instruction Fuzzy Hash: 5E41B270A007069FE72DCF28C490A26F7F9FF49214B108A7DE55A87A59F731E895CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3df456bbab66db6e1b2bb97c2f261a0492021c8a3b260735f408030f2bc756c1
                    • Instruction ID: f0c9663fefea141a6bbe537b7f21d07e5f03dc8756fcfdbd77a532d7ef0382be
                    • Opcode Fuzzy Hash: 3df456bbab66db6e1b2bb97c2f261a0492021c8a3b260735f408030f2bc756c1
                    • Instruction Fuzzy Hash: 3D41DF32A00204CFDB2EEF68E8587AD7BF0BF98314F454299D551A72D9DB359900CBA1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b75b017216bddd8693bd36b3437303492ba6c723608d27c4d3767aa3a6baf306
                    • Instruction ID: 00dd5cbb56d913593c418ca2ef834acfe29a41429fda19ede54ef0dd6496421c
                    • Opcode Fuzzy Hash: b75b017216bddd8693bd36b3437303492ba6c723608d27c4d3767aa3a6baf306
                    • Instruction Fuzzy Hash: B541F631904242CBD72DAF58D888B9EFBB5FB94708F15C12DD6015B25AD775D842CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7364239c0751630a700334f3e0e70ba3c52328ea99a14a58b54ca07061ca50c2
                    • Instruction ID: 3613b1c8e811c59ad85e134633de027abba12af85476f6182fedafa2bd209ab8
                    • Opcode Fuzzy Hash: 7364239c0751630a700334f3e0e70ba3c52328ea99a14a58b54ca07061ca50c2
                    • Instruction Fuzzy Hash: 82417C3190C7069ED316EF68C840A6BF7E9AF88B54F41092AF980D7290E771DE158B93
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                    • Instruction ID: 88be67e33a67d6030dc47b88e62433407a6c6752072afe4758d77230231b7ca9
                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                    • Instruction Fuzzy Hash: 7A414931F08319DBEB1EEF1894407BABB65EF50754F1680AAE944CB285D7738D50CB92
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fe7d8cdaaecbb95965b8cf08c40123dfd1ab950b0095b2f9d0b7a88eb33ea4ad
                    • Instruction ID: cfa4ed8f3e197b6cc49470c481f12d8e3d61392fe56e797e1a441cacc675b314
                    • Opcode Fuzzy Hash: fe7d8cdaaecbb95965b8cf08c40123dfd1ab950b0095b2f9d0b7a88eb33ea4ad
                    • Instruction Fuzzy Hash: 4F417D72A00601DFD729CF18D840B26FBF5FF58314F21866AE4498B255E771E981CB91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                    • Instruction ID: 13fe96060488ca749f103dc674e6e6f772304c98a9c71cb6d6efec9cd3e098e8
                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                    • Instruction Fuzzy Hash: 96415E71A00705EFDB28CF99C980AAABBF4FF18B00B11496DE696D7651E330EA44CF51
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b964d9c5835254a3188181eb553b644f262bb17b0b26ebc096f51d3d4bbe8416
                    • Instruction ID: 5b2f6b744595779ff11ecb2d330ee9d2a72ed9462eea4d2ce83a2a5f0bc2115f
                    • Opcode Fuzzy Hash: b964d9c5835254a3188181eb553b644f262bb17b0b26ebc096f51d3d4bbe8416
                    • Instruction Fuzzy Hash: E141B071901B05CFCB2EEF28D900B5AF7B5FF58314F2186A9C4169B6A6DB309941CB51
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a13690e77a79ae3b87ecdaa0b2a96da9140bcd2870db49b0be9429f7308fa7d5
                    • Instruction ID: 834502bbc0dd0f7396f6cf963bd28873af835d8de64247b27607c2a16a076e1f
                    • Opcode Fuzzy Hash: a13690e77a79ae3b87ecdaa0b2a96da9140bcd2870db49b0be9429f7308fa7d5
                    • Instruction Fuzzy Hash: DF319EB2A01755DFDB19DF98C440799BBF0FB09B18F2085AED119EB251E7369902CF90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1327390f47f5aae6fabbb29503db14a8e6cb92d0296a32ef709c5e3291a06b8f
                    • Instruction ID: 37a2ec1c17558fffdd7befaf469d6f92927479fe56f562734eadad98b391099a
                    • Opcode Fuzzy Hash: 1327390f47f5aae6fabbb29503db14a8e6cb92d0296a32ef709c5e3291a06b8f
                    • Instruction Fuzzy Hash: 95419071A043059FD764DF29C845B9BBBE8FF88764F004A2EF9A8C7251D7709904CB92
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 252574f9d34a412f7868fd95d92743d79e01959f172e9ec2e875b4896f9b46e4
                    • Instruction ID: 099f66843f8d20988d455c0cae4a49692201689656a7c4d2277dda70d4b28e51
                    • Opcode Fuzzy Hash: 252574f9d34a412f7868fd95d92743d79e01959f172e9ec2e875b4896f9b46e4
                    • Instruction Fuzzy Hash: F141C1726046469FD728DF6CC840A6AB7E9FFC8700F140A2DF9A4D7680E730E914C7A6
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 449c4fda117e2a331029fdab49f5b03c5ae9a16b93ecc8f15375fdb09a1c3a20
                    • Instruction ID: d538ecc58fc4310a5c6cf93ef72df12d61426cabc2c5bfc302c57bd09d299c3c
                    • Opcode Fuzzy Hash: 449c4fda117e2a331029fdab49f5b03c5ae9a16b93ecc8f15375fdb09a1c3a20
                    • Instruction Fuzzy Hash: E741E3302003068BD72DCF18D884B2AFBEAEF89B64F14453DE6458B695EB70D811CB91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                    • Instruction ID: 3acfa3f11010230646204be4ef54cdd30c01735cc3d17bf970be1188ee9cb4d9
                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                    • Instruction Fuzzy Hash: F3312532A08255AFDB1A8B68CC40BABBBF9AF18350F0442A5F815D7352C3749884CBA1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 85e49906683a71007ae8cf3409e2ab4c38a39cf5391314b48b4dfce811399be6
                    • Instruction ID: d60682b41acbd9b7ebf10760ab3de1bf8444253fef876416b753c012715539b5
                    • Opcode Fuzzy Hash: 85e49906683a71007ae8cf3409e2ab4c38a39cf5391314b48b4dfce811399be6
                    • Instruction Fuzzy Hash: 5031B935751716ABDB2A9F658C81FEB7AA5AB58B54F000028F600EB391DBB8DC01C7A0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 06d1167d642914e2c4545a925bcf297a76db2411269bd9127999176991169a3c
                    • Instruction ID: fe4957434c4b23c5ce41e8d2bf534c4ec5c9c73cf06d020057550a14cf0455db
                    • Opcode Fuzzy Hash: 06d1167d642914e2c4545a925bcf297a76db2411269bd9127999176991169a3c
                    • Instruction Fuzzy Hash: 2331E3326092118FC329DF19D8A4F5AB7E6FB95720F0A446DE9958BA62D730A810CB85
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1402b08d2f25e47b0488c444b1cfd2f57ecea49c59272198d26ea80b5f7bf5bd
                    • Instruction ID: 7ad7f2fbd5c9906e0104e71a2473b2bff6a699b36a6313d55ffc76c38e8925bb
                    • Opcode Fuzzy Hash: 1402b08d2f25e47b0488c444b1cfd2f57ecea49c59272198d26ea80b5f7bf5bd
                    • Instruction Fuzzy Hash: A4419F32200B45DFD72ACF28C885BDABBE5AF49754F018429F69A8B760D774E904CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1eae40ef9f0ebbd054a5ae0a75d273113f13d71325f9ba8aad7dc9bfc2539f91
                    • Instruction ID: 09aa66f929d14db5c7ba895c8ca6af3818ea559453875206a0cf4ff10696525d
                    • Opcode Fuzzy Hash: 1eae40ef9f0ebbd054a5ae0a75d273113f13d71325f9ba8aad7dc9bfc2539f91
                    • Instruction Fuzzy Hash: B931D0716083028FD328DF28D8A0E6AB7E5FB94B20F05452DF9558BB61E730EC10CB96
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7650522e698eff5fb1acd3c85305210811b9f834f70bea15fb2b551515cbc2a4
                    • Instruction ID: f726ba7a6960e3dfc5fda018ad1d46b46a65b6e6fe2e3d2be36efe831627f5ea
                    • Opcode Fuzzy Hash: 7650522e698eff5fb1acd3c85305210811b9f834f70bea15fb2b551515cbc2a4
                    • Instruction Fuzzy Hash: 8231F5317026C69BF32E775DCD48B257BD8BF45B48F1D40A0EB558B6D2DB28D880CA21
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 52c6c5648a046f9039b38ace09fe0bc33110cca892dd34b27740de07afeecf97
                    • Instruction ID: e519536a830c89ac9745beb953c7511892e2b8c8040b38b84b351f4f6b52e870
                    • Opcode Fuzzy Hash: 52c6c5648a046f9039b38ace09fe0bc33110cca892dd34b27740de07afeecf97
                    • Instruction Fuzzy Hash: A931E475A0022AEBDB19DF98CC40FAEB7B5FB48B44F554169E900EB244D770ED41CBA4
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b606e992f36bd95c41b62023134d917bfe6d15f95102cfc949a48248f2209c00
                    • Instruction ID: 025d79a5861cb08c8a5db343e4116511bea4b9579f2438e740a1c470278b6d18
                    • Opcode Fuzzy Hash: b606e992f36bd95c41b62023134d917bfe6d15f95102cfc949a48248f2209c00
                    • Instruction Fuzzy Hash: 83316376A4112DABCF25DF54DC84BDEBBBAAB9C310F1040A5E909A7251DB30DE91CF90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8d7fe1a9c27208954a6e7bd91e15fddd79deb33389c87889be9213be221f80f7
                    • Instruction ID: 8d5dd5231050b9a47cd831fa09481f95e8e505a0adb50a964ad83b2f6ba18f5e
                    • Opcode Fuzzy Hash: 8d7fe1a9c27208954a6e7bd91e15fddd79deb33389c87889be9213be221f80f7
                    • Instruction Fuzzy Hash: C531B572E01315EFDB2ADFA9CC40AAFBBB9EF48750F114425E925D7258D3709E018BA1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1939cb56ec00819e0229f6b867d546bd84145b7a54f2e69b48e95c04e4724cc0
                    • Instruction ID: c09819f51731907209ea4e64b2325f597921a0eeb56f8f4cdf490646c61850f2
                    • Opcode Fuzzy Hash: 1939cb56ec00819e0229f6b867d546bd84145b7a54f2e69b48e95c04e4724cc0
                    • Instruction Fuzzy Hash: F731D471A00616EFDB1A9FA9C850B6EB7B9AF84758F114069E505EB382DB30DC01CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d2f91d91084df2482cc4861dcd4d2ce905d5b9dc4df788ec5481a88b8452d309
                    • Instruction ID: 1a12b1ae486b6f3b4f25fd93aef36bf3e539572ac63bda4749fee1b889abbbcb
                    • Opcode Fuzzy Hash: d2f91d91084df2482cc4861dcd4d2ce905d5b9dc4df788ec5481a88b8452d309
                    • Instruction Fuzzy Hash: BD31F632E09612DBC71EDE288840A6BFBA5AF9C250F02453DFD5597258DB30DC518BD2
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4026a586d1b5abc87a677043370f1b3ba35f7e5c7c8ae0c5f2806733339a3dba
                    • Instruction ID: f6b7ff84396962b05e4dc2efbc1d8ed3dddd141ce9277059deb0f01dd2ff17d9
                    • Opcode Fuzzy Hash: 4026a586d1b5abc87a677043370f1b3ba35f7e5c7c8ae0c5f2806733339a3dba
                    • Instruction Fuzzy Hash: 9A318C716093018FE769CF19C840B2AFBE5FB98710F05896DE9889B395D771E844CBA2
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                    • Instruction ID: 3bffa75244399d96b685435239d353b905fb47928e992f6a5dbe6f24d48ba5f4
                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                    • Instruction Fuzzy Hash: 773116B2B00B01AFE779CF69DD41B56BBF8AF08A50F05492DA59BC3651E731E900CB60
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f405bf9c81d9e21bff1e097195d40dbb978d683f12e7057b55ad14fb34518a92
                    • Instruction ID: 24a9b977b8f5d44ff17655be6acc562fff758e292ee8ee0dcbdee3a053a6fc99
                    • Opcode Fuzzy Hash: f405bf9c81d9e21bff1e097195d40dbb978d683f12e7057b55ad14fb34518a92
                    • Instruction Fuzzy Hash: 9C31AF71516341CFC71ADF19C58089ABBF1FF89218F044AAEE4889B352E331D955CF92
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 059ae904e084a35d814caf02967933c1ba69b477538e14dfb368989ecf47814c
                    • Instruction ID: b03712ba13797338d6b7dee75a1b4ecdbc481de806ff12f473fc8cd163164efd
                    • Opcode Fuzzy Hash: 059ae904e084a35d814caf02967933c1ba69b477538e14dfb368989ecf47814c
                    • Instruction Fuzzy Hash: 1731D432B00205DFD728EFA8C984AAEBBFAAFC4708F008539D645D7A58D734D945CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                    • Instruction ID: cdb2280701b0d6532f02ad22fa068fcd724053f3bc43e029ab6bdb69028e9f43
                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                    • Instruction Fuzzy Hash: 5E213932E4425BAADB099BB9C800BEFBBB9AF55740F0681759E15F7340E3B1C9008BD0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fa30deed080a61123e2db890cb2634e429af63332e565328c04cc4169d1d3f56
                    • Instruction ID: 43debac71aa5f0d4305376c20475255c48de98906b76f0c5149290424374bc0c
                    • Opcode Fuzzy Hash: fa30deed080a61123e2db890cb2634e429af63332e565328c04cc4169d1d3f56
                    • Instruction Fuzzy Hash: A8318E716002108BDB39AF58DC40BA977B8FF50308F44C1A9DD859B346DB79DC92CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                    • Instruction ID: 1572081c0bd21cc3acc23a3377b08fee8cc337331563d45459b75eec2d584901
                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                    • Instruction Fuzzy Hash: 0C21DE36600A52A6CB1D9B95C810BBAFB75EF60B14F40C41EFAA987D51E734DD50C7E0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f6e87c1760fd629674a21123ca88320bd59128d05a8e547a61f1d763f4b15373
                    • Instruction ID: ecafa856b2a520d813ce82ca6927d1e022eea7e52e6a67cc0ecf517e46ceb68b
                    • Opcode Fuzzy Hash: f6e87c1760fd629674a21123ca88320bd59128d05a8e547a61f1d763f4b15373
                    • Instruction Fuzzy Hash: 7E31E431E0212C9BDB3A9F19CC41BEEB7B9EB15744F0208A1E655E72D0D7B49E808F91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                    • Instruction ID: 252926fd4fce614b9eb26487da5fd88b0e8cb7e7d5f270d790fb23cd0e7fee0f
                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                    • Instruction Fuzzy Hash: CB217131A01609EBCB19CF58D980A9EBBB5FF48B14F108065EE159F641D771EA058B90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 641e64014b9dcb1c74debf083a6acc0345afb882a713046306bb6aa7bc47eaed
                    • Instruction ID: 7de9804599d9bf68e0089a77a2cf7a59676d7a0d2a9ab227d34fdea9f24e10b8
                    • Opcode Fuzzy Hash: 641e64014b9dcb1c74debf083a6acc0345afb882a713046306bb6aa7bc47eaed
                    • Instruction Fuzzy Hash: E421BF726047459BCB2ADF18C880B6B77E4FF88B60F054519FD589FA45D730E9018BE2
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                    • Instruction ID: 2933b42b7c74af46af5606472028c39e30de422f24be658130f9bd1621949cb0
                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                    • Instruction Fuzzy Hash: 4F31BE31A00605EFDB2ACF69C884F6ABBB9EF44314F1148A8E551CB281E770ED02CB50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6241c0030acfb7c0c3d0f6d277273315684a8fd457947cbef13f01c76b06086b
                    • Instruction ID: f42ab937cf332ffe121906c7ed1db51be278f3fb0d0be8888ba800d4529bf3ea
                    • Opcode Fuzzy Hash: 6241c0030acfb7c0c3d0f6d277273315684a8fd457947cbef13f01c76b06086b
                    • Instruction Fuzzy Hash: 97318D75A00206DFCB1DDF18C8849AEB7B5FF84708F258559E8099B391E771EA50CF91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 11fd200ed1064d1585875e4c225339a7e398001b3b2657737ce1bc58fe2e1ad4
                    • Instruction ID: 25699cec54e3ff691a419f9e64885cec13ca02f64d7aac3a6bf5eab1d8d4a32a
                    • Opcode Fuzzy Hash: 11fd200ed1064d1585875e4c225339a7e398001b3b2657737ce1bc58fe2e1ad4
                    • Instruction Fuzzy Hash: DA21B171900529DBCF29DF59C881ABEB7F8FF48754F500069F951AB240E778AD51CBA0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cbb7067e69b7e63aa49906ca90d4f5351a8849e70510649028cf542d9a6755ea
                    • Instruction ID: 8b55134d3fe8ca03743c41fb0fc8701984f0f3b2d6669cab20723a97ff2d1afd
                    • Opcode Fuzzy Hash: cbb7067e69b7e63aa49906ca90d4f5351a8849e70510649028cf542d9a6755ea
                    • Instruction Fuzzy Hash: 8E21AB71600615ABDB19DB68C840A6AB7A8FF4C744F140069F914D7691E738ED10CB64
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f8eb0b5f2313455e0721895c15ef74662b4c1bfd33e2d839ac75ffa745b8ad98
                    • Instruction ID: 9024237f21bf5424ed07cc68e6693057654d115016f9b4ea55feeca097c5f59b
                    • Opcode Fuzzy Hash: f8eb0b5f2313455e0721895c15ef74662b4c1bfd33e2d839ac75ffa745b8ad98
                    • Instruction Fuzzy Hash: FE2125729083469FDB19EF59C804B6BBBDCAF99254F080456BDA4C7251D734DA04C6A2
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b9618db600459d1be9cf459ababc6865f07b7c70319a499c2f0cd3c9cdd455b1
                    • Instruction ID: f1d1413cff903e8b407c5939b5e7f8235dda27562e3e3dc1c5ab9e70ed9b75dd
                    • Opcode Fuzzy Hash: b9618db600459d1be9cf459ababc6865f07b7c70319a499c2f0cd3c9cdd455b1
                    • Instruction Fuzzy Hash: 5C21F6316456869BF72E676CDC04B2C7BE4AF85774F2903A4FA309B7E6DB78C8418241
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 70fd1750640c7b97cf84ca09a514c648cbb5f5124e8376f0b55fafacb88c8e70
                    • Instruction ID: 5bf75a797d30a5fc63011456eb88266f56311ce2cee7fe8778e3bdf71e0db750
                    • Opcode Fuzzy Hash: 70fd1750640c7b97cf84ca09a514c648cbb5f5124e8376f0b55fafacb88c8e70
                    • Instruction Fuzzy Hash: CD21A935250A119FC729DF29C800B56B7F5BF08B48F248568E50ACBB62E331E852CF94
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2e5d84235dd524f9796732bfd560080d60137407fda639b192d596d8daf50379
                    • Instruction ID: 97b0f9a0aa57911753b96597e7f447c0c2f5306cf79a9e50b6e199a96743136e
                    • Opcode Fuzzy Hash: 2e5d84235dd524f9796732bfd560080d60137407fda639b192d596d8daf50379
                    • Instruction Fuzzy Hash: A6112372280A15BBE32B5659AC01F6BB6999FF4F60F25802CB718CB280FB60DC008795
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0cd5bcff47604cde55bb779ef7fda9b2f5409df53fb1f6a2d8fdc344e0af4a36
                    • Instruction ID: cdd21446a64fdf3ac327f05e16738feabc26fed1dd759805851fea0b71bdc31a
                    • Opcode Fuzzy Hash: 0cd5bcff47604cde55bb779ef7fda9b2f5409df53fb1f6a2d8fdc344e0af4a36
                    • Instruction Fuzzy Hash: D821EBB1E00209AFCB25DFAAD8859AEFBF9FF98610F10012EE515A7245D7709941CB50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                    • Instruction ID: 43ee3baf33598cfd8e371906983798ecef6064ce9c703e64963a8f2a1a12d12c
                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                    • Instruction Fuzzy Hash: 1221AE76A00209EFDF168F98CC40BAEBBB9EF48311F200415F910A7251D734ED618B50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                    • Instruction ID: bd4d55e47830693cdc72a0d7e3bfe7bec2ef5510a9b23818d0948fc10509648a
                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                    • Instruction Fuzzy Hash: A411E272600605AFD72A9F55CC40FDABBB8EB84F58F110029F7048B180D771ED44CB50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5976e12d90387191aa16ff10668f9f2eee6b891cf6983804a2cd8fc42519c085
                    • Instruction ID: 78049c3452a03007b238b7bb9f352f75fe7c49b8489080885ca2ef7dbc6e0493
                    • Opcode Fuzzy Hash: 5976e12d90387191aa16ff10668f9f2eee6b891cf6983804a2cd8fc42519c085
                    • Instruction Fuzzy Hash: 7B119435701A219BDB19CF4DC5C0A56FBE9AF8A754B19C07DEE089F209D7B2D901C790
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                    • Instruction ID: d763477799d7b2e9e73d7b96d3515b8c4130f3d12c2422dd71cc466228626524
                    • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                    • Instruction Fuzzy Hash: 4F217972680641DFD7299F49E540A66FBE6EF94F18F16887DE98A87B10C730EC01CB80
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3ad34071de17a9abb68f3e8523d82afc4b5b5e37f8d3079143ff3f95e1968dc5
                    • Instruction ID: 72b6ac73ca822b841683ad94191fe0a10355ed52282115bc2f8ab91977fb4fb4
                    • Opcode Fuzzy Hash: 3ad34071de17a9abb68f3e8523d82afc4b5b5e37f8d3079143ff3f95e1968dc5
                    • Instruction Fuzzy Hash: 74215B76A00206DFCB18CF98C581AAEFBF5FB89318F24816DD505AB315DB71AD06CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 03a41deff46a8112ce511e00bb70af84d0dd25ff58615307a670d06879879cb6
                    • Instruction ID: 845e2b54c9db17eb34e58dda1b9ea6c2c93c4e13a9ba2d197f047a81bd815733
                    • Opcode Fuzzy Hash: 03a41deff46a8112ce511e00bb70af84d0dd25ff58615307a670d06879879cb6
                    • Instruction Fuzzy Hash: 2B219D71610B01EFD729DF69C880F66B7F8FF85654F40882DE5AAC7251EB70A850CBA1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 009e044d10bf19f6e4effb9e25ea600da3486d1ba8aaf1124472db0d2842ba38
                    • Instruction ID: 5be8ff7d39763560175d9e7e8a7703ac5650f1e9eb0f55d656d55cbda72f3741
                    • Opcode Fuzzy Hash: 009e044d10bf19f6e4effb9e25ea600da3486d1ba8aaf1124472db0d2842ba38
                    • Instruction Fuzzy Hash: D411C136240614EFC72ACB59CD40F9A7BA8EB99A64F464025F2119B251EB70E801C790
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 80dc722cdb629b6663d05085a9ae569f69300f83780323fa45f78d235a0ef36a
                    • Instruction ID: 85f907545cec549bbbae13be4572d5a4fe4947b272df9f88ed0323d9db191434
                    • Opcode Fuzzy Hash: 80dc722cdb629b6663d05085a9ae569f69300f83780323fa45f78d235a0ef36a
                    • Instruction Fuzzy Hash: 7B1148333001119BCB1ECB28CC80A2B76A6EBD5274B264529D9228B391EB309C12C390
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 03c769469f93b1ccabf78735d3046e2af4e1ac2ae7d149c45e02d7d6f077593c
                    • Instruction ID: cf0a0a0ced157a39d393ae267cced7e17f5d359b1b01950fbc357e0602c07cd9
                    • Opcode Fuzzy Hash: 03c769469f93b1ccabf78735d3046e2af4e1ac2ae7d149c45e02d7d6f077593c
                    • Instruction Fuzzy Hash: 2611E0B6A01615DFCB2ECF59D580A5ABBF9EF89A18B06807AD9059B311F734DD00CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                    • Instruction ID: 0d629e53fcaeb8fb165e22383da4357db407eea389acaff88c9cc974267b6f98
                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                    • Instruction Fuzzy Hash: 53110136A00919AFDB1DCB58C801B9EBBB5EF84214F098269E856A7340E735BE11CB80
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                    • Instruction ID: 60492966f4ad170e5c0ad5d94d1e82778af82b4dcea5541a6b7fc10f769e2a10
                    • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                    • Instruction Fuzzy Hash: 4221D6B5A40B459FD3A0CF29D581B56BBF4FB48B10F10492EE98AC7B50E371E854CB94
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                    • Instruction ID: f92e923a4d9691e2f242d7e8bf2ac712b29db1730693091474a1275c8dff2526
                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                    • Instruction Fuzzy Hash: D311C631602605EFEF2DDF88C840B56BBE6EF45754F058468E9299F154DB31DC40DB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b0cc92d7283c727854a567e3ede6012ac5f6a938796fc83703488fc2afab0891
                    • Instruction ID: 8ab054d90d089457ae4d75ddbdafdaf438f5bbbb4eb556e6a147d451fbfe1c54
                    • Opcode Fuzzy Hash: b0cc92d7283c727854a567e3ede6012ac5f6a938796fc83703488fc2afab0891
                    • Instruction Fuzzy Hash: F601D631706645AFE31EA26DE884F6F6BDCEF857A4F4A00B5F9008B295DB24DC00C2A1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4daa82bec739aef9c39b9d996e2f681dd7b0ed5dbf34dadf51534a29a880464d
                    • Instruction ID: c550e202ff800f12f0858c40d5323d110836fd36d43a8558b21fb40d41572218
                    • Opcode Fuzzy Hash: 4daa82bec739aef9c39b9d996e2f681dd7b0ed5dbf34dadf51534a29a880464d
                    • Instruction Fuzzy Hash: 55110236200B45AFDB2DCF5AD844F56BBA5EB86F68F004129F9048BA44C370E840CF60
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5daac01815957483b9fb932b33b5d8ae1ef7c845d87e4e2fa3f5cb219b4d8ac8
                    • Instruction ID: 00f02b4688918d1df46976168c1d9623ff25c5988ed72ae6ad4bf8c199a3c034
                    • Opcode Fuzzy Hash: 5daac01815957483b9fb932b33b5d8ae1ef7c845d87e4e2fa3f5cb219b4d8ac8
                    • Instruction Fuzzy Hash: 1E110872A00715ABDB26DF59C9C0B5EFBB8FF89B58F500055DA01A7200D734AD05CB50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8013f29e67d6a6c29005931c32e986021b3b64112792c692f1dc194e11d36424
                    • Instruction ID: 2f82eeb1c9bd124b81920597b07cb5a4a974bc8ddbac95e7b0f448546f0dbdec
                    • Opcode Fuzzy Hash: 8013f29e67d6a6c29005931c32e986021b3b64112792c692f1dc194e11d36424
                    • Instruction Fuzzy Hash: 5201927150120A9FC72ADB19E448F16BBF9EFC5318F20826AE1058B269C7B0AC46CF90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                    • Instruction ID: 172db84bb8070e1ce3ee40b119c86147a5412daa4bb1b9f19c04d371552af6a7
                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                    • Instruction Fuzzy Hash: 7311E5766127C79BE72F972CC944B263BE4EB40758F1A00A0EE5187787F328C843C252
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                    • Instruction ID: 7f005827e1940a1663f83f0622cf05d9c58782c0e2cecf40e821713fc446a391
                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                    • Instruction Fuzzy Hash: 9A01C032A02905AFEB2DDB58C800B5EBBAAEF40754F058434EA159B260E772DD50CBD1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                    • Instruction ID: 0b469dff21424aac914f860f58d065c5c99ed81a8e02c0f1dbf3da8a04a8336f
                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                    • Instruction Fuzzy Hash: BF0126318047299BCB3A8F59E840A727BB5EF557A0700853DFC958B2C1D331D400CB60
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b592ae24cf650ac647d5b316ea108ba6d42a89459bc97b5e699a700fc00425a2
                    • Instruction ID: fec9249adf7a1d6e7ed499ffb1211b1b18821e7f46ea7800373f18684d03504b
                    • Opcode Fuzzy Hash: b592ae24cf650ac647d5b316ea108ba6d42a89459bc97b5e699a700fc00425a2
                    • Instruction Fuzzy Hash: A8118B32242241EFDB1AAF19C980F16BBB9FF58B58F2000A5E9059B6A1C335ED01CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c28bbfa26487a483ad24d145c9d45842e89998b7c2062814e1dd2799af7b44e5
                    • Instruction ID: 20b9d81e74ff2a160df33316ec620755ba4c0a66e220d9a89c8d2e73956e2d5e
                    • Opcode Fuzzy Hash: c28bbfa26487a483ad24d145c9d45842e89998b7c2062814e1dd2799af7b44e5
                    • Instruction Fuzzy Hash: 82115A71541229EBDB69AB64CC42FE9B3B4AB08714F5041A4A728A61E0DB709E91CF84
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e2bf1701a3251d1f1a60adb226c86c3ba4e45d4237d31922c156460a8bb9015a
                    • Instruction ID: 526af417507eea4f82cdc39d5f12dc2839a64460d64ed6b6f71e7df9a563c34b
                    • Opcode Fuzzy Hash: e2bf1701a3251d1f1a60adb226c86c3ba4e45d4237d31922c156460a8bb9015a
                    • Instruction Fuzzy Hash: 95111772900119EBCF1ADB94CC84DEFBB7CEF48258F044166E916A7211EB34AA15CBA0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                    • Instruction ID: 287e23f71da701625ece0e4a5669adbe665fc78a72956c1cdf242c765d7da1f1
                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                    • Instruction Fuzzy Hash: 2301F5326001118BDF1D8A6DD880A56B76ABFC4600F6646B5ED058F24EDB728891C390
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fd5a58f4385495d6ddc2ccd247a99afec1bfb08e28c4822191634e31c3856327
                    • Instruction ID: 1fa26d07195f5aad862c09cbbbd0c1170109633c8b86030e30601adb70ee4a06
                    • Opcode Fuzzy Hash: fd5a58f4385495d6ddc2ccd247a99afec1bfb08e28c4822191634e31c3856327
                    • Instruction Fuzzy Hash: 6A1108366001459FC309CF58D400BA1FBB5FB56344F4C8159E884CB316D731EC40CBA0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0b7851b857529b89f38f0c57a0c7bd6cee6e5f7ea17be190e87243b71d86043a
                    • Instruction ID: f6185042db1054b86c60d151da58dcbe51cc969af0232f58d9163f302d16115f
                    • Opcode Fuzzy Hash: 0b7851b857529b89f38f0c57a0c7bd6cee6e5f7ea17be190e87243b71d86043a
                    • Instruction Fuzzy Hash: B61118B1A00209DBCB04DFA9D541AAEBBF8FF58350F10406AE915E7351D774EA018BA4
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 936fb1674956bdcadd49c11e8b44a477ac5eea22c31f8bec32ab9c28f96be1dc
                    • Instruction ID: 11d10643e136cdaac64a53ee2fbc7f578a1036b56b4b1c321e7bcf8e9044b2c8
                    • Opcode Fuzzy Hash: 936fb1674956bdcadd49c11e8b44a477ac5eea22c31f8bec32ab9c28f96be1dc
                    • Instruction Fuzzy Hash: 1501D4351422219FC73EAF398880DFABBBDFF91664B05842EE1455B251DB31EC51CB91
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                    • Instruction ID: 22b3d7626b91dfbe81cf62e708a280a3b3cedb6ec2f8631bb4f3f39a6a18a7dd
                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                    • Instruction Fuzzy Hash: AC0145326007059FEF2BD6A9D800FA777EDFFD5214F018559E6868B980DBB0E402CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9e25f42e17db9aa850066191150236c750c3f359ec10002b7962dbfce102293e
                    • Instruction ID: dcfd00263e98cad6a60ef4ce18cd9a9fe5abbbe481bcc8be5ff4bd7aa85b5aed
                    • Opcode Fuzzy Hash: 9e25f42e17db9aa850066191150236c750c3f359ec10002b7962dbfce102293e
                    • Instruction Fuzzy Hash: BC116D35A0020DEBCF19EF64D850BAE7BB5EF44244F004059ED1197250EB35AE11CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b4a6d495ceada51df15d38efe4832df2499a85f52c40020aacce8fe81c24541d
                    • Instruction ID: f5231b7c2297eb33a3f5335667f295ecc8b532a7e07579c1f89f3d5f0bc9154d
                    • Opcode Fuzzy Hash: b4a6d495ceada51df15d38efe4832df2499a85f52c40020aacce8fe81c24541d
                    • Instruction Fuzzy Hash: 2001A7712115557FD319BB79CD40E57B7ACFF986687004625F10593551DB34EC21CAE0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8e23e1bc44ed99222cc44cb0a306386f9977222cfcebac5f98b8ea037950557a
                    • Instruction ID: 713e0f429db431bd36cbf43b98332c8430746824bfde3654373957aa10df0d3a
                    • Opcode Fuzzy Hash: 8e23e1bc44ed99222cc44cb0a306386f9977222cfcebac5f98b8ea037950557a
                    • Instruction Fuzzy Hash: EF014C36224312DBC328DF79C848967BFA8FF88664F554229E968871D0E7309901C7D1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 391dbe32395967ea62a5edbd748032b9350e81d64be9ead51cc241e3352e4f88
                    • Instruction ID: 326b7445a8cc4a9e0264c0909cc6ddeba758177c80462be730fe7d86dfe99f25
                    • Opcode Fuzzy Hash: 391dbe32395967ea62a5edbd748032b9350e81d64be9ead51cc241e3352e4f88
                    • Instruction Fuzzy Hash: 6F115775A0020DEBDF19EFA8C844EAE7BB5FB88254F004059FD6197380EB34EA51CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 19a5b9f4edf585645b84a9ec163b8c5364a9232091d148d57f7072f364a717d9
                    • Instruction ID: d312a155aa1a4f06ffe79336e00da8e799837725c418c43df8193299ce917677
                    • Opcode Fuzzy Hash: 19a5b9f4edf585645b84a9ec163b8c5364a9232091d148d57f7072f364a717d9
                    • Instruction Fuzzy Hash: 711139B16183099FC714DF69D441A5BBBE4EF98750F40451AF9A8D7391E730E900CBA2
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 299e079e02976e554fc43f739d99ac3c86e79685824ef17c43205eb40edbce7f
                    • Instruction ID: 72a9eb2e82435c992bc5487f5e5c8db8b426a3b12542a9dcbeb68644411622e3
                    • Opcode Fuzzy Hash: 299e079e02976e554fc43f739d99ac3c86e79685824ef17c43205eb40edbce7f
                    • Instruction Fuzzy Hash: 251179B1A183089FC714DF69D441A4BBBE4FF99350F00851AF9A8D73A1E734E900CB92
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                    • Instruction ID: c7b80185fa68f0ca4514f8fd2586ab443b323eb9f04462fe29d39dbf98e5b26f
                    • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                    • Instruction Fuzzy Hash: AA01D836200A059FDB299BADD848F56B7E6FBC5624F444419E643CBA90DB70F890C794
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                    • Instruction ID: 812310eba5b886bf0852db1d0ba0c527287032225c52b4c992afd04c26b85a74
                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                    • Instruction Fuzzy Hash: AF017C323056949FE32A872DC948F2A7BDCEB44754F0904A1F905CB6A1D73DDC51C626
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5c786082f9422421dda7bed0bdb8abffd2250075febb10d84602cc950bc0e565
                    • Instruction ID: 6d1a41bdc7ba3c5db41e0b7d4b75a9d3d5cf53104c04942f9063d2085a05324c
                    • Opcode Fuzzy Hash: 5c786082f9422421dda7bed0bdb8abffd2250075febb10d84602cc950bc0e565
                    • Instruction Fuzzy Hash: 4601D435F14905EFCB1DEB69D8049AABBB9FF80224B154029DA0197680DF70D941C291
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 317635a20bb43217620b3e7bb8fa126b80ab9abbdfc1b0099734b5869813af12
                    • Instruction ID: 489047e6d0395759cc5685daab9de8a339939631d8bd87c86c1827bc1bf68d16
                    • Opcode Fuzzy Hash: 317635a20bb43217620b3e7bb8fa126b80ab9abbdfc1b0099734b5869813af12
                    • Instruction Fuzzy Hash: DF01F271241B11AFD33A9B1AD980F86BAA8EF54B50F01442EF3069F3A1D7B0D850CB54
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0c4a6658eea47f6977fa4f86fd6ee40eb4aa176324b830b4f3d9eea307161948
                    • Instruction ID: 0868edf5326991723bcfbc4c26712e58e1ca4316581b480a61d5b274faf7db95
                    • Opcode Fuzzy Hash: 0c4a6658eea47f6977fa4f86fd6ee40eb4aa176324b830b4f3d9eea307161948
                    • Instruction Fuzzy Hash: 04F0F932641625B7C7399F568C80F5BBAAEEB94BA0F114029E60597640D730ED01CAA0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                    • Instruction ID: 74a6280c94be676a5b1d1d8f26d88a6578f832f54bb713cacc95254319b683ea
                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                    • Instruction Fuzzy Hash: FBF0AFB2600625ABD328CF4DD840E67FBEADBD1A84F048129A515DB220EA31DD04CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                    • Instruction ID: 00ee3b3d70b1860273652ae4525646b538afe38fb8eb5570914799ad1ef27cf7
                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                    • Instruction Fuzzy Hash: 1CF0CD339185329BD73F16594440B67F7558FE5A64F160275E2055F180CFE4CD015AD1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                    • Instruction ID: 34ace6a24f02e48874ad194836790135438bcfad098014833edbed0e20d439aa
                    • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                    • Instruction Fuzzy Hash: AB012832201685DBE33EE71DC805F99BFD8EF41B54F5984A5FA148F6A2E778C840C661
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8ce93f781d8408aaed3b3ec44c2bdf10db01e49bcd790f505db35b8ef27132c6
                    • Instruction ID: 1288bcc9bb32d5e8ed0681a20fc8c229b997ec7feb3ddf3f4a43ad704bea7599
                    • Opcode Fuzzy Hash: 8ce93f781d8408aaed3b3ec44c2bdf10db01e49bcd790f505db35b8ef27132c6
                    • Instruction Fuzzy Hash: E9018F71A1024ADBCB08DFA9D445AEEBBF8BF58314F54005AE900A7280D734EA01CB94
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b97bc21cfd4990f6acb5f7ed33ce962d30d21fd74b77f2d90b11c757cc20ff56
                    • Instruction ID: ec3fbbc18992e1b6e6bf03a3e0744282430213798be2185e6803a520b9803c36
                    • Opcode Fuzzy Hash: b97bc21cfd4990f6acb5f7ed33ce962d30d21fd74b77f2d90b11c757cc20ff56
                    • Instruction Fuzzy Hash: AA018936200109ABDF129E84E844EDA7F66FF4C764F068201FE2966220C332D970EF81
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5b299cbaed6a41aa9830d521043c5eaf34ba9ba70c5cbf9cd86efa60f3ec3e6f
                    • Instruction ID: 36de0826128aaddd2044af0646d4c54a1ffcf56a4b223eb5146f2cf919596a25
                    • Opcode Fuzzy Hash: 5b299cbaed6a41aa9830d521043c5eaf34ba9ba70c5cbf9cd86efa60f3ec3e6f
                    • Instruction Fuzzy Hash: C4F02472A04341DFF31E961ADC01F22329AE7D0750F2681AAEB058B2C1EBF1DC018BD5
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5cfd16d9dee5e1bd5b3f583b2e4e304d23eee0d0178f43e5b0edb44300501f63
                    • Instruction ID: ab1680c18b1ee94b5c1722dbc655e74cc77c2793f1632b50dcebcdd311576d4c
                    • Opcode Fuzzy Hash: 5cfd16d9dee5e1bd5b3f583b2e4e304d23eee0d0178f43e5b0edb44300501f63
                    • Instruction Fuzzy Hash: A701A470204B86DBF33EA72CDD48B2937A8BB45F48F494190FA118FAD6DB28D841CA11
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                    • Instruction ID: 690dfb6a5e9b1780152f3454165355e3fab13bce23a5422bd120584b6b37939c
                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                    • Instruction Fuzzy Hash: 89F0B43134AF3347E77DAA2E8490A6AA6569F90D40B0D852CD642CBAA2DF20D8008784
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                    • Instruction ID: bf3b58000f3385466dfea11c97bca54e2022994c49ad187471db017c38959c4d
                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                    • Instruction Fuzzy Hash: 1EF089337525219BDB39DE8DDC80F16B768FFD9A60F1A0065A6249F660C760EC12C7D0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c2df73068553f0592ead6adeb11ffd5814e966140c46bec797d52e48244905aa
                    • Instruction ID: fe223a10f9a9bf9530892cc50a3296e53fd335578148881840bfd28a02f06672
                    • Opcode Fuzzy Hash: c2df73068553f0592ead6adeb11ffd5814e966140c46bec797d52e48244905aa
                    • Instruction Fuzzy Hash: 10F08C706153049FC728EF28C445A1AB7E4EF98714F80465AB8A8DB395E734EA01CB96
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                    • Instruction ID: 042c5150288aaa81815e7ecf2bda69c9144a9f6caa9be03631bc7fddb25973fc
                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                    • Instruction Fuzzy Hash: 5CF02472A00205AFE318DF22CD00F96B6E9EF9C704F158078A644C71A0FBB0DD40CB54
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fb032f31491a753e3fdb2fa7c80c6a6093007294aa69eee767e3d7df25f13068
                    • Instruction ID: dd98f502de9b942dfbb389497e069ffdf6f303613537c7b45a248f8f8a85ad6c
                    • Opcode Fuzzy Hash: fb032f31491a753e3fdb2fa7c80c6a6093007294aa69eee767e3d7df25f13068
                    • Instruction Fuzzy Hash: B0F0AF70A00249DFCB18EF69C515A5EB7B4EF18304F008055A865EB385EB38EA01CB90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bd50f6d224ce287f6e5c52c76d059a2202f69b2e721d2d58c11cb8247dad2c60
                    • Instruction ID: 73bb182e08e68525521f546987bf1f9d87c4a055c02e1d3a67973d30fc4756df
                    • Opcode Fuzzy Hash: bd50f6d224ce287f6e5c52c76d059a2202f69b2e721d2d58c11cb8247dad2c60
                    • Instruction Fuzzy Hash: 55F0903191A6E19EE73ADBDCC044B21FBD49B00F24F09497AED8987D6AC774D880C651
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 601b157b6822729f3337de0b1606c89b0b12641fe49622f92fe192466f062629
                    • Instruction ID: d6c9b03bbc89af8801923928208f9f11fefd90986f9b244d1d090449f458d7af
                    • Opcode Fuzzy Hash: 601b157b6822729f3337de0b1606c89b0b12641fe49622f92fe192466f062629
                    • Instruction Fuzzy Hash: DAF0A3374157C54ACF3B5B3C78543D53F55A7A9414F09114DE4A057207C774C493C364
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8b62511683b39eac2af09282cf7db3243714aaefcfd45c2b7a7d30cc41242bbc
                    • Instruction ID: 80de66fccd661da5809391f8399ef56b3026f311e9f6d59a65270313e697c543
                    • Opcode Fuzzy Hash: 8b62511683b39eac2af09282cf7db3243714aaefcfd45c2b7a7d30cc41242bbc
                    • Instruction Fuzzy Hash: FBF0BE715136519FE32A9B1CC148B117BD89B40EA4F09D575D40687722C774E880CAD1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                    • Instruction ID: 4135b2b915858090d7a4c0b1214eab58f7b850c99e1887e28ffd62290c31c410
                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                    • Instruction Fuzzy Hash: E5E09232300601ABE7659E598CC0F57776E9F92B14F040479BD045E251CBE29C1982A4
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                    • Instruction ID: 918b3ee8d3b3edcb2a1048f2e899fe4f7ee7725a6ffbf7b7650e6d463f289df7
                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                    • Instruction Fuzzy Hash: 67F06572144604DFE3298F09DA84F52BBF9EB05364F9AC025E6099B561D379EC80CBA4
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                    • Instruction ID: a6b823504a52083f38c12cf6d967f391377efb457f01329e0c19794ff0557fd8
                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                    • Instruction Fuzzy Hash: 68F0E5396087459BDB1EDF19C040AE9BBA8FB59360B010064F8828B301D732E991CB51
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                    • Instruction ID: 2cc050492517fcfaebb3343713875ac5f39f5f84e6eb5cef594ba56bcb7b2aa4
                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                    • Instruction Fuzzy Hash: 02E0D872244545ABD32D5E598800B66B7A6DBD0FA0F260439E2028B950DF70DC40C7D9
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                    • Instruction ID: 2b9f1c9433328a8b3225ad655b2bfed702e66239fa9805277c3c771f4e2792d3
                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                    • Instruction Fuzzy Hash: E6E0DF73A00520BBDB2997998D41FDABFACDBA0EA4F150064F600E7094E630DE00C690
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                    • Instruction ID: c16ce1e6d943164a5ab7e56a7ae6a4c747fa3c6e9ba9b15e23b92406d17d2975
                    • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                    • Instruction Fuzzy Hash: 61E09B31B40B559BCB298A9DC144E53BBE8DF99664F15806DEA0547612C371F882C6D0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: d0690a8833344cf2700e4ae7c20cf524c12dd1bc02556c4ee9b19d3b7f9dccd7
                    • Instruction ID: 9b1adc88dd09793b3b47ccdfe9e84aa1084900ce6030ab62cf315bd300782689
                    • Opcode Fuzzy Hash: d0690a8833344cf2700e4ae7c20cf524c12dd1bc02556c4ee9b19d3b7f9dccd7
                    • Instruction Fuzzy Hash: 5DE092321005549BC326BF29DD01F8ABB9AEB64768F114525F12557594CB34A820C7C4
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                    • Instruction ID: a8fb7581661db41fa4372bb7d6a2cc151ad922fd96e543ca13c91ca523e1c2c0
                    • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                    • Instruction Fuzzy Hash: 41E09231011611DFE73A6F2AD808B52BAE0BF60B15F188C2DE096024B0D77598D1CA80
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                    • Instruction ID: 449bcaa11da7b62e077b38967092a176098f5974d65e5690c176499ac2a2900e
                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                    • Instruction Fuzzy Hash: 6FE0C2343003058FEB19CF19C140BA27BB6BFD5A10F28C068A9588F605EB32E843CB40
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 74ec520a014aa8c3baa887e09935451f3899b3c129934b5a4add7b4f79efd57a
                    • Instruction ID: f42a1eb6c0462e3bb844a07ace7fd993d029f8b3d448c9bea20a11578a85ba60
                    • Opcode Fuzzy Hash: 74ec520a014aa8c3baa887e09935451f3899b3c129934b5a4add7b4f79efd57a
                    • Instruction Fuzzy Hash: 36D02B325C20306FCB7EE1197C08FE33A999BA4A24F124860F10C92011E714CC8187C4
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                    • Instruction ID: e1750d17615a7f5dce358378889cc6c858981a52270b26106d7e6c589b15a54f
                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                    • Instruction Fuzzy Hash: FBE08C32948A20EEDB3E2E19DC00B5176A5FB58B24F11482AE081060A4CBB5A8A2CA45
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ae55aef8fd825be6fd0c804d8b8de8baef50816b50feaf62ec2eb5ee262669a5
                    • Instruction ID: c9da522b27d6354525c32aa606c0e287d50645997890e67d4fd9d41f0e2d8922
                    • Opcode Fuzzy Hash: ae55aef8fd825be6fd0c804d8b8de8baef50816b50feaf62ec2eb5ee262669a5
                    • Instruction Fuzzy Hash: 58E08C321004646BC216FA5DED10F4AB79AEBA9664F100221F15087698CB24AC11C794
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                    • Instruction ID: 29d57d50dd4137037363db84b36df28d3a328a24078f7ba6acf1cdf496fdf021
                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                    • Instruction Fuzzy Hash: 83E08633511A1487C72CDE58D511B7277A4EF45B20F19463EA61347780C674E544C795
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                    • Instruction ID: 81d93fce49bef9d96eefbc0ae8cbf4f9801d91d68553de35ae0c3b597d7c5cc7
                    • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                    • Instruction Fuzzy Hash: FDD05E36511A50AFC3369F1BEA00C13BBF9FBC8A20705062FE54583924C771A816CBA0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                    • Instruction ID: 3b2971756907ba1a693d312c1689ee5ff1d082f87c264b0ee86af0e821ef8e99
                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                    • Instruction Fuzzy Hash: 8ED0A932214620ABD736AA1CFC00FD333E9BB8C724F06045AF018C7050C364AC82CA84
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                    • Instruction ID: fd5648ef6f9ef3e6a541e3a5420586660ea3987adf8459f538370d1a25fcab18
                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                    • Instruction Fuzzy Hash: 6AE08C319116809BCF1AEF99C640F4ABBB5BB84B00F140014A4185B220C324A801CB40
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                    • Instruction ID: 2de93241da5b2a7db88ec4686617ed40778292543849e64c4f142330031e89a8
                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                    • Instruction Fuzzy Hash: 82D02232722030A3CB2E9A557800F636909AF84AA4F0A002D740A93840C2188C43C2E0
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                    • Instruction ID: da188716c8a2492c5066b0a04ce3cd979bd12adda07898c4b55f3b919a40e0ae
                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                    • Instruction Fuzzy Hash: 06D022370E010CBBCB119F62CC01F903BA8E768BA0F004020F504870A0C63AE860C580
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dd37459482208937a75df707545490fe9add49d8ac11c245a739181ea3cb3c64
                    • Instruction ID: decfc2372e91184c44950ecfa1366b483eb07fce8c7e3bd52ce419765206bb25
                    • Opcode Fuzzy Hash: dd37459482208937a75df707545490fe9add49d8ac11c245a739181ea3cb3c64
                    • Instruction Fuzzy Hash: 77D092396569129BDF2EEF59CA14B6A7AB4EF18A40B904068E60192521E369D8228A90
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                    • Instruction ID: 53013ed565374d5dcda911e4ac152479f37fb32911a30cef1b4b56e30a7091b3
                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                    • Instruction Fuzzy Hash: 8ED09235212E80CFD61E8B0CC5A4B1533A4BB49B44F810591E401CBB22E728E990CA01
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                    • Instruction ID: 5c7d0ddaebcec4dd730b4e313efcbfb95a6b0ebd7f4687287f63509ba83339c3
                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                    • Instruction Fuzzy Hash: 7CC012322A0648AFC716AE99CD01F027BA9EBACB50F000022F2048B670C635E821EA84
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                    • Instruction ID: c887acd6cc7b9378af60930eb8cacb3fd45123eedcb3b6912c40b39870493e9b
                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                    • Instruction Fuzzy Hash: 81D01236100248EFCB05DF45C890D9A776AFBD8710F108019FD19077108B31ED62DA50
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                    • Instruction ID: 2be73dc913ba6efa185504d2621d38c23c5d86030fc09917750c9bcdb8851c32
                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                    • Instruction Fuzzy Hash: 05C04C797115458FCF19DB19D294F4977E4F744754F554890E805CB726E724E811CA10
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e55826096a860d0451678575cadaa51647d8c7cf9fb705641c3031003bf8495d
                    • Instruction ID: 92c08792385d6606538c9ecd09df0ae8baf9cf6707b172cbed1785025db76160
                    • Opcode Fuzzy Hash: e55826096a860d0451678575cadaa51647d8c7cf9fb705641c3031003bf8495d
                    • Instruction Fuzzy Hash: 2C9002716059001291447158498454A4009A7E0301B55C011E4425554CCB158A665361
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 507bf84aa05c2a3af2d7a7bdccb56af74345c8cdc1330a53936d8385c073dae1
                    • Instruction ID: 37530e721cccc9e516a7d33fffa01b138595e4681195c92690da2ce97c07ed8d
                    • Opcode Fuzzy Hash: 507bf84aa05c2a3af2d7a7bdccb56af74345c8cdc1330a53936d8385c073dae1
                    • Instruction Fuzzy Hash: AE9002A16016004241447158490440A6009A7E1301395C115A4555560CC71989659369
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 413dfc0e2779e06700d30dcc74979bbff315abd7917e676e01fc3a89f7020127
                    • Instruction ID: ff22fbf924ed3328a94445068b589356d82f2651107a383817ff2a024f43bf6a
                    • Opcode Fuzzy Hash: 413dfc0e2779e06700d30dcc74979bbff315abd7917e676e01fc3a89f7020127
                    • Instruction Fuzzy Hash: 0790027120150802D1087158490468A000997D0301F55C011AA025655ED76689A17231
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 543bc13322e4a311ea0ef5f1604fdcccca63e862db86f319cc41773074d905f0
                    • Instruction ID: af5edcec478ddaae847f07f175549355425201b14bbd45d51baac62a417fa0b7
                    • Opcode Fuzzy Hash: 543bc13322e4a311ea0ef5f1604fdcccca63e862db86f319cc41773074d905f0
                    • Instruction Fuzzy Hash: D190027160550802D1547158451474A000997D0301F55C011A4025654DC7568B6577A1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: db788e6666059082c519ba7a33846708609c823443010d6fa065b605aaf856fd
                    • Instruction ID: 4885f2e8ff052a71de07e8439c21f405f82ec21eefdaaf047fb025a9360e37cc
                    • Opcode Fuzzy Hash: db788e6666059082c519ba7a33846708609c823443010d6fa065b605aaf856fd
                    • Instruction Fuzzy Hash: 6890027120150802D1847158450464E000997D1301F95C015A4026654DCB168B6977A1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b10931faed86225c7c07a7ec0386d77eabb9a7651da588ff27311fdd4d926efe
                    • Instruction ID: 0b3c9430f522c7d3db4d0776a6b33b99dbaeff0715cfba32faf9f8d3c17671ed
                    • Opcode Fuzzy Hash: b10931faed86225c7c07a7ec0386d77eabb9a7651da588ff27311fdd4d926efe
                    • Instruction Fuzzy Hash: 7F90027120554842D14471584504A4A001997D0305F55C011A4065694DD7268E65B761
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dd46f6ec8684eb8a822ba97573cbc0db80b1a914f274b5ba8c266da19cda8bef
                    • Instruction ID: 1b5159e1896cd99c77bba3f3307aa9ae3ecafdf711a1ec49edc9f8905d5a7129
                    • Opcode Fuzzy Hash: dd46f6ec8684eb8a822ba97573cbc0db80b1a914f274b5ba8c266da19cda8bef
                    • Instruction Fuzzy Hash: 9B9002E1201640924504B2588504B0E450997E0201B55C016E5055560CC62689619235
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6858df91d61c516688a0c7b116ed58c49edce2e8baf3291b7917b9aa737ca98a
                    • Instruction ID: a5a2e1f6880cb7a99318d8c739d745d448771f07a797a6835b63ad42e02aea71
                    • Opcode Fuzzy Hash: 6858df91d61c516688a0c7b116ed58c49edce2e8baf3291b7917b9aa737ca98a
                    • Instruction Fuzzy Hash: 6F90047531150003010DF55C070450F004FD7D5351355C031F5017550CD733CD715331
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d7633bf9301f048a90a7779e7f400ab7ca77642f26cc0e1d0db43e557e3c2e17
                    • Instruction ID: 1e8a94a22e36161a4bd0006ba0c4872cecf9edb1b1a5153ecbd08690fd0d3373
                    • Opcode Fuzzy Hash: d7633bf9301f048a90a7779e7f400ab7ca77642f26cc0e1d0db43e557e3c2e17
                    • Instruction Fuzzy Hash: 38900265221500020149B558070450F0449A7D6351395C015F5417590CC72289755321
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8e6687b8c0a8c69f9c1415c401d40f9dbc1a8b186d9c7c2a68eeba5fb52a5fd5
                    • Instruction ID: 55f33203e88252cb18534c3618ee2b1f7d834b744ad5161ff3206b0dedb7521e
                    • Opcode Fuzzy Hash: 8e6687b8c0a8c69f9c1415c401d40f9dbc1a8b186d9c7c2a68eeba5fb52a5fd5
                    • Instruction Fuzzy Hash: 3290026921350002D1847158550860E000997D1202F95D415A4016558CCA1689795321
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8eaa36c275afd554952a1f3906bb25aaebd88f5034522a820b47b1b29cc5e645
                    • Instruction ID: a261f2c7ae6a712e24c0037132a7510654cdec105907a0ea3273f48109e7ffb7
                    • Opcode Fuzzy Hash: 8eaa36c275afd554952a1f3906bb25aaebd88f5034522a820b47b1b29cc5e645
                    • Instruction Fuzzy Hash: 0490026120554442D10475585508A0A000997D0205F55D011A5065595DC7368961A231
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a0df8ae1879e38db33b5365ca3c908cf9462e7476186abfa2f7e00460a334f6d
                    • Instruction ID: c51a72dec1685634668a4afe3404048e02342b9164dea6ae2b79268c45947e7b
                    • Opcode Fuzzy Hash: a0df8ae1879e38db33b5365ca3c908cf9462e7476186abfa2f7e00460a334f6d
                    • Instruction Fuzzy Hash: C090026130150003D1447158551860A4009E7E1301F55D011E4415554CDA1689665322
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b2a3718b984372f8a00657a9b1850c21f6897ff8800a774e6d093564ce7b0d1e
                    • Instruction ID: 9c8f45b9c5fdd767f5ebd7787c1eb883ecbb2e740875b6fb433013d8ff554e89
                    • Opcode Fuzzy Hash: b2a3718b984372f8a00657a9b1850c21f6897ff8800a774e6d093564ce7b0d1e
                    • Instruction Fuzzy Hash: B390027124150402D1457158450460A000DA7D0241F95C012A4425554EC7568B66AB61
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a90ae5bb05dc291c80542ea03cab8a1c4784f5411016f42839f62adb4c8db6d6
                    • Instruction ID: f8ed9c147fa4fecb6f1451288f05775c686514a03478a1afdf2741ebb7d02498
                    • Opcode Fuzzy Hash: a90ae5bb05dc291c80542ea03cab8a1c4784f5411016f42839f62adb4c8db6d6
                    • Instruction Fuzzy Hash: 3A900261242541525549B158450450B400AA7E0241795C012A5415950CC6279966D721
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 54f9803b5c4883cc6560916d5fc663335987c8e8b1847d1d2ad96e34c04308c2
                    • Instruction ID: 3f74932a65e2ee9529af7ea4c5a7044e1f64862cf8c5f7134f59d3d17ba7c33d
                    • Opcode Fuzzy Hash: 54f9803b5c4883cc6560916d5fc663335987c8e8b1847d1d2ad96e34c04308c2
                    • Instruction Fuzzy Hash: 9D90027120150842D10471584504B4A000997E0301F55C016A4125654DC716C9617621
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cee46d3f416f44c4c796e4b1611492a6e67be882ae8a7dcaaa5139e5ea369dad
                    • Instruction ID: cfa12ccd12667aa9d31d85e131434d7e98c4901369631afdf787a61bb4fb1cf8
                    • Opcode Fuzzy Hash: cee46d3f416f44c4c796e4b1611492a6e67be882ae8a7dcaaa5139e5ea369dad
                    • Instruction Fuzzy Hash: 2290027120150402D1047598550864A000997E0301F55D011A9025555EC76689A16231
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 160f37890667e068e0c39ad21699f25a996d3e2521f515c0ee823e726949f63f
                    • Instruction ID: 344aa7afc7b922d380821b86613c8b5d2861bbb38dee383c6a17561300ffad0f
                    • Opcode Fuzzy Hash: 160f37890667e068e0c39ad21699f25a996d3e2521f515c0ee823e726949f63f
                    • Instruction Fuzzy Hash: 0590026160550402D1447158551870A001997D0201F55D011A4025554DC75A8B6567A1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e5eb81978b5634413dd70bfb74c9c031066bcf553c76dd190ace2be68d68cb01
                    • Instruction ID: db009562afec959222618a8bd3a8e12347ea21777faeb5e6d6c6c6d070b91584
                    • Opcode Fuzzy Hash: e5eb81978b5634413dd70bfb74c9c031066bcf553c76dd190ace2be68d68cb01
                    • Instruction Fuzzy Hash: 3A90027120150403D1047158560870B000997D0201F55D411A4425558DD75789616221
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3de7ee01ccd077faf19a7353b3ace0ba5ede3b8b36819bae5428a9e66716f312
                    • Instruction ID: f615ebd6f2ff3c1fdfdfb120cc8fa3859ca5913ba11b0e63252a5cf5818397f9
                    • Opcode Fuzzy Hash: 3de7ee01ccd077faf19a7353b3ace0ba5ede3b8b36819bae5428a9e66716f312
                    • Instruction Fuzzy Hash: 059002A134150442D10471584514B0A0009D7E1301F55C015E5065554DC71ACD626226
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 08c703cc9db10e0c66c42755a61386bcdbcbf0bd63819440a754fcb2980f4252
                    • Instruction ID: 26e5984b386a0356f9a177d928581a71e4014eb1b8bab8d3a8861994c95c9c49
                    • Opcode Fuzzy Hash: 08c703cc9db10e0c66c42755a61386bcdbcbf0bd63819440a754fcb2980f4252
                    • Instruction Fuzzy Hash: 6B9002A121150042D1087158450470A004997E1201F55C012A6155554CC62A8D715225
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0af298cc95694654d8374b0b172c9b638cb234f8ea71e74a8dd56b4c46a982f8
                    • Instruction ID: e3a75406ecbab3ca2e26b0ac9915f90765299e25479bd7a225e2b10b38a45091
                    • Opcode Fuzzy Hash: 0af298cc95694654d8374b0b172c9b638cb234f8ea71e74a8dd56b4c46a982f8
                    • Instruction Fuzzy Hash: 6090027120190402D1047158491470F000997D0302F55C011A5165555DC72689616671
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b8348279455109b35a15913706fea4387eefd392d3a773fa9426a33d9dfdd49d
                    • Instruction ID: b695e5d59af49ddf67d13b72c2ef37ef66a241ed499c68a76f87bc665412f781
                    • Opcode Fuzzy Hash: b8348279455109b35a15913706fea4387eefd392d3a773fa9426a33d9dfdd49d
                    • Instruction Fuzzy Hash: 669002616015004241447168894490A4009BBE1211755C121A4999550DC65A89755765
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bb4e9617af7c348a6065e91f8a2f344c473e4f23e899f8318caf066d7772b911
                    • Instruction ID: 5e1ba4814d8444c382812b09c993e5e3809879a3c93a9396e1aefafeb9785f38
                    • Opcode Fuzzy Hash: bb4e9617af7c348a6065e91f8a2f344c473e4f23e899f8318caf066d7772b911
                    • Instruction Fuzzy Hash: 1790027120190402D1047158490874B000997D0302F55C011A9165555EC766C9A16631
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4a2b7e7802fafd8169a0c7b043116208ee6b25ac20ff7e75f28c6c2b58a3e32e
                    • Instruction ID: 76c7bf8267f5751c9158e95c39cc52af74195ff0cf910393158d638744037508
                    • Opcode Fuzzy Hash: 4a2b7e7802fafd8169a0c7b043116208ee6b25ac20ff7e75f28c6c2b58a3e32e
                    • Instruction Fuzzy Hash: 00900261211D0042D20475684D14B0B000997D0303F55C115A4155554CCA1689715621
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6937673d12d2f8895191f2b75b5bf359537408c22b0895bb04dc86b0dc751074
                    • Instruction ID: e4ca0c6698d7e2af4440caf9828863a43c2bbc06c2ce16bf8c88c6732e50d678
                    • Opcode Fuzzy Hash: 6937673d12d2f8895191f2b75b5bf359537408c22b0895bb04dc86b0dc751074
                    • Instruction Fuzzy Hash: 1390026130150402D1067158451460A000DD7D1345F95C012E5425555DC7268A63A232
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d5d3eafca447cdc20c69916fe634dc9ae8907a7e1070f57bb45703a841e950ca
                    • Instruction ID: 1ab9a44952bef23aebeb2198e35de534d2cf9f24113d64324be2e24ddd28a089
                    • Opcode Fuzzy Hash: d5d3eafca447cdc20c69916fe634dc9ae8907a7e1070f57bb45703a841e950ca
                    • Instruction Fuzzy Hash: 7990026160150502D1057158450461A000E97D0241F95C022A5025555ECB268AA2A231
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bd6caa0c0339d5d5a4d8637d91a9180441ae7c16edd6a6b06a878ac24506d242
                    • Instruction ID: 3f8d84effba803332ae3bd6afadc6c20551e6a172143f78b0cb7392eb6d298a5
                    • Opcode Fuzzy Hash: bd6caa0c0339d5d5a4d8637d91a9180441ae7c16edd6a6b06a878ac24506d242
                    • Instruction Fuzzy Hash: 7C9002B120150402D1447158450474A000997D0301F55C011A9065554EC75A8EE56765
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5e92b1734487212cc7da59e8d91d00a6dd33504a9dd20eccd18961ae7d0deb56
                    • Instruction ID: a807827ea5700e584326d54a04eda36bf403520c9b8fbd706541630efac30b98
                    • Opcode Fuzzy Hash: 5e92b1734487212cc7da59e8d91d00a6dd33504a9dd20eccd18961ae7d0deb56
                    • Instruction Fuzzy Hash: AD9002A120190403D1447558490460B000997D0302F55C011A6065555ECB2A8D616235
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 995a6f5fc849f2cc24b0fafac87f502cf703dcc60141530f239c8c309ccee7ad
                    • Instruction ID: aab35c52b506cf8c65d39bf472200be5830f27fe9aa510a6d9f8ff194b7562ac
                    • Opcode Fuzzy Hash: 995a6f5fc849f2cc24b0fafac87f502cf703dcc60141530f239c8c309ccee7ad
                    • Instruction Fuzzy Hash: 6F90026120194442D14472584904B0F410997E1202F95C019A8157554CCA1689655721
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: afbaf8ece70b81b9132c387e4ea405452c7d485e8e678ab2ed292a88c0b864ac
                    • Instruction ID: 6581c15b0b12c4c49abbb17905edf0eaf589b950c0b37e63b0aa3c10d4c74ea5
                    • Opcode Fuzzy Hash: afbaf8ece70b81b9132c387e4ea405452c7d485e8e678ab2ed292a88c0b864ac
                    • Instruction Fuzzy Hash: 2590026124150802D1447158851470B000AD7D0601F55C011A4025554DC7178A7567B1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 10482a05269f3be36e2de34cbfb580a8ecb2615f334e13a34e2f4cd9aa604ad6
                    • Instruction ID: 185202d98fdbabedb432d83a6610bcfd2cbd799395542cd72d877fd8f1e6ed27
                    • Opcode Fuzzy Hash: 10482a05269f3be36e2de34cbfb580a8ecb2615f334e13a34e2f4cd9aa604ad6
                    • Instruction Fuzzy Hash: 0690026124555102D154715C450461A4009B7E0201F55C021A4815594DC65689656321
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: afe16934de6018057b1d5372fc211acbd1128b9bbf4c2ff362b436db503e29a3
                    • Instruction ID: a190ea88a47aa0f0d61ed2ffcf02f67bd27ffa5a4799b0d9b4ae175dd97ccf3a
                    • Opcode Fuzzy Hash: afe16934de6018057b1d5372fc211acbd1128b9bbf4c2ff362b436db503e29a3
                    • Instruction Fuzzy Hash: 1C90027120250142954472585904A4E410997E1302B95D415A4016554CCA1589715321
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 20a04954b0b1b8cef82c0cca22ee14ee811ddb64d44889c1d1549816bbb13303
                    • Instruction ID: 5c8979d2ccb5a69ee405c57e4e1c0949f6deb4fd2743c0a02cc32f36964a4eae
                    • Opcode Fuzzy Hash: 20a04954b0b1b8cef82c0cca22ee14ee811ddb64d44889c1d1549816bbb13303
                    • Instruction Fuzzy Hash: A890027520150402D5147158590464A004A97D0301F55D411A4425558DC75589B1A221
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                    • Instruction ID: 77062b74d4dc7a489741dfeced9d617147566824fc21923995049fbefe02ff05
                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                    • Instruction Fuzzy Hash:
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                    • API String ID: 48624451-2108815105
                    • Opcode ID: 28bab979eb9546fbb667d578e0686619cd40fe57a58f0fbb81bb939fdcbf73ea
                    • Instruction ID: 7094e6baaaf31043c16ae7ba20fbf51b85c229c53f20d3cb6c6668e157cea3ee
                    • Opcode Fuzzy Hash: 28bab979eb9546fbb667d578e0686619cd40fe57a58f0fbb81bb939fdcbf73ea
                    • Instruction Fuzzy Hash: C751E6B6A04116EFCB59DB9C899097EFBF8BB08244714C12AF8B5D7641E374DE508BA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                    • API String ID: 48624451-2108815105
                    • Opcode ID: 80a269f427a4c4bebbae369fe4f876779ecf87d57512c94b96ed7ee988152f29
                    • Instruction ID: 4962ffdfa3a5e950f48f101f6035ce07fdde549bf8fb735b49b081b968394f44
                    • Opcode Fuzzy Hash: 80a269f427a4c4bebbae369fe4f876779ecf87d57512c94b96ed7ee988152f29
                    • Instruction Fuzzy Hash: EF510775A00645AFCB39DF9CC8909BFFBF8EB68604B04845EE496D7681E7B4DA00C760
                    Strings
                    • ExecuteOptions, xrefs: 011846A0
                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01184742
                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01184725
                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 01184787
                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011846FC
                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01184655
                    • Execute=1, xrefs: 01184713
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                    • API String ID: 0-484625025
                    • Opcode ID: 3260575790b8be8008eb001af478af58d49b1bde5f671be675b218a0d55ca96c
                    • Instruction ID: 015e8402014db4257767a5bfd377175e3b3212813b58c56944d56ea466bf8a96
                    • Opcode Fuzzy Hash: 3260575790b8be8008eb001af478af58d49b1bde5f671be675b218a0d55ca96c
                    • Instruction Fuzzy Hash: 0A514B31A0021ABBFF2DEBA9EC99FAD77B9EF14704F040099D605AB1C1DB709A418F51
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: __aulldvrm
                    • String ID: +$-$0$0
                    • API String ID: 1302938615-699404926
                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                    • Instruction ID: 8fdf0b5202b7dda7da6ae8ee1bbbe6158207376da38c583602b52ac17e136510
                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                    • Instruction Fuzzy Hash: 7F819E70E09649DEEFAD8E6CC8917FEBBA3AF45320F184159DC71A72D1C73498408B69
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: %%%u$[$]:%u
                    • API String ID: 48624451-2819853543
                    • Opcode ID: 473cfa402010828cb2889459e3d7ba88a1481c4ada55364fb6984e1aeaddc5b4
                    • Instruction ID: e9094ccc965acb03d6966a6211f7b36799b40d426106aa1ab8b3ca6524e89431
                    • Opcode Fuzzy Hash: 473cfa402010828cb2889459e3d7ba88a1481c4ada55364fb6984e1aeaddc5b4
                    • Instruction Fuzzy Hash: 2A21777AE00119ABDB19DF79DC40AFEBBF8EFA4A44F04011AED15D3240E771D9018BA1
                    Strings
                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011802BD
                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011802E7
                    • RTL: Re-Waiting, xrefs: 0118031E
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                    • API String ID: 0-2474120054
                    • Opcode ID: 0510b12f5fbb482eaa2a0ab795006e96ade95b4b9e5e098fcbf25be59af009da
                    • Instruction ID: 72c791cef63d21f8b8028aaa83937401a4c40e366569862693f25b96a7e3b515
                    • Opcode Fuzzy Hash: 0510b12f5fbb482eaa2a0ab795006e96ade95b4b9e5e098fcbf25be59af009da
                    • Instruction Fuzzy Hash: FFE19E70A087469FD72DDF28C884B2ABBE1BB88314F144A5DF5A58B2E1D774D845CB43
                    Strings
                    • RTL: Resource at %p, xrefs: 01187B8E
                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01187B7F
                    • RTL: Re-Waiting, xrefs: 01187BAC
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                    • API String ID: 0-871070163
                    • Opcode ID: 34ae2bb837065a887f37c6a28844a41db662a7c75adf4bc58e3678677660c5ae
                    • Instruction ID: 68e5fb449c3bc961312b56841d0ec6fd75d7e9aefbebd4f46276dabea795b57f
                    • Opcode Fuzzy Hash: 34ae2bb837065a887f37c6a28844a41db662a7c75adf4bc58e3678677660c5ae
                    • Instruction Fuzzy Hash: 8541F6353057029FD728DE29C840B6AB7E5EF94B10F100A1DFA9ADB680D731E8058F96
                    APIs
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0118728C
                    Strings
                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01187294
                    • RTL: Resource at %p, xrefs: 011872A3
                    • RTL: Re-Waiting, xrefs: 011872C1
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                    • API String ID: 885266447-605551621
                    • Opcode ID: e15adce722aab2f41a3620d3e78b46bf631daeb74b49faa1578331635f178827
                    • Instruction ID: cff1f52c6011afc80762ef8819b491133c156157223ccc58ffa8a015fa7c860e
                    • Opcode Fuzzy Hash: e15adce722aab2f41a3620d3e78b46bf631daeb74b49faa1578331635f178827
                    • Instruction Fuzzy Hash: 9E413531704202ABC718DE29CC41B66BBA5FF54714F244619F995DB680DB30E842CBD1
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: ___swprintf_l
                    • String ID: %%%u$]:%u
                    • API String ID: 48624451-3050659472
                    • Opcode ID: 85b0a001f1650a5112a85ff69777e9c72c41eff187cbc4c8c9f1fcb5bd812089
                    • Instruction ID: 0d4600470a4c701a55dc38ff6ca971ad8be7b738369fae457717f13afce40e5e
                    • Opcode Fuzzy Hash: 85b0a001f1650a5112a85ff69777e9c72c41eff187cbc4c8c9f1fcb5bd812089
                    • Instruction Fuzzy Hash: 91319A72A001199FDB24DF2DCC40BEEB7F8FF58610F44059AE949D3140EB309A548B60
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: __aulldvrm
                    • String ID: +$-
                    • API String ID: 1302938615-2137968064
                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                    • Instruction ID: 5a64cdd0b6003b9d240749848ae3f0afd7f73d0bfb603de1de26c569fad14b6c
                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                    • Instruction Fuzzy Hash: 6E91B271E00216DFEBACDF6DC8826BEBBA5EF44320F94451AED75A72C0D73089418752
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID:
                    • String ID: $$@
                    • API String ID: 0-1194432280
                    • Opcode ID: 5fc0abd0608e23522fc89673ac5852d7c157e6d5a41e47f0f2d69d6aba86f15c
                    • Instruction ID: 011b887749d82ecaba7eb643440b52c1dbb8140952e8294141f708ddcbaa0e49
                    • Opcode Fuzzy Hash: 5fc0abd0608e23522fc89673ac5852d7c157e6d5a41e47f0f2d69d6aba86f15c
                    • Instruction Fuzzy Hash: 66811C71D002699BDB39DB54CC44BEEBBB8AF48754F0041EAEA19B7280D7705E85CFA1
                    APIs
                    • @_EH4_CallFilterFunc@8.LIBCMT ref: 0119CFBD
                    Strings
                    Memory Dump Source
                    • Source File: 00000003.00000002.1911860198.00000000010E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_3_2_10e0000_wOBmA8bj8d.jbxd
                    Similarity
                    • API ID: CallFilterFunc@8
                    • String ID: @$@4rw@4rw
                    • API String ID: 4062629308-2979693914
                    • Opcode ID: 3621afe2083098292d7458188854902059026c368f27a28a60bd6ca9987e74b5
                    • Instruction ID: f7f09a36b346ced8f3abcfb2d7e7a72553196d63191fa89ab8b49da27ff70cc4
                    • Opcode Fuzzy Hash: 3621afe2083098292d7458188854902059026c368f27a28a60bd6ca9987e74b5
                    • Instruction Fuzzy Hash: 6841B275900225DFCF2ADFEAD840AADBBB8FF54B14F04412AEA25DB255D734D801CB61