Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4N4nldx1wW.exe

Overview

General Information

Sample name:4N4nldx1wW.exe
renamed because original name is a hash value
Original sample name:9d4e4cb20e3f583a570e84cb53ce9e6ddbdc2920ec1286b45fc75e45f59fedeb.exe
Analysis ID:1588606
MD5:7ca54c459c8a04446a34c74071c0220a
SHA1:88dbf3f1b1deb41e36001def7642a76e17f421f4
SHA256:9d4e4cb20e3f583a570e84cb53ce9e6ddbdc2920ec1286b45fc75e45f59fedeb
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 4N4nldx1wW.exe (PID: 7808 cmdline: "C:\Users\user\Desktop\4N4nldx1wW.exe" MD5: 7CA54C459C8A04446A34C74071C0220A)
    • 4N4nldx1wW.exe (PID: 7892 cmdline: "C:\Users\user\Desktop\4N4nldx1wW.exe" MD5: 7CA54C459C8A04446A34C74071C0220A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1346328879.0000000005450000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.1964717720.0000000000880000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Process Memory Space: 4N4nldx1wW.exe PID: 7808JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.4N4nldx1wW.exe.730000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.4N4nldx1wW.exe.730000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                0.2.4N4nldx1wW.exe.5450000.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: 4N4nldx1wW.exeReversingLabs: Detection: 55%
                  Source: 4N4nldx1wW.exeVirustotal: Detection: 45%Perma Link
                  Yara detected FormBook
                  Source: Yara matchFile source: 2.2.4N4nldx1wW.exe.730000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.4N4nldx1wW.exe.730000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1964717720.0000000000880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: 4N4nldx1wW.exeJoe Sandbox ML: detected
                  Source: 4N4nldx1wW.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 4N4nldx1wW.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 4N4nldx1wW.exe, 00000000.00000002.1347813849.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003B25000.00000004.00000800.00020000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: 4N4nldx1wW.exe, 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 4N4nldx1wW.exe, 00000000.00000002.1347813849.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003B25000.00000004.00000800.00020000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: 4N4nldx1wW.exe, 4N4nldx1wW.exe, 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmp
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003B25000.00000004.00000800.00020000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354

                  E-Banking Fraud

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 2.2.4N4nldx1wW.exe.730000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.4N4nldx1wW.exe.730000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1964717720.0000000000880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0075CAC3 NtClose,2_2_0075CAC3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82B60 NtClose,LdrInitializeThunk,2_2_00E82B60
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_00E82C70
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_00E82DF0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E835C0 NtCreateMutant,LdrInitializeThunk,2_2_00E835C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E84340 NtSetContextThread,2_2_00E84340
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E84650 NtSuspendThread,2_2_00E84650
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82AF0 NtWriteFile,2_2_00E82AF0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82AD0 NtReadFile,2_2_00E82AD0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82AB0 NtWaitForSingleObject,2_2_00E82AB0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82BE0 NtQueryValueKey,2_2_00E82BE0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82BF0 NtAllocateVirtualMemory,2_2_00E82BF0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82BA0 NtEnumerateValueKey,2_2_00E82BA0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82B80 NtQueryInformationFile,2_2_00E82B80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82CF0 NtOpenProcess,2_2_00E82CF0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82CC0 NtQueryVirtualMemory,2_2_00E82CC0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82CA0 NtQueryInformationToken,2_2_00E82CA0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82C60 NtCreateKey,2_2_00E82C60
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82C00 NtQueryInformationProcess,2_2_00E82C00
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82DD0 NtDelayExecution,2_2_00E82DD0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82DB0 NtEnumerateKey,2_2_00E82DB0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82D30 NtUnmapViewOfSection,2_2_00E82D30
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82D00 NtSetInformationFile,2_2_00E82D00
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82D10 NtMapViewOfSection,2_2_00E82D10
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82EE0 NtQueueApcThread,2_2_00E82EE0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82EA0 NtAdjustPrivilegesToken,2_2_00E82EA0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82E80 NtReadVirtualMemory,2_2_00E82E80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82E30 NtWriteVirtualMemory,2_2_00E82E30
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82FE0 NtCreateFile,2_2_00E82FE0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82FA0 NtQuerySection,2_2_00E82FA0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82FB0 NtResumeThread,2_2_00E82FB0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82F90 NtProtectVirtualMemory,2_2_00E82F90
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82F60 NtCreateProcessEx,2_2_00E82F60
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82F30 NtCreateSection,2_2_00E82F30
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E83090 NtSetValueKey,2_2_00E83090
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E83010 NtOpenDirectoryObject,2_2_00E83010
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E839B0 NtGetContextThread,2_2_00E839B0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E83D70 NtOpenThread,2_2_00E83D70
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E83D10 NtOpenProcessToken,2_2_00E83D10
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 0_2_00D4D1D00_2_00D4D1D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 0_2_00D4BEE80_2_00D4BEE8
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 0_2_00D487F00_2_00D487F0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 0_2_00D47E580_2_00D47E58
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 0_2_00D47E480_2_00D47E48
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 0_2_05DAEA980_2_05DAEA98
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 0_2_05D900400_2_05D90040
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 0_2_05D900070_2_05D90007
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0075F0E32_2_0075F0E3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0074017A2_2_0074017A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007331302_2_00733130
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007329802_2_00732980
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007401832_2_00740183
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007313602_2_00731360
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00746BA12_2_00746BA1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00746BA32_2_00746BA3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007403A32_2_007403A3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0073E3832_2_0073E383
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00732CE02_2_00732CE0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0073E4D32_2_0073E4D3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0073E4D52_2_0073E4D5
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00732CDA2_2_00732CDA
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007344CB2_2_007344CB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0073E51C2_2_0073E51C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007326202_2_00732620
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0073261D2_2_0073261D
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE20002_2_00EE2000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F081CC2_2_00F081CC
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F041A22_2_00F041A2
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F101AA2_2_00F101AA
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED81582_2_00ED8158
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E401002_2_00E40100
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEA1182_2_00EEA118
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED02C02_2_00ED02C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF02742_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5E3F02_2_00E5E3F0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F103E62_2_00F103E6
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0A3522_2_00F0A352
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFE4F62_2_00EFE4F6
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F024462_2_00F02446
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF44202_2_00EF4420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F105912_2_00F10591
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E505352_2_00E50535
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6C6E02_2_00E6C6E0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4C7C02_2_00E4C7C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E507702_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E747502_2_00E74750
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E8F02_2_00E7E8F0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E368B82_2_00E368B8
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5A8402_2_00E5A840
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E528402_2_00E52840
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A02_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F1A9A62_2_00F1A9A6
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E669622_2_00E66962
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA802_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F06BD72_2_00F06BD7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0AB402_2_00F0AB40
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E40CF22_2_00E40CF2
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0CB52_2_00EF0CB5
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50C002_2_00E50C00
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4ADE02_2_00E4ADE0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E68DBF2_2_00E68DBF
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5AD002_2_00E5AD00
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EECD1F2_2_00EECD1F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0EEDB2_2_00F0EEDB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0CE932_2_00F0CE93
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E62E902_2_00E62E90
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50E592_2_00E50E59
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0EE262_2_00F0EE26
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5CFE02_2_00E5CFE0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E42FC82_2_00E42FC8
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECEFA02_2_00ECEFA0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC4F402_2_00EC4F40
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E92F282_2_00E92F28
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E70F302_2_00E70F30
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF2F302_2_00EF2F30
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0F0E02_2_00F0F0E0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F070E92_2_00F070E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFF0CC2_2_00EFF0CC
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E570C02_2_00E570C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5B1B02_2_00E5B1B0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E8516C2_2_00E8516C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3F1722_2_00E3F172
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F1B16B2_2_00F1B16B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF12ED2_2_00EF12ED
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6B2C02_2_00E6B2C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E552A02_2_00E552A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E9739A2_2_00E9739A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3D34C2_2_00E3D34C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0132D2_2_00F0132D
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E414602_2_00E41460
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0F43F2_2_00F0F43F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F195C32_2_00F195C3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EED5B02_2_00EED5B0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F075712_2_00F07571
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F016CC2_2_00F016CC
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E956302_2_00E95630
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E417EC2_2_00E417EC
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0F7B02_2_00F0F7B0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E538E02_2_00E538E0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBD8002_2_00EBD800
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E599502_2_00E59950
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6B9502_2_00E6B950
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE59102_2_00EE5910
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFDAC62_2_00EFDAC6
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEDAAC2_2_00EEDAAC
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E95AA02_2_00E95AA0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF1AA32_2_00EF1AA3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC3A6C2_2_00EC3A6C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F07A462_2_00F07A46
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0FA492_2_00F0FA49
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E8DBF92_2_00E8DBF9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC5BF02_2_00EC5BF0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6FB802_2_00E6FB80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0FB762_2_00F0FB76
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0FCF22_2_00F0FCF2
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC9C322_2_00EC9C32
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6FDC02_2_00E6FDC0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F07D732_2_00F07D73
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E53D402_2_00E53D40
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F01D5A2_2_00F01D5A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E59EB02_2_00E59EB0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E13FD22_2_00E13FD2
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E13FD52_2_00E13FD5
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0FFB12_2_00F0FFB1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E51F922_2_00E51F92
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0FF092_2_00F0FF09
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: String function: 00EBEA12 appears 86 times
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: String function: 00E85130 appears 58 times
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: String function: 00ECF290 appears 105 times
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: String function: 00E3B970 appears 283 times
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: String function: 00E97E54 appears 109 times
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1328600582.0000000000D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1344872936.00000000050A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDcoynqo.dll" vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1347813849.00000000055D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003B25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003B25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exe, 00000000.00000000.1308257548.00000000004C2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVrjuvaicajo.exe8 vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exe, 00000002.00000002.1965097852.0000000000F3D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exeBinary or memory string: OriginalFilenameVrjuvaicajo.exe8 vs 4N4nldx1wW.exe
                  Source: 4N4nldx1wW.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: classification engineClassification label: mal80.troj.evad.winEXE@3/0@0/0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeMutant created: NULL
                  Source: 4N4nldx1wW.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 4N4nldx1wW.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: 4N4nldx1wW.exeReversingLabs: Detection: 55%
                  Source: 4N4nldx1wW.exeVirustotal: Detection: 45%
                  Source: unknownProcess created: C:\Users\user\Desktop\4N4nldx1wW.exe "C:\Users\user\Desktop\4N4nldx1wW.exe"
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess created: C:\Users\user\Desktop\4N4nldx1wW.exe "C:\Users\user\Desktop\4N4nldx1wW.exe"
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess created: C:\Users\user\Desktop\4N4nldx1wW.exe "C:\Users\user\Desktop\4N4nldx1wW.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: 4N4nldx1wW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: 4N4nldx1wW.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: 4N4nldx1wW.exeStatic file information: File size 2089984 > 1048576
                  Source: 4N4nldx1wW.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1fda00
                  Source: 4N4nldx1wW.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 4N4nldx1wW.exe, 00000000.00000002.1347813849.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003B25000.00000004.00000800.00020000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: 4N4nldx1wW.exe, 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 4N4nldx1wW.exe, 00000000.00000002.1347813849.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003B25000.00000004.00000800.00020000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: 4N4nldx1wW.exe, 4N4nldx1wW.exe, 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 0.2.4N4nldx1wW.exe.5450000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1346328879.0000000005450000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: 4N4nldx1wW.exe PID: 7808, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 0_2_05D93DFC push ss; ret 0_2_05D93DFD
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007468E0 push edx; ret 2_2_0074693F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007468E3 push edx; ret 2_2_0074693F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007359ED push ebx; retf 2_2_007359F1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00752A82 push esi; ret 2_2_00752A8A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00747372 push ss; retf 2_2_0074740B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0073734F push 652EA1A9h; retf 2_2_00737354
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_007333B0 push eax; ret 2_2_007333B2
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0073D465 push ebx; ret 2_2_0073D473
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0075446D push ebx; iretd 2_2_00754471
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00754533 push FFFFFFBFh; retf 2_2_00754535
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_0074F605 push cs; retf 2_2_0074F610
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00741ECD push es; ret 2_2_00741ED0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E1225F pushad ; ret 2_2_00E127F9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E127FA pushad ; ret 2_2_00E127F9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E1283D push eax; iretd 2_2_00E12858
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E409AD push ecx; mov dword ptr [esp], ecx2_2_00E409B6
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E11368 push eax; iretd 2_2_00E11369
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: 4N4nldx1wW.exe PID: 7808, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeMemory allocated: D40000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeMemory allocated: 2AD0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeMemory allocated: 2810000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E8096E rdtsc 2_2_00E8096E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeAPI coverage: 0.6 %
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exe TID: 7896Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: 4N4nldx1wW.exe, 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E8096E rdtsc 2_2_00E8096E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00747B33 LdrLoadDll,2_2_00747B33
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3A0E3 mov ecx, dword ptr fs:[00000030h]2_2_00E3A0E3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC60E0 mov eax, dword ptr fs:[00000030h]2_2_00EC60E0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E480E9 mov eax, dword ptr fs:[00000030h]2_2_00E480E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3C0F0 mov eax, dword ptr fs:[00000030h]2_2_00E3C0F0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E820F0 mov ecx, dword ptr fs:[00000030h]2_2_00E820F0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC20DE mov eax, dword ptr fs:[00000030h]2_2_00EC20DE
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E380A0 mov eax, dword ptr fs:[00000030h]2_2_00E380A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED80A8 mov eax, dword ptr fs:[00000030h]2_2_00ED80A8
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F060B8 mov eax, dword ptr fs:[00000030h]2_2_00F060B8
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F060B8 mov ecx, dword ptr fs:[00000030h]2_2_00F060B8
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4208A mov eax, dword ptr fs:[00000030h]2_2_00E4208A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6C073 mov eax, dword ptr fs:[00000030h]2_2_00E6C073
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E42050 mov eax, dword ptr fs:[00000030h]2_2_00E42050
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC6050 mov eax, dword ptr fs:[00000030h]2_2_00EC6050
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3A020 mov eax, dword ptr fs:[00000030h]2_2_00E3A020
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3C020 mov eax, dword ptr fs:[00000030h]2_2_00E3C020
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED6030 mov eax, dword ptr fs:[00000030h]2_2_00ED6030
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC4000 mov ecx, dword ptr fs:[00000030h]2_2_00EC4000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE2000 mov eax, dword ptr fs:[00000030h]2_2_00EE2000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE2000 mov eax, dword ptr fs:[00000030h]2_2_00EE2000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE2000 mov eax, dword ptr fs:[00000030h]2_2_00EE2000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE2000 mov eax, dword ptr fs:[00000030h]2_2_00EE2000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE2000 mov eax, dword ptr fs:[00000030h]2_2_00EE2000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE2000 mov eax, dword ptr fs:[00000030h]2_2_00EE2000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE2000 mov eax, dword ptr fs:[00000030h]2_2_00EE2000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE2000 mov eax, dword ptr fs:[00000030h]2_2_00EE2000
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5E016 mov eax, dword ptr fs:[00000030h]2_2_00E5E016
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5E016 mov eax, dword ptr fs:[00000030h]2_2_00E5E016
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5E016 mov eax, dword ptr fs:[00000030h]2_2_00E5E016
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5E016 mov eax, dword ptr fs:[00000030h]2_2_00E5E016
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F161E5 mov eax, dword ptr fs:[00000030h]2_2_00F161E5
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E701F8 mov eax, dword ptr fs:[00000030h]2_2_00E701F8
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F061C3 mov eax, dword ptr fs:[00000030h]2_2_00F061C3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F061C3 mov eax, dword ptr fs:[00000030h]2_2_00F061C3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE1D0 mov eax, dword ptr fs:[00000030h]2_2_00EBE1D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE1D0 mov eax, dword ptr fs:[00000030h]2_2_00EBE1D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE1D0 mov ecx, dword ptr fs:[00000030h]2_2_00EBE1D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE1D0 mov eax, dword ptr fs:[00000030h]2_2_00EBE1D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE1D0 mov eax, dword ptr fs:[00000030h]2_2_00EBE1D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFC188 mov eax, dword ptr fs:[00000030h]2_2_00EFC188
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFC188 mov eax, dword ptr fs:[00000030h]2_2_00EFC188
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E80185 mov eax, dword ptr fs:[00000030h]2_2_00E80185
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE4180 mov eax, dword ptr fs:[00000030h]2_2_00EE4180
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE4180 mov eax, dword ptr fs:[00000030h]2_2_00EE4180
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC019F mov eax, dword ptr fs:[00000030h]2_2_00EC019F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC019F mov eax, dword ptr fs:[00000030h]2_2_00EC019F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC019F mov eax, dword ptr fs:[00000030h]2_2_00EC019F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC019F mov eax, dword ptr fs:[00000030h]2_2_00EC019F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3A197 mov eax, dword ptr fs:[00000030h]2_2_00E3A197
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3A197 mov eax, dword ptr fs:[00000030h]2_2_00E3A197
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3A197 mov eax, dword ptr fs:[00000030h]2_2_00E3A197
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14164 mov eax, dword ptr fs:[00000030h]2_2_00F14164
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14164 mov eax, dword ptr fs:[00000030h]2_2_00F14164
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED4144 mov eax, dword ptr fs:[00000030h]2_2_00ED4144
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED4144 mov eax, dword ptr fs:[00000030h]2_2_00ED4144
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED4144 mov ecx, dword ptr fs:[00000030h]2_2_00ED4144
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED4144 mov eax, dword ptr fs:[00000030h]2_2_00ED4144
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED4144 mov eax, dword ptr fs:[00000030h]2_2_00ED4144
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46154 mov eax, dword ptr fs:[00000030h]2_2_00E46154
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46154 mov eax, dword ptr fs:[00000030h]2_2_00E46154
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3C156 mov eax, dword ptr fs:[00000030h]2_2_00E3C156
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED8158 mov eax, dword ptr fs:[00000030h]2_2_00ED8158
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E70124 mov eax, dword ptr fs:[00000030h]2_2_00E70124
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov eax, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov ecx, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov eax, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov eax, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov ecx, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov eax, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov eax, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov ecx, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov eax, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE10E mov ecx, dword ptr fs:[00000030h]2_2_00EEE10E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F00115 mov eax, dword ptr fs:[00000030h]2_2_00F00115
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEA118 mov ecx, dword ptr fs:[00000030h]2_2_00EEA118
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEA118 mov eax, dword ptr fs:[00000030h]2_2_00EEA118
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEA118 mov eax, dword ptr fs:[00000030h]2_2_00EEA118
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEA118 mov eax, dword ptr fs:[00000030h]2_2_00EEA118
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E502E1 mov eax, dword ptr fs:[00000030h]2_2_00E502E1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E502E1 mov eax, dword ptr fs:[00000030h]2_2_00E502E1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E502E1 mov eax, dword ptr fs:[00000030h]2_2_00E502E1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A2C3 mov eax, dword ptr fs:[00000030h]2_2_00E4A2C3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A2C3 mov eax, dword ptr fs:[00000030h]2_2_00E4A2C3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A2C3 mov eax, dword ptr fs:[00000030h]2_2_00E4A2C3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A2C3 mov eax, dword ptr fs:[00000030h]2_2_00E4A2C3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A2C3 mov eax, dword ptr fs:[00000030h]2_2_00E4A2C3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F162D6 mov eax, dword ptr fs:[00000030h]2_2_00F162D6
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E502A0 mov eax, dword ptr fs:[00000030h]2_2_00E502A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E502A0 mov eax, dword ptr fs:[00000030h]2_2_00E502A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED62A0 mov eax, dword ptr fs:[00000030h]2_2_00ED62A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED62A0 mov ecx, dword ptr fs:[00000030h]2_2_00ED62A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED62A0 mov eax, dword ptr fs:[00000030h]2_2_00ED62A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED62A0 mov eax, dword ptr fs:[00000030h]2_2_00ED62A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED62A0 mov eax, dword ptr fs:[00000030h]2_2_00ED62A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED62A0 mov eax, dword ptr fs:[00000030h]2_2_00ED62A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E284 mov eax, dword ptr fs:[00000030h]2_2_00E7E284
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E284 mov eax, dword ptr fs:[00000030h]2_2_00E7E284
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC0283 mov eax, dword ptr fs:[00000030h]2_2_00EC0283
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC0283 mov eax, dword ptr fs:[00000030h]2_2_00EC0283
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC0283 mov eax, dword ptr fs:[00000030h]2_2_00EC0283
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E44260 mov eax, dword ptr fs:[00000030h]2_2_00E44260
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E44260 mov eax, dword ptr fs:[00000030h]2_2_00E44260
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E44260 mov eax, dword ptr fs:[00000030h]2_2_00E44260
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3826B mov eax, dword ptr fs:[00000030h]2_2_00E3826B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF0274 mov eax, dword ptr fs:[00000030h]2_2_00EF0274
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F1625D mov eax, dword ptr fs:[00000030h]2_2_00F1625D
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC8243 mov eax, dword ptr fs:[00000030h]2_2_00EC8243
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC8243 mov ecx, dword ptr fs:[00000030h]2_2_00EC8243
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3A250 mov eax, dword ptr fs:[00000030h]2_2_00E3A250
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46259 mov eax, dword ptr fs:[00000030h]2_2_00E46259
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFA250 mov eax, dword ptr fs:[00000030h]2_2_00EFA250
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFA250 mov eax, dword ptr fs:[00000030h]2_2_00EFA250
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3823B mov eax, dword ptr fs:[00000030h]2_2_00E3823B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E503E9 mov eax, dword ptr fs:[00000030h]2_2_00E503E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E503E9 mov eax, dword ptr fs:[00000030h]2_2_00E503E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E503E9 mov eax, dword ptr fs:[00000030h]2_2_00E503E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E503E9 mov eax, dword ptr fs:[00000030h]2_2_00E503E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E503E9 mov eax, dword ptr fs:[00000030h]2_2_00E503E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E503E9 mov eax, dword ptr fs:[00000030h]2_2_00E503E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E503E9 mov eax, dword ptr fs:[00000030h]2_2_00E503E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E503E9 mov eax, dword ptr fs:[00000030h]2_2_00E503E9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5E3F0 mov eax, dword ptr fs:[00000030h]2_2_00E5E3F0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5E3F0 mov eax, dword ptr fs:[00000030h]2_2_00E5E3F0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5E3F0 mov eax, dword ptr fs:[00000030h]2_2_00E5E3F0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E763FF mov eax, dword ptr fs:[00000030h]2_2_00E763FF
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFC3CD mov eax, dword ptr fs:[00000030h]2_2_00EFC3CD
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A3C0 mov eax, dword ptr fs:[00000030h]2_2_00E4A3C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A3C0 mov eax, dword ptr fs:[00000030h]2_2_00E4A3C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A3C0 mov eax, dword ptr fs:[00000030h]2_2_00E4A3C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A3C0 mov eax, dword ptr fs:[00000030h]2_2_00E4A3C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A3C0 mov eax, dword ptr fs:[00000030h]2_2_00E4A3C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A3C0 mov eax, dword ptr fs:[00000030h]2_2_00E4A3C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E483C0 mov eax, dword ptr fs:[00000030h]2_2_00E483C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E483C0 mov eax, dword ptr fs:[00000030h]2_2_00E483C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E483C0 mov eax, dword ptr fs:[00000030h]2_2_00E483C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E483C0 mov eax, dword ptr fs:[00000030h]2_2_00E483C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE3DB mov eax, dword ptr fs:[00000030h]2_2_00EEE3DB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE3DB mov eax, dword ptr fs:[00000030h]2_2_00EEE3DB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE3DB mov ecx, dword ptr fs:[00000030h]2_2_00EEE3DB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEE3DB mov eax, dword ptr fs:[00000030h]2_2_00EEE3DB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE43D4 mov eax, dword ptr fs:[00000030h]2_2_00EE43D4
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE43D4 mov eax, dword ptr fs:[00000030h]2_2_00EE43D4
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6438F mov eax, dword ptr fs:[00000030h]2_2_00E6438F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6438F mov eax, dword ptr fs:[00000030h]2_2_00E6438F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3E388 mov eax, dword ptr fs:[00000030h]2_2_00E3E388
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3E388 mov eax, dword ptr fs:[00000030h]2_2_00E3E388
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3E388 mov eax, dword ptr fs:[00000030h]2_2_00E3E388
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E38397 mov eax, dword ptr fs:[00000030h]2_2_00E38397
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E38397 mov eax, dword ptr fs:[00000030h]2_2_00E38397
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E38397 mov eax, dword ptr fs:[00000030h]2_2_00E38397
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE437C mov eax, dword ptr fs:[00000030h]2_2_00EE437C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0A352 mov eax, dword ptr fs:[00000030h]2_2_00F0A352
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC2349 mov eax, dword ptr fs:[00000030h]2_2_00EC2349
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC035C mov eax, dword ptr fs:[00000030h]2_2_00EC035C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC035C mov eax, dword ptr fs:[00000030h]2_2_00EC035C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC035C mov eax, dword ptr fs:[00000030h]2_2_00EC035C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC035C mov ecx, dword ptr fs:[00000030h]2_2_00EC035C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC035C mov eax, dword ptr fs:[00000030h]2_2_00EC035C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC035C mov eax, dword ptr fs:[00000030h]2_2_00EC035C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE8350 mov ecx, dword ptr fs:[00000030h]2_2_00EE8350
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F1634F mov eax, dword ptr fs:[00000030h]2_2_00F1634F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F18324 mov eax, dword ptr fs:[00000030h]2_2_00F18324
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F18324 mov ecx, dword ptr fs:[00000030h]2_2_00F18324
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F18324 mov eax, dword ptr fs:[00000030h]2_2_00F18324
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F18324 mov eax, dword ptr fs:[00000030h]2_2_00F18324
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A30B mov eax, dword ptr fs:[00000030h]2_2_00E7A30B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A30B mov eax, dword ptr fs:[00000030h]2_2_00E7A30B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A30B mov eax, dword ptr fs:[00000030h]2_2_00E7A30B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3C310 mov ecx, dword ptr fs:[00000030h]2_2_00E3C310
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E60310 mov ecx, dword ptr fs:[00000030h]2_2_00E60310
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E404E5 mov ecx, dword ptr fs:[00000030h]2_2_00E404E5
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E464AB mov eax, dword ptr fs:[00000030h]2_2_00E464AB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E744B0 mov ecx, dword ptr fs:[00000030h]2_2_00E744B0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECA4B0 mov eax, dword ptr fs:[00000030h]2_2_00ECA4B0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFA49A mov eax, dword ptr fs:[00000030h]2_2_00EFA49A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECC460 mov ecx, dword ptr fs:[00000030h]2_2_00ECC460
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6A470 mov eax, dword ptr fs:[00000030h]2_2_00E6A470
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6A470 mov eax, dword ptr fs:[00000030h]2_2_00E6A470
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6A470 mov eax, dword ptr fs:[00000030h]2_2_00E6A470
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E443 mov eax, dword ptr fs:[00000030h]2_2_00E7E443
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E443 mov eax, dword ptr fs:[00000030h]2_2_00E7E443
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E443 mov eax, dword ptr fs:[00000030h]2_2_00E7E443
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E443 mov eax, dword ptr fs:[00000030h]2_2_00E7E443
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E443 mov eax, dword ptr fs:[00000030h]2_2_00E7E443
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E443 mov eax, dword ptr fs:[00000030h]2_2_00E7E443
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E443 mov eax, dword ptr fs:[00000030h]2_2_00E7E443
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E443 mov eax, dword ptr fs:[00000030h]2_2_00E7E443
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EFA456 mov eax, dword ptr fs:[00000030h]2_2_00EFA456
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6245A mov eax, dword ptr fs:[00000030h]2_2_00E6245A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3645D mov eax, dword ptr fs:[00000030h]2_2_00E3645D
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3E420 mov eax, dword ptr fs:[00000030h]2_2_00E3E420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3E420 mov eax, dword ptr fs:[00000030h]2_2_00E3E420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3E420 mov eax, dword ptr fs:[00000030h]2_2_00E3E420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3C427 mov eax, dword ptr fs:[00000030h]2_2_00E3C427
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC6420 mov eax, dword ptr fs:[00000030h]2_2_00EC6420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC6420 mov eax, dword ptr fs:[00000030h]2_2_00EC6420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC6420 mov eax, dword ptr fs:[00000030h]2_2_00EC6420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC6420 mov eax, dword ptr fs:[00000030h]2_2_00EC6420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC6420 mov eax, dword ptr fs:[00000030h]2_2_00EC6420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC6420 mov eax, dword ptr fs:[00000030h]2_2_00EC6420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC6420 mov eax, dword ptr fs:[00000030h]2_2_00EC6420
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A430 mov eax, dword ptr fs:[00000030h]2_2_00E7A430
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E78402 mov eax, dword ptr fs:[00000030h]2_2_00E78402
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E78402 mov eax, dword ptr fs:[00000030h]2_2_00E78402
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E78402 mov eax, dword ptr fs:[00000030h]2_2_00E78402
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E5E7 mov eax, dword ptr fs:[00000030h]2_2_00E6E5E7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E5E7 mov eax, dword ptr fs:[00000030h]2_2_00E6E5E7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E5E7 mov eax, dword ptr fs:[00000030h]2_2_00E6E5E7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E5E7 mov eax, dword ptr fs:[00000030h]2_2_00E6E5E7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E5E7 mov eax, dword ptr fs:[00000030h]2_2_00E6E5E7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E5E7 mov eax, dword ptr fs:[00000030h]2_2_00E6E5E7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E5E7 mov eax, dword ptr fs:[00000030h]2_2_00E6E5E7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E5E7 mov eax, dword ptr fs:[00000030h]2_2_00E6E5E7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E425E0 mov eax, dword ptr fs:[00000030h]2_2_00E425E0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7C5ED mov eax, dword ptr fs:[00000030h]2_2_00E7C5ED
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7C5ED mov eax, dword ptr fs:[00000030h]2_2_00E7C5ED
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E5CF mov eax, dword ptr fs:[00000030h]2_2_00E7E5CF
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E5CF mov eax, dword ptr fs:[00000030h]2_2_00E7E5CF
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E465D0 mov eax, dword ptr fs:[00000030h]2_2_00E465D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A5D0 mov eax, dword ptr fs:[00000030h]2_2_00E7A5D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A5D0 mov eax, dword ptr fs:[00000030h]2_2_00E7A5D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC05A7 mov eax, dword ptr fs:[00000030h]2_2_00EC05A7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC05A7 mov eax, dword ptr fs:[00000030h]2_2_00EC05A7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC05A7 mov eax, dword ptr fs:[00000030h]2_2_00EC05A7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E645B1 mov eax, dword ptr fs:[00000030h]2_2_00E645B1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E645B1 mov eax, dword ptr fs:[00000030h]2_2_00E645B1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E42582 mov eax, dword ptr fs:[00000030h]2_2_00E42582
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E42582 mov ecx, dword ptr fs:[00000030h]2_2_00E42582
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E74588 mov eax, dword ptr fs:[00000030h]2_2_00E74588
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7E59C mov eax, dword ptr fs:[00000030h]2_2_00E7E59C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7656A mov eax, dword ptr fs:[00000030h]2_2_00E7656A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7656A mov eax, dword ptr fs:[00000030h]2_2_00E7656A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7656A mov eax, dword ptr fs:[00000030h]2_2_00E7656A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E48550 mov eax, dword ptr fs:[00000030h]2_2_00E48550
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E48550 mov eax, dword ptr fs:[00000030h]2_2_00E48550
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50535 mov eax, dword ptr fs:[00000030h]2_2_00E50535
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50535 mov eax, dword ptr fs:[00000030h]2_2_00E50535
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50535 mov eax, dword ptr fs:[00000030h]2_2_00E50535
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50535 mov eax, dword ptr fs:[00000030h]2_2_00E50535
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50535 mov eax, dword ptr fs:[00000030h]2_2_00E50535
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50535 mov eax, dword ptr fs:[00000030h]2_2_00E50535
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E53E mov eax, dword ptr fs:[00000030h]2_2_00E6E53E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E53E mov eax, dword ptr fs:[00000030h]2_2_00E6E53E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E53E mov eax, dword ptr fs:[00000030h]2_2_00E6E53E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E53E mov eax, dword ptr fs:[00000030h]2_2_00E6E53E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E53E mov eax, dword ptr fs:[00000030h]2_2_00E6E53E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED6500 mov eax, dword ptr fs:[00000030h]2_2_00ED6500
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14500 mov eax, dword ptr fs:[00000030h]2_2_00F14500
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14500 mov eax, dword ptr fs:[00000030h]2_2_00F14500
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14500 mov eax, dword ptr fs:[00000030h]2_2_00F14500
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14500 mov eax, dword ptr fs:[00000030h]2_2_00F14500
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14500 mov eax, dword ptr fs:[00000030h]2_2_00F14500
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14500 mov eax, dword ptr fs:[00000030h]2_2_00F14500
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14500 mov eax, dword ptr fs:[00000030h]2_2_00F14500
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE6F2 mov eax, dword ptr fs:[00000030h]2_2_00EBE6F2
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE6F2 mov eax, dword ptr fs:[00000030h]2_2_00EBE6F2
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE6F2 mov eax, dword ptr fs:[00000030h]2_2_00EBE6F2
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE6F2 mov eax, dword ptr fs:[00000030h]2_2_00EBE6F2
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC06F1 mov eax, dword ptr fs:[00000030h]2_2_00EC06F1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC06F1 mov eax, dword ptr fs:[00000030h]2_2_00EC06F1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A6C7 mov ebx, dword ptr fs:[00000030h]2_2_00E7A6C7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A6C7 mov eax, dword ptr fs:[00000030h]2_2_00E7A6C7
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7C6A6 mov eax, dword ptr fs:[00000030h]2_2_00E7C6A6
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E766B0 mov eax, dword ptr fs:[00000030h]2_2_00E766B0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E44690 mov eax, dword ptr fs:[00000030h]2_2_00E44690
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E44690 mov eax, dword ptr fs:[00000030h]2_2_00E44690
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A660 mov eax, dword ptr fs:[00000030h]2_2_00E7A660
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A660 mov eax, dword ptr fs:[00000030h]2_2_00E7A660
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E72674 mov eax, dword ptr fs:[00000030h]2_2_00E72674
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0866E mov eax, dword ptr fs:[00000030h]2_2_00F0866E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0866E mov eax, dword ptr fs:[00000030h]2_2_00F0866E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5C640 mov eax, dword ptr fs:[00000030h]2_2_00E5C640
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5E627 mov eax, dword ptr fs:[00000030h]2_2_00E5E627
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E76620 mov eax, dword ptr fs:[00000030h]2_2_00E76620
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E78620 mov eax, dword ptr fs:[00000030h]2_2_00E78620
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4262C mov eax, dword ptr fs:[00000030h]2_2_00E4262C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE609 mov eax, dword ptr fs:[00000030h]2_2_00EBE609
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5260B mov eax, dword ptr fs:[00000030h]2_2_00E5260B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5260B mov eax, dword ptr fs:[00000030h]2_2_00E5260B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5260B mov eax, dword ptr fs:[00000030h]2_2_00E5260B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5260B mov eax, dword ptr fs:[00000030h]2_2_00E5260B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5260B mov eax, dword ptr fs:[00000030h]2_2_00E5260B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5260B mov eax, dword ptr fs:[00000030h]2_2_00E5260B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E5260B mov eax, dword ptr fs:[00000030h]2_2_00E5260B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82619 mov eax, dword ptr fs:[00000030h]2_2_00E82619
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E627ED mov eax, dword ptr fs:[00000030h]2_2_00E627ED
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E627ED mov eax, dword ptr fs:[00000030h]2_2_00E627ED
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E627ED mov eax, dword ptr fs:[00000030h]2_2_00E627ED
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECE7E1 mov eax, dword ptr fs:[00000030h]2_2_00ECE7E1
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E447FB mov eax, dword ptr fs:[00000030h]2_2_00E447FB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E447FB mov eax, dword ptr fs:[00000030h]2_2_00E447FB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4C7C0 mov eax, dword ptr fs:[00000030h]2_2_00E4C7C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC07C3 mov eax, dword ptr fs:[00000030h]2_2_00EC07C3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E407AF mov eax, dword ptr fs:[00000030h]2_2_00E407AF
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF47A0 mov eax, dword ptr fs:[00000030h]2_2_00EF47A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE678E mov eax, dword ptr fs:[00000030h]2_2_00EE678E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E48770 mov eax, dword ptr fs:[00000030h]2_2_00E48770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50770 mov eax, dword ptr fs:[00000030h]2_2_00E50770
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7674D mov esi, dword ptr fs:[00000030h]2_2_00E7674D
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7674D mov eax, dword ptr fs:[00000030h]2_2_00E7674D
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7674D mov eax, dword ptr fs:[00000030h]2_2_00E7674D
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECE75D mov eax, dword ptr fs:[00000030h]2_2_00ECE75D
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E40750 mov eax, dword ptr fs:[00000030h]2_2_00E40750
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82750 mov eax, dword ptr fs:[00000030h]2_2_00E82750
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E82750 mov eax, dword ptr fs:[00000030h]2_2_00E82750
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC4755 mov eax, dword ptr fs:[00000030h]2_2_00EC4755
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7C720 mov eax, dword ptr fs:[00000030h]2_2_00E7C720
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7C720 mov eax, dword ptr fs:[00000030h]2_2_00E7C720
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBC730 mov eax, dword ptr fs:[00000030h]2_2_00EBC730
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7273C mov eax, dword ptr fs:[00000030h]2_2_00E7273C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7273C mov ecx, dword ptr fs:[00000030h]2_2_00E7273C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7273C mov eax, dword ptr fs:[00000030h]2_2_00E7273C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7C700 mov eax, dword ptr fs:[00000030h]2_2_00E7C700
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E40710 mov eax, dword ptr fs:[00000030h]2_2_00E40710
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E70710 mov eax, dword ptr fs:[00000030h]2_2_00E70710
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0A8E4 mov eax, dword ptr fs:[00000030h]2_2_00F0A8E4
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7C8F9 mov eax, dword ptr fs:[00000030h]2_2_00E7C8F9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7C8F9 mov eax, dword ptr fs:[00000030h]2_2_00E7C8F9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6E8C0 mov eax, dword ptr fs:[00000030h]2_2_00E6E8C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F108C0 mov eax, dword ptr fs:[00000030h]2_2_00F108C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E40887 mov eax, dword ptr fs:[00000030h]2_2_00E40887
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECC89D mov eax, dword ptr fs:[00000030h]2_2_00ECC89D
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED6870 mov eax, dword ptr fs:[00000030h]2_2_00ED6870
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED6870 mov eax, dword ptr fs:[00000030h]2_2_00ED6870
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECE872 mov eax, dword ptr fs:[00000030h]2_2_00ECE872
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECE872 mov eax, dword ptr fs:[00000030h]2_2_00ECE872
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E52840 mov ecx, dword ptr fs:[00000030h]2_2_00E52840
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E70854 mov eax, dword ptr fs:[00000030h]2_2_00E70854
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E44859 mov eax, dword ptr fs:[00000030h]2_2_00E44859
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E44859 mov eax, dword ptr fs:[00000030h]2_2_00E44859
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E62835 mov eax, dword ptr fs:[00000030h]2_2_00E62835
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E62835 mov eax, dword ptr fs:[00000030h]2_2_00E62835
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E62835 mov eax, dword ptr fs:[00000030h]2_2_00E62835
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E62835 mov ecx, dword ptr fs:[00000030h]2_2_00E62835
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E62835 mov eax, dword ptr fs:[00000030h]2_2_00E62835
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E62835 mov eax, dword ptr fs:[00000030h]2_2_00E62835
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE483A mov eax, dword ptr fs:[00000030h]2_2_00EE483A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE483A mov eax, dword ptr fs:[00000030h]2_2_00EE483A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7A830 mov eax, dword ptr fs:[00000030h]2_2_00E7A830
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECC810 mov eax, dword ptr fs:[00000030h]2_2_00ECC810
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECE9E0 mov eax, dword ptr fs:[00000030h]2_2_00ECE9E0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E729F9 mov eax, dword ptr fs:[00000030h]2_2_00E729F9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E729F9 mov eax, dword ptr fs:[00000030h]2_2_00E729F9
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0A9D3 mov eax, dword ptr fs:[00000030h]2_2_00F0A9D3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED69C0 mov eax, dword ptr fs:[00000030h]2_2_00ED69C0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A9D0 mov eax, dword ptr fs:[00000030h]2_2_00E4A9D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A9D0 mov eax, dword ptr fs:[00000030h]2_2_00E4A9D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A9D0 mov eax, dword ptr fs:[00000030h]2_2_00E4A9D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A9D0 mov eax, dword ptr fs:[00000030h]2_2_00E4A9D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A9D0 mov eax, dword ptr fs:[00000030h]2_2_00E4A9D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4A9D0 mov eax, dword ptr fs:[00000030h]2_2_00E4A9D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E749D0 mov eax, dword ptr fs:[00000030h]2_2_00E749D0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E529A0 mov eax, dword ptr fs:[00000030h]2_2_00E529A0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E409AD mov eax, dword ptr fs:[00000030h]2_2_00E409AD
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E409AD mov eax, dword ptr fs:[00000030h]2_2_00E409AD
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC89B3 mov esi, dword ptr fs:[00000030h]2_2_00EC89B3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC89B3 mov eax, dword ptr fs:[00000030h]2_2_00EC89B3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC89B3 mov eax, dword ptr fs:[00000030h]2_2_00EC89B3
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E66962 mov eax, dword ptr fs:[00000030h]2_2_00E66962
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E66962 mov eax, dword ptr fs:[00000030h]2_2_00E66962
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E66962 mov eax, dword ptr fs:[00000030h]2_2_00E66962
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E8096E mov eax, dword ptr fs:[00000030h]2_2_00E8096E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E8096E mov edx, dword ptr fs:[00000030h]2_2_00E8096E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E8096E mov eax, dword ptr fs:[00000030h]2_2_00E8096E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECC97C mov eax, dword ptr fs:[00000030h]2_2_00ECC97C
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE4978 mov eax, dword ptr fs:[00000030h]2_2_00EE4978
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE4978 mov eax, dword ptr fs:[00000030h]2_2_00EE4978
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC0946 mov eax, dword ptr fs:[00000030h]2_2_00EC0946
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14940 mov eax, dword ptr fs:[00000030h]2_2_00F14940
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EC892A mov eax, dword ptr fs:[00000030h]2_2_00EC892A
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED892B mov eax, dword ptr fs:[00000030h]2_2_00ED892B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE908 mov eax, dword ptr fs:[00000030h]2_2_00EBE908
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBE908 mov eax, dword ptr fs:[00000030h]2_2_00EBE908
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E38918 mov eax, dword ptr fs:[00000030h]2_2_00E38918
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E38918 mov eax, dword ptr fs:[00000030h]2_2_00E38918
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECC912 mov eax, dword ptr fs:[00000030h]2_2_00ECC912
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7AAEE mov eax, dword ptr fs:[00000030h]2_2_00E7AAEE
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7AAEE mov eax, dword ptr fs:[00000030h]2_2_00E7AAEE
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E96ACC mov eax, dword ptr fs:[00000030h]2_2_00E96ACC
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E96ACC mov eax, dword ptr fs:[00000030h]2_2_00E96ACC
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E96ACC mov eax, dword ptr fs:[00000030h]2_2_00E96ACC
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E40AD0 mov eax, dword ptr fs:[00000030h]2_2_00E40AD0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E74AD0 mov eax, dword ptr fs:[00000030h]2_2_00E74AD0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E74AD0 mov eax, dword ptr fs:[00000030h]2_2_00E74AD0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E48AA0 mov eax, dword ptr fs:[00000030h]2_2_00E48AA0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E48AA0 mov eax, dword ptr fs:[00000030h]2_2_00E48AA0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E96AA4 mov eax, dword ptr fs:[00000030h]2_2_00E96AA4
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA80 mov eax, dword ptr fs:[00000030h]2_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA80 mov eax, dword ptr fs:[00000030h]2_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA80 mov eax, dword ptr fs:[00000030h]2_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA80 mov eax, dword ptr fs:[00000030h]2_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA80 mov eax, dword ptr fs:[00000030h]2_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA80 mov eax, dword ptr fs:[00000030h]2_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA80 mov eax, dword ptr fs:[00000030h]2_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA80 mov eax, dword ptr fs:[00000030h]2_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E4EA80 mov eax, dword ptr fs:[00000030h]2_2_00E4EA80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F14A80 mov eax, dword ptr fs:[00000030h]2_2_00F14A80
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E78A90 mov edx, dword ptr fs:[00000030h]2_2_00E78A90
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7CA6F mov eax, dword ptr fs:[00000030h]2_2_00E7CA6F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7CA6F mov eax, dword ptr fs:[00000030h]2_2_00E7CA6F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7CA6F mov eax, dword ptr fs:[00000030h]2_2_00E7CA6F
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEEA60 mov eax, dword ptr fs:[00000030h]2_2_00EEEA60
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBCA72 mov eax, dword ptr fs:[00000030h]2_2_00EBCA72
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EBCA72 mov eax, dword ptr fs:[00000030h]2_2_00EBCA72
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46A50 mov eax, dword ptr fs:[00000030h]2_2_00E46A50
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46A50 mov eax, dword ptr fs:[00000030h]2_2_00E46A50
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46A50 mov eax, dword ptr fs:[00000030h]2_2_00E46A50
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46A50 mov eax, dword ptr fs:[00000030h]2_2_00E46A50
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46A50 mov eax, dword ptr fs:[00000030h]2_2_00E46A50
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46A50 mov eax, dword ptr fs:[00000030h]2_2_00E46A50
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E46A50 mov eax, dword ptr fs:[00000030h]2_2_00E46A50
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50A5B mov eax, dword ptr fs:[00000030h]2_2_00E50A5B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50A5B mov eax, dword ptr fs:[00000030h]2_2_00E50A5B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7CA24 mov eax, dword ptr fs:[00000030h]2_2_00E7CA24
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6EA2E mov eax, dword ptr fs:[00000030h]2_2_00E6EA2E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E64A35 mov eax, dword ptr fs:[00000030h]2_2_00E64A35
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E64A35 mov eax, dword ptr fs:[00000030h]2_2_00E64A35
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E7CA38 mov eax, dword ptr fs:[00000030h]2_2_00E7CA38
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECCA11 mov eax, dword ptr fs:[00000030h]2_2_00ECCA11
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E48BF0 mov eax, dword ptr fs:[00000030h]2_2_00E48BF0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E48BF0 mov eax, dword ptr fs:[00000030h]2_2_00E48BF0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E48BF0 mov eax, dword ptr fs:[00000030h]2_2_00E48BF0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6EBFC mov eax, dword ptr fs:[00000030h]2_2_00E6EBFC
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ECCBF0 mov eax, dword ptr fs:[00000030h]2_2_00ECCBF0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E40BCD mov eax, dword ptr fs:[00000030h]2_2_00E40BCD
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E40BCD mov eax, dword ptr fs:[00000030h]2_2_00E40BCD
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E40BCD mov eax, dword ptr fs:[00000030h]2_2_00E40BCD
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E60BCB mov eax, dword ptr fs:[00000030h]2_2_00E60BCB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E60BCB mov eax, dword ptr fs:[00000030h]2_2_00E60BCB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E60BCB mov eax, dword ptr fs:[00000030h]2_2_00E60BCB
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEEBD0 mov eax, dword ptr fs:[00000030h]2_2_00EEEBD0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50BBE mov eax, dword ptr fs:[00000030h]2_2_00E50BBE
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E50BBE mov eax, dword ptr fs:[00000030h]2_2_00E50BBE
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF4BB0 mov eax, dword ptr fs:[00000030h]2_2_00EF4BB0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF4BB0 mov eax, dword ptr fs:[00000030h]2_2_00EF4BB0
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E3CB7E mov eax, dword ptr fs:[00000030h]2_2_00E3CB7E
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF4B4B mov eax, dword ptr fs:[00000030h]2_2_00EF4B4B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EF4B4B mov eax, dword ptr fs:[00000030h]2_2_00EF4B4B
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F12B57 mov eax, dword ptr fs:[00000030h]2_2_00F12B57
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F12B57 mov eax, dword ptr fs:[00000030h]2_2_00F12B57
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F12B57 mov eax, dword ptr fs:[00000030h]2_2_00F12B57
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F12B57 mov eax, dword ptr fs:[00000030h]2_2_00F12B57
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EE8B42 mov eax, dword ptr fs:[00000030h]2_2_00EE8B42
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED6B40 mov eax, dword ptr fs:[00000030h]2_2_00ED6B40
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00ED6B40 mov eax, dword ptr fs:[00000030h]2_2_00ED6B40
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F0AB40 mov eax, dword ptr fs:[00000030h]2_2_00F0AB40
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E38B50 mov eax, dword ptr fs:[00000030h]2_2_00E38B50
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00EEEB50 mov eax, dword ptr fs:[00000030h]2_2_00EEEB50
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6EB20 mov eax, dword ptr fs:[00000030h]2_2_00E6EB20
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00E6EB20 mov eax, dword ptr fs:[00000030h]2_2_00E6EB20
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F08B28 mov eax, dword ptr fs:[00000030h]2_2_00F08B28
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeCode function: 2_2_00F08B28 mov eax, dword ptr fs:[00000030h]2_2_00F08B28
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess token adjusted: DebugJump to behavior
                  Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeProcess created: C:\Users\user\Desktop\4N4nldx1wW.exe "C:\Users\user\Desktop\4N4nldx1wW.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeQueries volume information: C:\Users\user\Desktop\4N4nldx1wW.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\4N4nldx1wW.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 2.2.4N4nldx1wW.exe.730000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.4N4nldx1wW.exe.730000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1964717720.0000000000880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                  Remote Access Functionality

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 2.2.4N4nldx1wW.exe.730000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.4N4nldx1wW.exe.730000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1964717720.0000000000880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                  DLL Side-Loading                  		11
                  Process Injection                  		3
                  Virtualization/Sandbox Evasion                  		OS Credential Dumping121
                  Security Software Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		LSASS Memory3
                  Virtualization/Sandbox Evasion                  		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                  Process Injection                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Deobfuscate/Decode Files or Information                  		NTDS12
                  System Information Discovery                  		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                  Obfuscated Files or Information                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  4N4nldx1wW.exe55%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                  4N4nldx1wW.exe45%VirustotalBrowse
                  4N4nldx1wW.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  s-part-0017.t-0009.t-msedge.net
                  		13.107.246.45
                  		truefalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://github.com/mgravell/protobuf-net4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpfalse
                      		high
                      https://github.com/mgravell/protobuf-neti4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpfalse
                        		high
                        https://stackoverflow.com/q/14436606/233544N4nldx1wW.exe, 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://github.com/mgravell/protobuf-netJ4N4nldx1wW.exe, 00000000.00000002.1342151363.0000000003B25000.00000004.00000800.00020000.00000000.sdmp, 4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4N4nldx1wW.exe, 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://stackoverflow.com/q/11564914/23354;4N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/2152978/233544N4nldx1wW.exe, 00000000.00000002.1346699161.00000000054F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high

                                  World Map of Contacted IPs

                                  No contacted IP infos

                                  General Information

                                  Joe Sandbox version:42.0.0 Malachite
                                  Analysis ID:1588606
                                  Start date and time:2025-01-11 03:09:21 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 6m 56s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Run name:Run with higher sleep bypass
                                  Number of analysed new started processes analysed:9
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:4N4nldx1wW.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:9d4e4cb20e3f583a570e84cb53ce9e6ddbdc2920ec1286b45fc75e45f59fedeb.exe
                                  Detection:MAL
                                  Classification:mal80.troj.evad.winEXE@3/0@0/0
                                  EGA Information:
                                  • Successful, ratio: 50%
                                  HCA Information:
                                  • Successful, ratio: 85%
                                  • Number of executed functions: 46
                                  • Number of non-executed functions: 269
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                  • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                  • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
                                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                  • Execution Graph export aborted for target 4N4nldx1wW.exe, PID 7808 because it is empty
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  s-part-0017.t-0009.t-msedge.net1487427797195518826.jsGet hashmaliciousStrela DownloaderBrowse
                                  • 13.107.246.45
                                  5by4QM3v89.exeGet hashmaliciousFormBookBrowse
                                  • 13.107.246.45
                                  uEuTtkxAqq.exeGet hashmaliciousAgentTeslaBrowse
                                  • 13.107.246.45
                                  23754232101540928500.jsGet hashmaliciousStrela DownloaderBrowse
                                  • 13.107.246.45
                                  rwlPT9YJt0.exeGet hashmaliciousSnake KeyloggerBrowse
                                  • 13.107.246.45
                                  CGk5FtIq0N.exeGet hashmaliciousFormBookBrowse
                                  • 13.107.246.45
                                  wOBmA8bj8d.exeGet hashmaliciousFormBookBrowse
                                  • 13.107.246.45
                                  KtPCqWWnqM.exeGet hashmaliciousUnknownBrowse
                                  • 13.107.246.45
                                  kQibsaGS2E.exeGet hashmaliciousUnknownBrowse
                                  • 13.107.246.45
                                  1907125702104121563.jsGet hashmaliciousStrela DownloaderBrowse
                                  • 13.107.246.45

                                  ASNs

                                  No context

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  No created / dropped files found

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Entropy (8bit):7.414030976177266
                                  TrID:
                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                  • Windows Screen Saver (13104/52) 0.07%
                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                  File name:4N4nldx1wW.exe
                                  File size:2'089'984 bytes
                                  MD5:7ca54c459c8a04446a34c74071c0220a
                                  SHA1:88dbf3f1b1deb41e36001def7642a76e17f421f4
                                  SHA256:9d4e4cb20e3f583a570e84cb53ce9e6ddbdc2920ec1286b45fc75e45f59fedeb
                                  SHA512:3917e5154b4911a126e55ffb42a5f9805301ea9a66dc2f4421d1cf6b0310fd3518e5788f4141d8c91147fbe41f0ae69a13fe2d3089e2ac05fea71a4134636514
                                  SSDEEP:24576:K9EoV9Ug4cLrttU+1jJx9yAfpxgN+RJkWSKIraT6gOJ9xoULNNNBKNeS5OU1r:K17/4IAqxQ67Y2JkWSKIO+gO7mN
                                  TLSH:1EA5CE80B7C2AB57E92F673390634625EBB0E4D1A3D7D38F5AA457281C937C8AE054D3
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Pg................................. .... ...@.. .......................@ ...........`................................

                                  File Icon

                                  Icon Hash:90cececece8e8eb0

                                  Static PE Info

                                  General

                                  Entrypoint:0x5ff8ce
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x67501B9B [Wed Dec 4 09:06:35 2024 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                  Entrypoint Preview

                                  Instruction
                                  jmp dword ptr [00402000h]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1ff8780x53.text
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2000000x5b6.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x2020000xc.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x20000x1fd8d40x1fda007ecf5d261b36c0e5a230d2718e8e243aunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .rsrc0x2000000x5b60x600da343c2956d3243b940c4d9c5ce6098eFalse0.4173177083333333data4.100936228122223IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0x2020000xc0x20064914ad9214e02762339aa09a4cd9b18False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_VERSION0x2000a00x32cdata0.4224137931034483
                                  RT_MANIFEST0x2003cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                  Imports

                                  DLLImport
                                  mscoree.dll_CorExeMain

                                  Network Behavior

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Jan 11, 2025 03:10:14.106671095 CET1.1.1.1192.168.2.100x5ec1No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                  Jan 11, 2025 03:10:14.106671095 CET1.1.1.1192.168.2.100x5ec1No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:21:10:15
                                  Start date:10/01/2025
                                  Path:C:\Users\user\Desktop\4N4nldx1wW.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\4N4nldx1wW.exe"
                                  Imagebase:0x4c0000
                                  File size:2'089'984 bytes
                                  MD5 hash:7CA54C459C8A04446A34C74071C0220A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1346328879.0000000005450000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1329281843.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:2
                                  Start time:21:10:16
                                  Start date:10/01/2025
                                  Path:C:\Users\user\Desktop\4N4nldx1wW.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\4N4nldx1wW.exe"
                                  Imagebase:0x160000
                                  File size:2'089'984 bytes
                                  MD5 hash:7CA54C459C8A04446A34C74071C0220A
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1964717720.0000000000880000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:low
                                  Has exited:true

                                  Disassembly

                                  Reset < >

                                    Executed Functions

                                    Function 00D4D1D0 Relevance: 2.6, Strings: 1, Instructions: 1335COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 2
                                    • API String ID: 0-450215437
                                    • Opcode ID: 832a1164861ee1274e2aaf4588b558901a683e91a221123b7bdc7f2261f5181d
                                    • Instruction ID: e82360b8b04c55b7e77d657fdd82de9da37a5348b81fde319580844a9e4f3e4f
                                    • Opcode Fuzzy Hash: 832a1164861ee1274e2aaf4588b558901a683e91a221123b7bdc7f2261f5181d
                                    • Instruction Fuzzy Hash: C5E2D474E012288FDB64DF69D884B9EBBB6FB89304F1085E9E409A7355DB305E86CF50
                                    Function 00D4BEE8 Relevance: 2.2, Strings: 1, Instructions: 983COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: l9L
                                    • API String ID: 0-461157171
                                    • Opcode ID: 162fc4b8ebaa097b0946c799004d4855626a253dcde863deb8298d605bf7f2db
                                    • Instruction ID: 0d3e6b289634e2ac68db221d2e844b2da68d98301c8e87a26fedb16fd352bd06
                                    • Opcode Fuzzy Hash: 162fc4b8ebaa097b0946c799004d4855626a253dcde863deb8298d605bf7f2db
                                    • Instruction Fuzzy Hash: EDA2B575A01228CFDB64CF69C984B99BBB2FF89304F1581E9D509AB325DB319E81CF50
                                    Function 05DAEA98 Relevance: .3, Instructions: 276COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2092de59908d66c52c8e29ddc23dee2975ae75401c9b16c66b02a51192a1f46c
                                    • Instruction ID: 0013b372aab8972da77bb0ae9d8f1ebcb846aa8736f298b9f8c2331cf65b7534
                                    • Opcode Fuzzy Hash: 2092de59908d66c52c8e29ddc23dee2975ae75401c9b16c66b02a51192a1f46c
                                    • Instruction Fuzzy Hash: 65D19274E01218CFDB54DFA9D894B9DBBB2FF89300F1081A9D40AAB365DB31A985CF51
                                    Function 05D970B0 Relevance: 2.5, Strings: 2, Instructions: 34COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: +$v
                                    • API String ID: 0-2211923388
                                    • Opcode ID: 13c916eda05581042b8553591ce213425042739fcf9ab5bb033268f004badb58
                                    • Instruction ID: bed06adafefc16de369b6b36f9e834d596e991b7f6c60a630445c67eb10b7014
                                    • Opcode Fuzzy Hash: 13c916eda05581042b8553591ce213425042739fcf9ab5bb033268f004badb58
                                    • Instruction Fuzzy Hash: 79110574A021288FCF68DF18D899AAAB7B1FF48300F4450E9E409A3340DB349E85CF42
                                    Function 05DABC70 Relevance: .2, Instructions: 177COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d1f283d6991f30f320471b6679b922b4a0f66b29436f6b8425d9731a7ff8dea0
                                    • Instruction ID: f4334f0e4bfe7513f21012e3187fd8b854a290a6c615477e4f5b452f5cd09367
                                    • Opcode Fuzzy Hash: d1f283d6991f30f320471b6679b922b4a0f66b29436f6b8425d9731a7ff8dea0
                                    • Instruction Fuzzy Hash: 3171E271E05218CFEB04DFA8D998AAEBBB2FF89300F10412AD416AB355DB745D46CF50
                                    Function 00D40890 Relevance: .2, Instructions: 155COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 13e00ce4b7a2696bcf9ccfb2c2e62bec17cd55264484bb326f8e9552170f14b0
                                    • Instruction ID: 4bf5c9c7ae5f4b68d84c76d60dde7ccdfa5ace5e03ed95df8bf89c90c07f6b8e
                                    • Opcode Fuzzy Hash: 13e00ce4b7a2696bcf9ccfb2c2e62bec17cd55264484bb326f8e9552170f14b0
                                    • Instruction Fuzzy Hash: 835108347402048FDB14DF69D858A6EBBF2FF88714F258469E5069B366DB71EC41CB60
                                    Function 00D40881 Relevance: .1, Instructions: 96COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dff9587be4f0b4c7f084ad13ef578709685004700a6442c4068a5427e78acf28
                                    • Instruction ID: 28559fde5bdb012b59b84875e31fc220eb8f1d48ae7d67820069ede922bcf29e
                                    • Opcode Fuzzy Hash: dff9587be4f0b4c7f084ad13ef578709685004700a6442c4068a5427e78acf28
                                    • Instruction Fuzzy Hash: 843141353406048FEB14DF29D894A2E7BE6FF88714B1984A9E546CB366DB35EC42CF50
                                    Function 00D4FE60 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6192a80652199155686e6f4bae471580a1e3032a7b7cdf2df666016da0b819f9
                                    • Instruction ID: d95b141b1f5cbd0a00d0276c117eed7da9f1bf4cfc040d0c7ec76cdd56128b73
                                    • Opcode Fuzzy Hash: 6192a80652199155686e6f4bae471580a1e3032a7b7cdf2df666016da0b819f9
                                    • Instruction Fuzzy Hash: E031B275E012099FCB04DFA9D484AEEBBF2FF89310F10806AE905A7364DB71A945DF60
                                    Function 00D47D18 Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 574f4971f37f36c337d18dff1f3cafb5a6134b570cbc5bcdc594cdd6fb9ea248
                                    • Instruction ID: 05807b629f643f7c0171d6fbbbdda79250fb9fb12a6cf0cc4bf2bc9c516f1ac9
                                    • Opcode Fuzzy Hash: 574f4971f37f36c337d18dff1f3cafb5a6134b570cbc5bcdc594cdd6fb9ea248
                                    • Instruction Fuzzy Hash: EF312FB0E19208DFDB05EFB9D5487AEBBF2EF49300F2084A5D009E3265DB744A45DB51
                                    Function 00D47D09 Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2d9d03067e86231355603504fcd8235f1b823abfab6d30a57ac065b209bdc6f8
                                    • Instruction ID: edefab1e3f01ce703f077a5d8d32aa580034aff7f10df658c31d13515dcfcc19
                                    • Opcode Fuzzy Hash: 2d9d03067e86231355603504fcd8235f1b823abfab6d30a57ac065b209bdc6f8
                                    • Instruction Fuzzy Hash: C731ACB0E09249CFDB05DFB8C5483AEBBF2EF89300F2484A9D009A3264DB744A85DB11
                                    Function 00C9D01C Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328339819.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_c9d000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 76dc6b5939a02e4c26ed70b525c6dca6b954e5c1753ef0a0165aa8ee99512d6b
                                    • Instruction ID: 57217c1961cdbfe7043cf89291dcf918b4bc0f97708d15e6b88767d74d005579
                                    • Opcode Fuzzy Hash: 76dc6b5939a02e4c26ed70b525c6dca6b954e5c1753ef0a0165aa8ee99512d6b
                                    • Instruction Fuzzy Hash: 042122B2504244DFDF15DF14D9C8B26BBA5FB84324F24C569E90A2B246C33AD946CBB2
                                    Function 05D94B44 Relevance: .1, Instructions: 66COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 74af53513e50cbabd5d0e088789420acb2c1f4472978e01a542ab291597f2659
                                    • Instruction ID: df806fd51c74f53d37a45e5f4dda6d5cf72e18acdadaaec6dadc5d7e88430a5b
                                    • Opcode Fuzzy Hash: 74af53513e50cbabd5d0e088789420acb2c1f4472978e01a542ab291597f2659
                                    • Instruction Fuzzy Hash: C531F374E012688FDBA9DF28C988A9AB7B1FF49304F5044E9E40DA7745DB749E85CF01
                                    Function 00C9D005 Relevance: .1, Instructions: 64COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328339819.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_c9d000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cc0408439e45f182bfffdb577b4778106aeb34a4aed13827a3c3b4b9a51747a1
                                    • Instruction ID: 059e204986d21bb4ca367b4513f75d451bdceffe919f79201feda67b6f3b5368
                                    • Opcode Fuzzy Hash: cc0408439e45f182bfffdb577b4778106aeb34a4aed13827a3c3b4b9a51747a1
                                    • Instruction Fuzzy Hash: 9021B0754093C08FCB13CF20D994716BF71EB86314F2981EAD8459B657C33A991ACB62
                                    Function 00D4D0E0 Relevance: .1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0a9f5ab8ec1dd3fa08599673fb8ead3bbb5c7433e127be3748030ed8c1036066
                                    • Instruction ID: c04ecb5ff04696dbce2435ba3d4df7faf583d2cda8551fda9796e850006ccbd3
                                    • Opcode Fuzzy Hash: 0a9f5ab8ec1dd3fa08599673fb8ead3bbb5c7433e127be3748030ed8c1036066
                                    • Instruction Fuzzy Hash: C81102B4E0520DCBDB04CFA9D8456EEBBF6FB8D310F24802AD909B3250D7345A45CBA0
                                    Function 05D97E32 Relevance: .1, Instructions: 55COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f2edd7eedf83e5f3792222d6b4211f1c9a1b1c6676c687dba6b29ac7b530e991
                                    • Instruction ID: 1bc687ff5b5a2eec74e5e2ef434fcfa491e5025661c67043918df316962e0225
                                    • Opcode Fuzzy Hash: f2edd7eedf83e5f3792222d6b4211f1c9a1b1c6676c687dba6b29ac7b530e991
                                    • Instruction Fuzzy Hash: D2210570A0522ACFDFB8DF58D849BEAB7B5BB08304F1080EA9019A7644DB349EC5DF41
                                    Function 05DA9F38 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5fe960d9ee1efe8de6ba2dd48152af3eac993b0c94a10218935851f591c9b935
                                    • Instruction ID: 4d0e7f98ac1a12087ab94f97bb6fba6c5b3ff246cc1c34da42d8170831d47439
                                    • Opcode Fuzzy Hash: 5fe960d9ee1efe8de6ba2dd48152af3eac993b0c94a10218935851f591c9b935
                                    • Instruction Fuzzy Hash: 1011D7B5D09208DFCB44DFA9D9556AEBBF6FB89300F10C4AAD409A3350D7749A41DB40
                                    Function 05D937FA Relevance: .0, Instructions: 35COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f3684c37071fb8e41ff38097fe9631d22de1bdbe8aa20899aae75bb874452024
                                    • Instruction ID: c23d79330c76c457820e888ea4d0190fabd0ccf0536d26a1be2d3f2b5aa6b980
                                    • Opcode Fuzzy Hash: f3684c37071fb8e41ff38097fe9631d22de1bdbe8aa20899aae75bb874452024
                                    • Instruction Fuzzy Hash: 9D110C74A012598FCB64DF18DD48ADDBBB1FB49300F1045E9A459E3344EB345EC69F50
                                    Function 00D40AA8 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d8c005e1dedae588ee2a538ae799b5de26e3e94607e9e5c1fe7b1e97478b3321
                                    • Instruction ID: 3962fcb70f9967d984701e27a87e056ce53acb62cabe8fad69a615014ead9e7c
                                    • Opcode Fuzzy Hash: d8c005e1dedae588ee2a538ae799b5de26e3e94607e9e5c1fe7b1e97478b3321
                                    • Instruction Fuzzy Hash: 76F0EC74245340AFCB01F778D455B993BE1EF89700F44466CE147DB3A5EBB48C468B91
                                    Function 00D40AB8 Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 427fa6e1ed5f41f4e60e6ee321a96f0d701995e3bc362656bf6ec57bddf969af
                                    • Instruction ID: 83e55ab929095cf5d43f15f9e245c04043f871153c8dd7b6f35267b7d938bbea
                                    • Opcode Fuzzy Hash: 427fa6e1ed5f41f4e60e6ee321a96f0d701995e3bc362656bf6ec57bddf969af
                                    • Instruction Fuzzy Hash: 31E092342002049FCB01F758E444B5973E5FF89710B400168E10ACB3A5EBB09C428B91
                                    Function 00D4CEC0 Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1ad6a769659abe1da7be3fda91fe9b0fa35af34f2d9580d04f19bfda557df29b
                                    • Instruction ID: cbd09c220c1d4b003ca21507e4ee164efd0b58736bc779d4b55271eb330a9bad
                                    • Opcode Fuzzy Hash: 1ad6a769659abe1da7be3fda91fe9b0fa35af34f2d9580d04f19bfda557df29b
                                    • Instruction Fuzzy Hash: ECF0A574D05208EFCB84DFA8D944AADBBF5EB88300F10C0AAAC18A3351D7359A51EF50
                                    Function 05DAA3E8 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 150709943e7d5a604a243fb273f6a3d24bab1c27cf3e85dbbe0456b22cd4854f
                                    • Instruction ID: 01146750a9af06fbbe69301d8f5dd6d0f7879b61bf13c3b387695675c4f9327c
                                    • Opcode Fuzzy Hash: 150709943e7d5a604a243fb273f6a3d24bab1c27cf3e85dbbe0456b22cd4854f
                                    • Instruction Fuzzy Hash: 5FE0ED75D05208EFCB84DFA8D9446ADFBF5FB88300F10C1AA980993350D7759A52EF41
                                    Function 05DA5B10 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 150709943e7d5a604a243fb273f6a3d24bab1c27cf3e85dbbe0456b22cd4854f
                                    • Instruction ID: f5bd55239db948dfad8d0b3800b54c5f0849a355483f65f43f856e485328eab8
                                    • Opcode Fuzzy Hash: 150709943e7d5a604a243fb273f6a3d24bab1c27cf3e85dbbe0456b22cd4854f
                                    • Instruction Fuzzy Hash: 5DE06D74D04208EFCB80DFA8D840BADFBF4EB88301F10C0AA9818A3350D7359A01DF40
                                    Function 05DAD2E0 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 150709943e7d5a604a243fb273f6a3d24bab1c27cf3e85dbbe0456b22cd4854f
                                    • Instruction ID: de9ebaac214189ed228a0d8ac7a8aea57780d362ee0a4066fa38bfe22bce3f66
                                    • Opcode Fuzzy Hash: 150709943e7d5a604a243fb273f6a3d24bab1c27cf3e85dbbe0456b22cd4854f
                                    • Instruction Fuzzy Hash: 3EE0C975D05208EFCB84DFA8D945AADBBF5EB88300F10C0AA981893350D6359A51DF40
                                    Function 05DABC20 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 150709943e7d5a604a243fb273f6a3d24bab1c27cf3e85dbbe0456b22cd4854f
                                    • Instruction ID: 3383c133096a453f08084debf06ba4c3183b799cf1b9c48338660c4ca18c59ed
                                    • Opcode Fuzzy Hash: 150709943e7d5a604a243fb273f6a3d24bab1c27cf3e85dbbe0456b22cd4854f
                                    • Instruction Fuzzy Hash: 27E0C975D09208EFDB84DFA8D945AADFBF5EB88300F10C0AA985893350DA359A52DF40
                                    Function 05DAFDF8 Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 90249e06e072a12628d4053be00bb6bd704940027191b7678092a7f50a3b71e3
                                    • Instruction ID: c2823986f493ba22931e66054f4f091489126dc1f461c3248391851acd450ad1
                                    • Opcode Fuzzy Hash: 90249e06e072a12628d4053be00bb6bd704940027191b7678092a7f50a3b71e3
                                    • Instruction Fuzzy Hash: 4FE08679909208EBC744DFA4E940A7DBBB8AB95300F1090EAD84457382C7319B51EB94
                                    Function 00D40A0C Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 89fd6843e9928156e715309d3a62c60133fdcefaf8791dd577e488b5d17a2ca3
                                    • Instruction ID: 37353f31c949f15299a8843d95d6b78c24ce06fd8c427d7d2fb18afa4f5e0b31
                                    • Opcode Fuzzy Hash: 89fd6843e9928156e715309d3a62c60133fdcefaf8791dd577e488b5d17a2ca3
                                    • Instruction Fuzzy Hash: 7BE0A574980209CBDB14DF94D95A7EDBBB1BB48304F244415D102B62A1C7B58884DF71
                                    Function 05DA8990 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e78b022b6810e21660f86f7c08afdb1451fcfdd47a3e292e83fc9345480fafa3
                                    • Instruction ID: 22a53bddb3a98c6ddf571cada9009e948c987edfaef87d73291b95414e2225ba
                                    • Opcode Fuzzy Hash: e78b022b6810e21660f86f7c08afdb1451fcfdd47a3e292e83fc9345480fafa3
                                    • Instruction Fuzzy Hash: CCE04634D09208EFCB44DFA8D9407ACFBF4EB88200F2080EACC5853381C6359A02EB82
                                    Function 05DA9EF0 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 64ef27a2bcb3b31b8631c9cfea5f84c6835f8409929a8dbc62a7c1fb6fd960b0
                                    • Instruction ID: cf6aaf44c9cbbcca6fef4032de1acce9857341983cd5c2da1a036b423fa8e8cc
                                    • Opcode Fuzzy Hash: 64ef27a2bcb3b31b8631c9cfea5f84c6835f8409929a8dbc62a7c1fb6fd960b0
                                    • Instruction Fuzzy Hash: 99E08C35909208EBCB04DFA4E944AADBBB9EB85300F1080AADC0423350D7329E52EB84
                                    Function 00D40A66 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d5b691f145a8e30c1948cd41248b7449205962e158b31c6f9ceffd0a1aaa6612
                                    • Instruction ID: c29fa3b18a646dc1fa53b0d27fc678e24e45fe55aac0878700c77ef8d01c3c86
                                    • Opcode Fuzzy Hash: d5b691f145a8e30c1948cd41248b7449205962e158b31c6f9ceffd0a1aaa6612
                                    • Instruction Fuzzy Hash: 04E04F382492809FCB069B35A859A143FF1AB4A11071445DEE886877B6D674981BCB01
                                    Function 00D4BE98 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 07e7cbf92c641e19758cdf49e8afc1ff2af91e78e1ded40cb6f1a81241c75dd8
                                    • Instruction ID: 223120d94517ef594d1268e37b15ba6b363b0e6c377dad441b0989e7283304ed
                                    • Opcode Fuzzy Hash: 07e7cbf92c641e19758cdf49e8afc1ff2af91e78e1ded40cb6f1a81241c75dd8
                                    • Instruction Fuzzy Hash: 5CE0C2B180520CEBC740EFB4E50879E77F8EF8A201F0004A6A509D3160EB714A10EBA1
                                    Function 05DA97E0 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2b9d792f65ddd961a1a916b7d27f2d4f3175c8e5fb8435adfbb854e10aa6181e
                                    • Instruction ID: d791fed49a82b4b4ef823d5ae6c9b91da2a478a9c2e725ed5d2869a86b97ccf0
                                    • Opcode Fuzzy Hash: 2b9d792f65ddd961a1a916b7d27f2d4f3175c8e5fb8435adfbb854e10aa6181e
                                    • Instruction Fuzzy Hash: 16E0127250620CDBC741EFF0D90479E77F8EF85210F4044B6D505A3160EA715A40D7A1
                                    Function 05DAB310 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cab8bb3d5a5cce1e4c7c55a6531f0f3855c39f63b1e9167c73b83eb32a3a8a6e
                                    • Instruction ID: 0afe70e269961b0e5ca1b603e1706a38a78459c8da957842928aa2148644eb46
                                    • Opcode Fuzzy Hash: cab8bb3d5a5cce1e4c7c55a6531f0f3855c39f63b1e9167c73b83eb32a3a8a6e
                                    • Instruction Fuzzy Hash: CBE0127394520CDBD744EFB4D5047AE77F8EF85210F8044A7D505A3161EE715A4097A6
                                    Function 05DADEE0 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f0bde39e86b018d740ce990bd61532c6c63ba9ab05bd12e804961bd1134f4f1b
                                    • Instruction ID: ccca25c69879a2b4a65308f9686f85cb063c11b787e55952cd9dc892043b18e4
                                    • Opcode Fuzzy Hash: f0bde39e86b018d740ce990bd61532c6c63ba9ab05bd12e804961bd1134f4f1b
                                    • Instruction Fuzzy Hash: F7E0C23490A208DBC704EFA4E94066DBBB5EB89300F1080AAC84917781C7319F42DB80
                                    Function 05D93A4A Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6fb944b26885e7a422aeba129688f7e5d4e862e8a8da6c86a37f2e5af951e313
                                    • Instruction ID: 920d518f731110e92935a1e22b55c7b2fe351ff95aebc138f546b3ee1c20053b
                                    • Opcode Fuzzy Hash: 6fb944b26885e7a422aeba129688f7e5d4e862e8a8da6c86a37f2e5af951e313
                                    • Instruction Fuzzy Hash: EAF015B8A05118CFDB68DF28DC88E99BBB5FB49304F0841D9A519E7391CA31EE818F10
                                    Function 00D4BD08 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0c3340c02fc7d28e4df668f9a7e330a47fd23342cba0ee1074b5a76986f0948e
                                    • Instruction ID: 3a56a24b5dc43b4cea7ea372e55b08b6f8088a623d75f5313042f07e9a2561ac
                                    • Opcode Fuzzy Hash: 0c3340c02fc7d28e4df668f9a7e330a47fd23342cba0ee1074b5a76986f0948e
                                    • Instruction Fuzzy Hash: CBC08C2004520883D1903BF0B60D33C32A87B91215F440022E20C000A4CF785450D67A
                                    Function 00D40840 Relevance: .0, Instructions: 7COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ddce1350ecc63b11531223a19561e03c3eaf59f39d12dba68452c3cb68515295
                                    • Instruction ID: ee42e30c4f1e59f29c6280ac3ea02853cf278c37d82a84ca807ef58cf9351d27
                                    • Opcode Fuzzy Hash: ddce1350ecc63b11531223a19561e03c3eaf59f39d12dba68452c3cb68515295
                                    • Instruction Fuzzy Hash: DCB0928180D2804FCB168222682A5503FA0199210DB8E00EA4C819528BF0DE9C6B4212

                                    Non-executed Functions

                                    Function 00D487F0 Relevance: .2, Instructions: 206COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a0ffa4d23373a577817c8f68de6e788c4d20c84633ab7a22f92b4ddf45330dd7
                                    • Instruction ID: f21e12dc4378f3be40110f0ec6bce2e8281549798d1161d43e715d8cd83735bd
                                    • Opcode Fuzzy Hash: a0ffa4d23373a577817c8f68de6e788c4d20c84633ab7a22f92b4ddf45330dd7
                                    • Instruction Fuzzy Hash: 8CA1D270D05228CFEB64DF2AD9587ADBBF2FB89300F1081EAC40DA6250DBB45A85DF11
                                    Function 00D47E48 Relevance: .2, Instructions: 171COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: add587eb85c5f375ac66dbca8c5c71d2c7dc156bd308af8c886793042417996f
                                    • Instruction ID: 42691b291c39f56d0493fd0821f3f562912db3ac1c61869f5358289e81cfdd27
                                    • Opcode Fuzzy Hash: add587eb85c5f375ac66dbca8c5c71d2c7dc156bd308af8c886793042417996f
                                    • Instruction Fuzzy Hash: 9C715D75A012058FDB09EF6AE85478EBBF2FFC9304F14C02AD006AB265EF71590A8F51
                                    Function 00D47E58 Relevance: .2, Instructions: 165COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1328558448.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d40000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 72dc328d22da2a6ca804eda88f7fe695bd673bb3768fac350ad9d4467c72c808
                                    • Instruction ID: 077991c0b112e68877df6049d51b9d8095d301f33d6edf9a8d826c51199c00d6
                                    • Opcode Fuzzy Hash: 72dc328d22da2a6ca804eda88f7fe695bd673bb3768fac350ad9d4467c72c808
                                    • Instruction Fuzzy Hash: 2E713C75A012058FDB08EF6AE85478EBBF2FFC9304F14C02AD006AB265EF71591A8F51
                                    Function 05D90040 Relevance: .1, Instructions: 101COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8962601ba2f14279250099ec8d5d06202cea5c9f514322698433b3e27dfedd46
                                    • Instruction ID: b06ad5890ee98af09715d2e10ff4a09b6fb92641d498de5b3e43ec51d9a490b9
                                    • Opcode Fuzzy Hash: 8962601ba2f14279250099ec8d5d06202cea5c9f514322698433b3e27dfedd46
                                    • Instruction Fuzzy Hash: D041E8B0E05629CBEF6CCF26DD487DAB6F6BB88300F00C1EAD51DA6254DB745A858F01
                                    Function 05D90007 Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1349003024.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5d90000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6b47887c327c2b680642db34ee63ccdfc20e1dde3e38f5a35599acf331aeb973
                                    • Instruction ID: dd9e44c5df27fd33317a5d8cffc81a847c7aebbfe702c4972ecde946efc47638
                                    • Opcode Fuzzy Hash: 6b47887c327c2b680642db34ee63ccdfc20e1dde3e38f5a35599acf331aeb973
                                    • Instruction Fuzzy Hash: 6A311971D097558FEB29CF3A9848399BBF2AF85300F05C0EAD44CA6256EB740A85CF11

                                    Execution Graph

                                    Execution Coverage:0.8%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:9.6%
                                    Total number of Nodes:115
                                    Total number of Limit Nodes:11
                                    execution_graph 95603 754d73 95604 754d8f 95603->95604 95605 754db7 95604->95605 95606 754dcb 95604->95606 95608 75cac3 NtClose 95605->95608 95613 75cac3 95606->95613 95610 754dc0 95608->95610 95609 754dd4 95616 75eca3 RtlAllocateHeap 95609->95616 95612 754ddf 95614 75cadd 95613->95614 95615 75caee NtClose 95614->95615 95615->95609 95616->95612 95617 75fd53 95618 75fcc3 95617->95618 95620 75fd20 95618->95620 95623 75ec63 95618->95623 95621 75fcfd 95626 75eb83 95621->95626 95629 75cde3 95623->95629 95625 75ec7e 95625->95621 95632 75ce33 95626->95632 95628 75eb9c 95628->95620 95630 75ce00 95629->95630 95631 75ce11 RtlAllocateHeap 95630->95631 95631->95625 95633 75ce50 95632->95633 95634 75ce61 RtlFreeHeap 95633->95634 95634->95628 95635 755113 95640 75512c 95635->95640 95636 7551bf 95637 755177 95638 75eb83 RtlFreeHeap 95637->95638 95639 755187 95638->95639 95640->95636 95640->95637 95641 7551ba 95640->95641 95642 75eb83 RtlFreeHeap 95641->95642 95642->95636 95737 75c0c3 95738 75c0e0 95737->95738 95741 e82df0 LdrInitializeThunk 95738->95741 95739 75c108 95741->95739 95742 75fc23 95743 75fc33 95742->95743 95744 75fc39 95742->95744 95745 75ec63 RtlAllocateHeap 95744->95745 95746 75fc5f 95745->95746 95643 743df3 95646 75cd53 95643->95646 95647 75cd6d 95646->95647 95650 e82c70 LdrInitializeThunk 95647->95650 95648 743e15 95650->95648 95651 743fd3 95655 743fea 95651->95655 95653 74405c 95654 744052 95655->95653 95656 74b783 RtlFreeHeap LdrInitializeThunk 95655->95656 95656->95654 95657 747b33 95658 747b57 95657->95658 95659 747b93 LdrLoadDll 95658->95659 95660 747b5e 95658->95660 95659->95660 95661 e82b60 LdrInitializeThunk 95662 7547dd 95664 7547cd 95662->95664 95663 7548b5 95664->95662 95664->95663 95665 75cac3 NtClose 95664->95665 95667 754961 95665->95667 95666 754998 95667->95666 95668 75eb83 RtlFreeHeap 95667->95668 95669 75498c 95668->95669 95670 7319be 95671 7319d8 95670->95671 95671->95671 95674 7600f3 95671->95674 95677 75e733 95674->95677 95678 75e759 95677->95678 95687 737543 95678->95687 95680 75e76f 95686 731ab7 95680->95686 95690 74b473 95680->95690 95682 75e78e 95683 75ce83 ExitProcess 95682->95683 95684 75e7a3 95682->95684 95683->95684 95701 75ce83 95684->95701 95704 7467e3 95687->95704 95689 737550 95689->95680 95691 74b49f 95690->95691 95726 74b363 95691->95726 95694 74b4e4 95697 74b500 95694->95697 95699 75cac3 NtClose 95694->95699 95695 74b4cc 95696 74b4d7 95695->95696 95698 75cac3 NtClose 95695->95698 95696->95682 95697->95682 95698->95696 95700 74b4f6 95699->95700 95700->95682 95702 75ce9d 95701->95702 95703 75ceae ExitProcess 95702->95703 95703->95686 95706 746800 95704->95706 95705 746819 95705->95689 95706->95705 95711 75d513 95706->95711 95708 746877 95708->95705 95718 759373 NtClose LdrInitializeThunk 95708->95718 95710 7468c8 95710->95689 95713 75d52d 95711->95713 95712 75d55c 95712->95708 95713->95712 95719 75c113 95713->95719 95716 75eb83 RtlFreeHeap 95717 75d5d5 95716->95717 95717->95708 95718->95710 95720 75c12d 95719->95720 95723 e82c0a 95720->95723 95721 75c159 95721->95716 95724 e82c1f LdrInitializeThunk 95723->95724 95725 e82c11 95723->95725 95724->95721 95725->95721 95727 74b37d 95726->95727 95731 74b459 95726->95731 95732 75c1b3 95727->95732 95730 75cac3 NtClose 95730->95731 95731->95694 95731->95695 95733 75c1d0 95732->95733 95736 e835c0 LdrInitializeThunk 95733->95736 95734 74b44d 95734->95730 95736->95734

                                    Executed Functions

                                    Function 00747B33 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 45 747b33-747b5c call 75f763 48 747b62-747b70 call 75fd63 45->48 49 747b5e-747b61 45->49 52 747b80-747b91 call 75e203 48->52 53 747b72-747b7d call 760003 48->53 58 747b93-747ba7 LdrLoadDll 52->58 59 747baa-747bad 52->59 53->52 58->59
                                    APIs
                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00747BA5
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_730000_4N4nldx1wW.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Load
                                    • String ID:
                                    • API String ID: 2234796835-0
                                    • Opcode ID: 169300342ec012082af8d9fc994880b487080d55fc2ea02b2f42f86782b7218c
                                    • Instruction ID: 0230dc72c385e97d2ebeb5e67e51c0a37b58540b3b50c103f7545ee27a63b2de
                                    • Opcode Fuzzy Hash: 169300342ec012082af8d9fc994880b487080d55fc2ea02b2f42f86782b7218c
                                    • Instruction Fuzzy Hash: 8B010CB5E40209EBDB14DAA4DD46FDEB778AB54304F0081A5ED0897281F675EB18CBA1
                                    Function 0075CAC3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 65 75cac3-75cafc call 734823 call 75dcf3 NtClose
                                    APIs
                                    • NtClose.NTDLL(?,ft@,001F0001,?,00000000,?,?,00000104), ref: 0075CAF7
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_730000_4N4nldx1wW.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Close
                                    • String ID:
                                    • API String ID: 3535843008-0
                                    • Opcode ID: 909f47a1c87bf38fdf4ba78142d9f9152a666d85268669cdde3448ef797afaae
                                    • Instruction ID: 57b7023c0b9e97ecf9c588d51eb83872fbb59ecbe24fd451a44d9b507d07c468
                                    • Opcode Fuzzy Hash: 909f47a1c87bf38fdf4ba78142d9f9152a666d85268669cdde3448ef797afaae
                                    • Instruction Fuzzy Hash: B3E04F32600648BBD220AA59DC05FEB775CEFC5720F004419FA0867146C6B5BA1586F4
                                    Function 00E82B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 79 e82b60-e82b6c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: ddf04a33b576f9286ba4de682e9bbff69ff176728faa6ce7a92092c087e9d0c7
                                    • Instruction ID: 6c157099f9bf4c2580bc0ed4ca361e28d27b04528b4c6dfa2748273b060275c7
                                    • Opcode Fuzzy Hash: ddf04a33b576f9286ba4de682e9bbff69ff176728faa6ce7a92092c087e9d0c7
                                    • Instruction Fuzzy Hash: 4990027120240003464571584515616400A87E1301B55D032E1019591DC96589916129
                                    Function 00E82C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 80 e82c70-e82c7c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: b70aaecc12e50f26f4dbec40330433c60851f3bbd0c1c5ba50002d48823cfb8e
                                    • Instruction ID: 85d3ee78ee1a53f9760394782a259203fdcfc4ae2a6999b3797c56cfaf80f4e3
                                    • Opcode Fuzzy Hash: b70aaecc12e50f26f4dbec40330433c60851f3bbd0c1c5ba50002d48823cfb8e
                                    • Instruction Fuzzy Hash: 0E90023120148802D6507158850574A000587D1301F59D422A4429659D8AD589917125
                                    Function 00E82DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 81 e82df0-e82dfc LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 89f383fa4f3cc027825f76536abccbfd0f1913bf9a8106125e8d3ce82666ebac
                                    • Instruction ID: b5020e93d3c3898223087d6999c2c49dc61ca24580c4ca34f95be3de29ffe557
                                    • Opcode Fuzzy Hash: 89f383fa4f3cc027825f76536abccbfd0f1913bf9a8106125e8d3ce82666ebac
                                    • Instruction Fuzzy Hash: 6390023120140413D65171584605707000987D1341F95D423A0429559D9A968A52A125
                                    Function 00E835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 82 e835c0-e835cc LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: df707c1f7d4bfbee4de8270c5eebdb8285e5303a52dd4c331fdd8cb428c17bf2
                                    • Instruction ID: 7419937ecf328d99812fe263b7fb79fbaea19bbf5b959cd5c8a01509ea286edf
                                    • Opcode Fuzzy Hash: df707c1f7d4bfbee4de8270c5eebdb8285e5303a52dd4c331fdd8cb428c17bf2
                                    • Instruction Fuzzy Hash: EA90023160550402D64071584615706100587D1301F65D422A0429569D8BD58A5165A6
                                    Function 0075CE33 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 75ce33-75ce77 call 734823 call 75dcf3 RtlFreeHeap
                                    APIs
                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0075CE72
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_730000_4N4nldx1wW.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FreeHeap
                                    • String ID: wht
                                    • API String ID: 3298025750-1421079373
                                    • Opcode ID: 63ba2baab76ca0d8a404cdf01b5c6ca733275052b2a601c3217dd89653889608
                                    • Instruction ID: ce507c07e37928a096e288a5a9669bfa13babc9287551cc048a380770cf20a0a
                                    • Opcode Fuzzy Hash: 63ba2baab76ca0d8a404cdf01b5c6ca733275052b2a601c3217dd89653889608
                                    • Instruction Fuzzy Hash: C8E06D72600245BBD624EE58DC55EEB33ADEF89711F000418F908A7242C674BD1086F4
                                    Function 0075CDE3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 60 75cde3-75ce27 call 734823 call 75dcf3 RtlAllocateHeap
                                    APIs
                                    • RtlAllocateHeap.NTDLL(?,0074E92E,?,?,00000000,?,0074E92E,?,?,?), ref: 0075CE22
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_730000_4N4nldx1wW.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: d4c667b25b8bd2f1b48aa472ffa5a0580f57fc222fd4daf869abff034f0141c6
                                    • Instruction ID: e5949759254fd95b3d1059b28ce088977ae40069e33ef34b7c5e1050535b5472
                                    • Opcode Fuzzy Hash: d4c667b25b8bd2f1b48aa472ffa5a0580f57fc222fd4daf869abff034f0141c6
                                    • Instruction Fuzzy Hash: CEE06D72600245BBD614EE59DC45FEB77ACEF89710F004019F908A7242C670B9118BB4
                                    Function 0075CE83 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 70 75ce83-75cebc call 734823 call 75dcf3 ExitProcess
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1964444469.0000000000730000.00000040.00000400.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_730000_4N4nldx1wW.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ExitProcess
                                    • String ID:
                                    • API String ID: 621844428-0
                                    • Opcode ID: 12bedb65436693dad92356836a585007b63e299c9c51b7fbc10430019feb2a8f
                                    • Instruction ID: 860e9164d2365e23dc23ca9eafb6e47484a7cfc578e5cf040573dd7e3eb39712
                                    • Opcode Fuzzy Hash: 12bedb65436693dad92356836a585007b63e299c9c51b7fbc10430019feb2a8f
                                    • Instruction Fuzzy Hash: A4E04F36200604BBD220AA59DC11FD7775CEBC5765F004015FF0867142C6B0BA1186F0
                                    Function 00E82C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 75 e82c0a-e82c0f 76 e82c1f-e82c26 LdrInitializeThunk 75->76 77 e82c11-e82c18 75->77
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 2ad7d8de07e164cdeab9aaa3021ffedb39f145a5802040141513290090aae4b8
                                    • Instruction ID: b485d3cda7771a84b3d6e95d860d8815f291c2be0f06a90920970987533fc9c0
                                    • Opcode Fuzzy Hash: 2ad7d8de07e164cdeab9aaa3021ffedb39f145a5802040141513290090aae4b8
                                    • Instruction Fuzzy Hash: 8CB09B719015C5C5DF51F760470971B790067D1705F15D076D3075646E4778C5D1F275

                                    Non-executed Functions

                                    Function 00EC2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-2160512332
                                    • Opcode ID: 8da77809ce9dadfd6309c4687c71491bc202c85778de9ed2fb31d6286998165c
                                    • Instruction ID: 37cbc72a6a84ffe458d50efb4b460c07d869983fc05f7f8149bf4df6e4a89734
                                    • Opcode Fuzzy Hash: 8da77809ce9dadfd6309c4687c71491bc202c85778de9ed2fb31d6286998165c
                                    • Instruction Fuzzy Hash: 1092AA71608341AFE724DF24C981F6BB7E8BB84714F04682DFA94E7291D771E846CB92
                                    Function 00E78620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                    Download Yara Rule
                                    Strings
                                    • Critical section address., xrefs: 00EB5502
                                    • Invalid debug info address of this critical section, xrefs: 00EB54B6
                                    • Critical section address, xrefs: 00EB5425, 00EB54BC, 00EB5534
                                    • double initialized or corrupted critical section, xrefs: 00EB5508
                                    • 8, xrefs: 00EB52E3
                                    • Critical section debug info address, xrefs: 00EB541F, 00EB552E
                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00EB540A, 00EB5496, 00EB5519
                                    • corrupted critical section, xrefs: 00EB54C2
                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00EB54E2
                                    • Thread is in a state in which it cannot own a critical section, xrefs: 00EB5543
                                    • Address of the debug info found in the active list., xrefs: 00EB54AE, 00EB54FA
                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00EB54CE
                                    • undeleted critical section in freed memory, xrefs: 00EB542B
                                    • Thread identifier, xrefs: 00EB553A
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                    • API String ID: 0-2368682639
                                    • Opcode ID: 883ee7808dd326db189abf9a5fe9d4a749a63773f7dd56b13ce5d93ec5beda4d
                                    • Instruction ID: 1a4bcf58ddd7c4ef4bbdef77bf427e24d8676a567b17dc6e9c16282207a9f784
                                    • Opcode Fuzzy Hash: 883ee7808dd326db189abf9a5fe9d4a749a63773f7dd56b13ce5d93ec5beda4d
                                    • Instruction Fuzzy Hash: A8819CB1A41758AFEB20CF94D945BEEBBF5BB08B14F20A119F508B7290D7B5AD40CB50
                                    Function 00E729F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                    Download Yara Rule
                                    Strings
                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00EB22E4
                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00EB2409
                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00EB2412
                                    • @, xrefs: 00EB259B
                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00EB25EB
                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00EB2498
                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00EB2624
                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00EB2602
                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 00EB261F
                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00EB24C0
                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00EB2506
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                    • API String ID: 0-4009184096
                                    • Opcode ID: 75181bd09d0667c341cbaed185f1446acda91e153878f7b01b59ca713b97d47a
                                    • Instruction ID: 771fc1e8bfb1ac11b84a641e6be5c680f1ee7bf442b8a69edaafc2a14855ad51
                                    • Opcode Fuzzy Hash: 75181bd09d0667c341cbaed185f1446acda91e153878f7b01b59ca713b97d47a
                                    • Instruction Fuzzy Hash: ED024CB19042289BDB21DB14CD81BDEB7B8AF54304F0061EEA74DB7251EB71AE84CF59
                                    Function 00EE8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                                    • API String ID: 0-2515994595
                                    • Opcode ID: 780fbccef1cd4e01772d0e470aee035beb9ff5e70c86bfcc2bd536a86c71ec31
                                    • Instruction ID: 39e01fc2521379ee299aa0de9daccd0f4ac4b729f97e7008bc11e23737dd6bf5
                                    • Opcode Fuzzy Hash: 780fbccef1cd4e01772d0e470aee035beb9ff5e70c86bfcc2bd536a86c71ec31
                                    • Instruction Fuzzy Hash: 1C51E2711083999BC328DF198945BABB7ECEF84744F24591DF89DE3280EB70D944C7A2
                                    Function 00EF0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                    • API String ID: 0-1700792311
                                    • Opcode ID: 31e41659d7c4ffbe56d8ae9e26bfd2e7cea2262ea83c962f8cd913da544826c2
                                    • Instruction ID: 66ef662a2e56e6622d4e249d45a79da7badf93bdb05c4a59a4de63cb49a4cdbe
                                    • Opcode Fuzzy Hash: 31e41659d7c4ffbe56d8ae9e26bfd2e7cea2262ea83c962f8cd913da544826c2
                                    • Instruction Fuzzy Hash: FDD1E031600689DFCB21DF68C446AB9BBF2FF49714F09A059E645BB663C735E980DB10
                                    Function 00E4EA80 Relevance: 9.8, Strings: 7, Instructions: 1073COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T$`V${
                                    • API String ID: 0-2184846227
                                    • Opcode ID: a4f62d075af2201aef9410aec41cc409d8955c18b7d0836c06e30470ab8a475b
                                    • Instruction ID: b0fee404d4cff680c946b97acc37af3a44e802babbbea2282c57caae563eb7bc
                                    • Opcode Fuzzy Hash: a4f62d075af2201aef9410aec41cc409d8955c18b7d0836c06e30470ab8a475b
                                    • Instruction Fuzzy Hash: 02A24BB0A056298FDB64DF14D8887A9B7B1BF89704F2452E9D41DBB391DB70AE85CF00
                                    Function 00EC89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                    Download Yara Rule
                                    Strings
                                    • AVRF: -*- final list of providers -*- , xrefs: 00EC8B8F
                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 00EC8A3D
                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 00EC8A67
                                    • VerifierFlags, xrefs: 00EC8C50
                                    • VerifierDlls, xrefs: 00EC8CBD
                                    • VerifierDebug, xrefs: 00EC8CA5
                                    • HandleTraces, xrefs: 00EC8C8F
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                    • API String ID: 0-3223716464
                                    • Opcode ID: a62137883105774e111670fc78f47074974aa2098c3aee914e682c6e81940de3
                                    • Instruction ID: 951f94569deb4fccc6b03927fb382ffbd3dfdc3c5f5bbb5a8c97b78ef5a9552e
                                    • Opcode Fuzzy Hash: a62137883105774e111670fc78f47074974aa2098c3aee914e682c6e81940de3
                                    • Instruction Fuzzy Hash: 059165B1644714AFC711DF289B81F5BB7E9AB80B24F05285CF9817B292CB72DC02D791
                                    Function 00E763FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-792281065
                                    • Opcode ID: 6ccd83ffaf6149f7d770cd116e31c1b38b7268750e6d66a9489619f7a17f0cb8
                                    • Instruction ID: ec78ede85463aa7d079928a2514cfd1986d744b66fb90aedbb3b9f90751f3a81
                                    • Opcode Fuzzy Hash: 6ccd83ffaf6149f7d770cd116e31c1b38b7268750e6d66a9489619f7a17f0cb8
                                    • Instruction Fuzzy Hash: A89159B0A05B14ABDB28DF14EC45BEA37E1BF41B2CF146029F9187B2D2E7748841E791
                                    Function 00E3645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                    Download Yara Rule
                                    Strings
                                    • minkernel\ntdll\ldrinit.c, xrefs: 00E99A11, 00E99A3A
                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00E99A2A
                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 00E99A01
                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00E999ED
                                    • apphelp.dll, xrefs: 00E36496
                                    • LdrpInitShimEngine, xrefs: 00E999F4, 00E99A07, 00E99A30
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-204845295
                                    • Opcode ID: a8d99fb8ed7e03d9cd7b0b1a38eff0aaf33ef78467ab2b07bf08289a6bba367e
                                    • Instruction ID: 5e0be57868659760e94e25d9c7842841273b77827565066e991b44f62de10af4
                                    • Opcode Fuzzy Hash: a8d99fb8ed7e03d9cd7b0b1a38eff0aaf33ef78467ab2b07bf08289a6bba367e
                                    • Instruction Fuzzy Hash: C5510371208304AFD724DF24DC46BAB7BE9EB84754F00692DF585BB2A2D770E904DB92
                                    Function 00E7C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                    Download Yara Rule
                                    Strings
                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 00EB81E5
                                    • minkernel\ntdll\ldrinit.c, xrefs: 00E7C6C3
                                    • minkernel\ntdll\ldrredirect.c, xrefs: 00EB8181, 00EB81F5
                                    • LdrpInitializeImportRedirection, xrefs: 00EB8177, 00EB81EB
                                    • Loading import redirection DLL: '%wZ', xrefs: 00EB8170
                                    • LdrpInitializeProcess, xrefs: 00E7C6C4
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                    • API String ID: 0-475462383
                                    • Opcode ID: c0357316899a7f0acad30f7db4bb944f55c21fecb8ceed6ee6520ef9813fe24e
                                    • Instruction ID: 18aef2155d632137b93fbb53cbbc307bd68cec671619e96e8eb7b81078a2224d
                                    • Opcode Fuzzy Hash: c0357316899a7f0acad30f7db4bb944f55c21fecb8ceed6ee6520ef9813fe24e
                                    • Instruction Fuzzy Hash: 6C312971645315AFC214EF68DD46E5B77D9EF80B14F04155CF888BB392D620DD04CBA2
                                    Function 00E72674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                    Download Yara Rule
                                    Strings
                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00EB2178
                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00EB219F
                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00EB21BF
                                    • RtlGetAssemblyStorageRoot, xrefs: 00EB2160, 00EB219A, 00EB21BA
                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00EB2180
                                    • SXS: %s() passed the empty activation context, xrefs: 00EB2165
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                    • API String ID: 0-861424205
                                    • Opcode ID: 379b2420950458698e385acf1db9a3b8266d23aeac6e9935cd6726a0b15d8bba
                                    • Instruction ID: 04c8e6494cb908b2831869e030c9d0c9ab66ede894ad27ffc7665305aea05718
                                    • Opcode Fuzzy Hash: 379b2420950458698e385acf1db9a3b8266d23aeac6e9935cd6726a0b15d8bba
                                    • Instruction Fuzzy Hash: 73310732B41334B7EB298A999C46F9B76B9DF54B54F05A06DFB08BB241D2709E01C6A0
                                    Function 00E8096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00E82DF0: LdrInitializeThunk.NTDLL ref: 00E82DFA
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E80BA3
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E80BB6
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E80D60
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E80D74
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                    • String ID:
                                    • API String ID: 1404860816-0
                                    • Opcode ID: 1393d6069fd57c0e3f2f4c89aafe7f3e3f47e5a1f93de1e3ff8c3a4911e4a541
                                    • Instruction ID: 255cb7513e16d8c85333d4cccb38c7728e0fa873c931284ba6a2b260680a8d7a
                                    • Opcode Fuzzy Hash: 1393d6069fd57c0e3f2f4c89aafe7f3e3f47e5a1f93de1e3ff8c3a4911e4a541
                                    • Instruction Fuzzy Hash: 954259719007159FDB61DF64C881BEAB7F4BF44304F1495AAE98DEB242E770AA84CF60
                                    Function 00E529A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                    • API String ID: 0-3126994380
                                    • Opcode ID: 7f1b10dbafda17041a9127c0f35359fab883c8289ff8d489b8c552b5aa518da7
                                    • Instruction ID: b6611d4e1ad8c6b321f95f609861520ca94b3ad777581bde330f0bdbaa24d7d6
                                    • Opcode Fuzzy Hash: 7f1b10dbafda17041a9127c0f35359fab883c8289ff8d489b8c552b5aa518da7
                                    • Instruction Fuzzy Hash: 5892BB70A042489FDB25CF68C4407AEBBF1FF49305F18985DE95ABB292D734AA49CF50
                                    Function 00E4A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                    • API String ID: 0-379654539
                                    • Opcode ID: cef45fe1f48275666e2c5daa2b5b25e9dacd5ec5101eb35b0d588ec4b47c46b1
                                    • Instruction ID: 7480d255e917c9660abbf18fce5d0767f835b3db8c774871a8b3395c22387779
                                    • Opcode Fuzzy Hash: cef45fe1f48275666e2c5daa2b5b25e9dacd5ec5101eb35b0d588ec4b47c46b1
                                    • Instruction Fuzzy Hash: 1AC1AA741483828FC710DF18D144BAAB7E4FF89328F08686EF995AB251E378D949CB53
                                    Function 00E78402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                    Download Yara Rule
                                    Strings
                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00E7855E
                                    • minkernel\ntdll\ldrinit.c, xrefs: 00E78421
                                    • @, xrefs: 00E78591
                                    • LdrpInitializeProcess, xrefs: 00E78422
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-1918872054
                                    • Opcode ID: 36827212df0bc30773b6f3dd83a672134b83725118463972c4db45eb9662cd11
                                    • Instruction ID: 28f2efd3acbd0f02b8657dbd37eb836549fb781549113dc3cbbe506bde156b19
                                    • Opcode Fuzzy Hash: 36827212df0bc30773b6f3dd83a672134b83725118463972c4db45eb9662cd11
                                    • Instruction Fuzzy Hash: 8991DC71549744AFD721EF20CD45FABBBE8AF94744F00692EFA88E2051E730D944CB62
                                    Function 00E7273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                    Download Yara Rule
                                    Strings
                                    • .Local, xrefs: 00E728D8
                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00EB22B6
                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00EB21D9, 00EB22B1
                                    • SXS: %s() passed the empty activation context, xrefs: 00EB21DE
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                    • API String ID: 0-1239276146
                                    • Opcode ID: 9bb03d6e72fa86c88dbfb2ef4b470061d78accc54e42165cf7887b681407313e
                                    • Instruction ID: c32ec241a8fe068a74d13cbaa8364b6f5b40e1a785fa2ab084cd89704ce1d2a5
                                    • Opcode Fuzzy Hash: 9bb03d6e72fa86c88dbfb2ef4b470061d78accc54e42165cf7887b681407313e
                                    • Instruction Fuzzy Hash: C8A190319012299BCB24CF64DC84BE9B3B5BF58318F2995EDDA48B7251D7309E81CF90
                                    Function 00E74AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                    Download Yara Rule
                                    Strings
                                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00EB3437
                                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00EB3456
                                    • RtlDeactivateActivationContext, xrefs: 00EB3425, 00EB3432, 00EB3451
                                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 00EB342A
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                    • API String ID: 0-1245972979
                                    • Opcode ID: e3b71899884f166796c087e00a148d699fa911ebc5a01b457e76aa43e73d641d
                                    • Instruction ID: c0dde65c8cb6b465997b937db4e2e6283b6c132eb4dca75471a17705927d6d93
                                    • Opcode Fuzzy Hash: e3b71899884f166796c087e00a148d699fa911ebc5a01b457e76aa43e73d641d
                                    • Instruction Fuzzy Hash: C0610472640B119BD722CF28C842B6BF3E5EF80B54F259529F869BB290D730ED01CB91
                                    Function 00E464AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                    Download Yara Rule
                                    Strings
                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00EA1028
                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00EA0FE5
                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00EA106B
                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00EA10AE
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                    • API String ID: 0-1468400865
                                    • Opcode ID: 88b08d99f186c71c57d550b45d559358dc1085ebb6386df7ae3f364df5f28811
                                    • Instruction ID: c585dc96b6191c741f53c1c238450ab0c4f3b1bf41028f8ff456dbae9ad94544
                                    • Opcode Fuzzy Hash: 88b08d99f186c71c57d550b45d559358dc1085ebb6386df7ae3f364df5f28811
                                    • Instruction Fuzzy Hash: 8C71E1B19043049FCB20EF14D885F977BE8AF46764F102868F948AB297D735D588CBD2
                                    Function 00E6245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrpDynamicShimModule, xrefs: 00EAA998
                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00EAA992
                                    • minkernel\ntdll\ldrinit.c, xrefs: 00EAA9A2
                                    • TG, xrefs: 00E62462
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TG$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-2078120800
                                    • Opcode ID: c897b723aee41dd8b3fc4d8743539f9abfa4f0dd3e4c69e32ebb527be4858f05
                                    • Instruction ID: 1e1256400a43446ae30cd700c9bd790bca133fb8aad9afc5163a2477c8f4d2bd
                                    • Opcode Fuzzy Hash: c897b723aee41dd8b3fc4d8743539f9abfa4f0dd3e4c69e32ebb527be4858f05
                                    • Instruction Fuzzy Hash: DD315B71A00305ABDB20DF58EC41AAA77F5FB89B24F19502DF911BF250CBB0AD41D741
                                    Function 00E50770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-4253913091
                                    • Opcode ID: 320b81babfc12cecfc3106cdb23389d0c0b7da67531fd38c743e71262efd2479
                                    • Instruction ID: 198e0d77aa2a264e1da5f86fa8bb7218c6f84adc97347917daf5972512d71207
                                    • Opcode Fuzzy Hash: 320b81babfc12cecfc3106cdb23389d0c0b7da67531fd38c743e71262efd2479
                                    • Instruction Fuzzy Hash: 76F1AD31600A05DFDB15CF68C884BAAB7F5FF89304F249569E816AB392D734ED85CB90
                                    Function 00E66962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $@
                                    • API String ID: 0-1077428164
                                    • Opcode ID: 0706c1725781f27d973fd5b6e335c6a7023f2ce9fe11d22b987bafba98bdd536
                                    • Instruction ID: 97e1aafdc7e48a56c20978a184297d8b4c680589623fa0f31cb90ab45be25a26
                                    • Opcode Fuzzy Hash: 0706c1725781f27d973fd5b6e335c6a7023f2ce9fe11d22b987bafba98bdd536
                                    • Instruction Fuzzy Hash: ADC29D7164C3418FDB25CF24D841BABBBE5AF89788F14A92DF9C9A7241D734E804CB52
                                    Function 00E3A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: FilterFullPath$UseFilter$\??\
                                    • API String ID: 0-2779062949
                                    • Opcode ID: 9cc67be5dfcf24dd2e9df0e82cda9d1497717c1750687c63fb2570496abaa3d1
                                    • Instruction ID: 5fe68aa024e6a19857199d90e2386956e7377d278bd4eec432ad13a4ba8fd07e
                                    • Opcode Fuzzy Hash: 9cc67be5dfcf24dd2e9df0e82cda9d1497717c1750687c63fb2570496abaa3d1
                                    • Instruction Fuzzy Hash: D8A167719016299BDF21EF24CC89BEAB7B8EF48714F1051EAE908B7250D7359E84CF50
                                    Function 00E60BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                    Download Yara Rule
                                    Strings
                                    • minkernel\ntdll\ldrinit.c, xrefs: 00EAA121
                                    • Failed to allocated memory for shimmed module list, xrefs: 00EAA10F
                                    • LdrpCheckModule, xrefs: 00EAA117
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-161242083
                                    • Opcode ID: ad583dbe321badc4cc7ee3a33bb4bac5ffad63c807081169aa13ba84191b1877
                                    • Instruction ID: c91cd56ed7f4ec881f865d452cdd01af30525c619b84418c919463336bd9175e
                                    • Opcode Fuzzy Hash: ad583dbe321badc4cc7ee3a33bb4bac5ffad63c807081169aa13ba84191b1877
                                    • Instruction Fuzzy Hash: 6971FF70A40205AFCB14DF68DD81ABEB7F1EB88318F18942DE806FB251E734AE41DB51
                                    Function 00E50A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-1334570610
                                    • Opcode ID: 8b3e6a900686356f27e57f2c86666d123980a8f1fafd97101c5b2e78a54f0ae5
                                    • Instruction ID: 85a9e0217e18db985f665b19f9a82c678ccfb8e76e3e27808cc3cc1c5ac9ec2a
                                    • Opcode Fuzzy Hash: 8b3e6a900686356f27e57f2c86666d123980a8f1fafd97101c5b2e78a54f0ae5
                                    • Instruction Fuzzy Hash: 0761E331600705DFDB28CF24C881BAABBE1FF85709F249959F845AF296D770E885CB91
                                    Function 00E7C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 00EB82DE
                                    • minkernel\ntdll\ldrinit.c, xrefs: 00EB82E8
                                    • Failed to reallocate the system dirs string !, xrefs: 00EB82D7
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-1783798831
                                    • Opcode ID: 1f51a47924e6e98404824b0247cacd3f64e600dfc5e16d222ec2222c6230a484
                                    • Instruction ID: c4f343a52d2ed243ca413187aca4388f973e9a3e31aa2557399f9b02d6ec29a3
                                    • Opcode Fuzzy Hash: 1f51a47924e6e98404824b0247cacd3f64e600dfc5e16d222ec2222c6230a484
                                    • Instruction Fuzzy Hash: 8F41F071548304ABC724EB74DD46B9B77E8AF45764F10A82EF948F72A1EBB0D800DB91
                                    Function 00EFC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                    Download Yara Rule
                                    Strings
                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 00EFC1C5
                                    • PreferredUILanguages, xrefs: 00EFC212
                                    • @, xrefs: 00EFC1F1
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                    • API String ID: 0-2968386058
                                    • Opcode ID: 0e0e5be9441eb14806d99a36eb42fbf71a463e51fdefd75ad18ae07e512f183f
                                    • Instruction ID: 1758e068986e7ac77a929d4ecda2bb64d2c7218bb89ea91c2cc4c70390a78fee
                                    • Opcode Fuzzy Hash: 0e0e5be9441eb14806d99a36eb42fbf71a463e51fdefd75ad18ae07e512f183f
                                    • Instruction Fuzzy Hash: FD417D72E0061DABEB11DAD4C981FEEB7FCEB54704F20506AEA05B72A0D7749E44CB90
                                    Function 00ED4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                    • API String ID: 0-1373925480
                                    • Opcode ID: ee9bb6d2891aefb465ad1ec7787d77ca9d9eae4ca9b0a2c900bd3ff3374e75d4
                                    • Instruction ID: 5e272134028f1c2242d2f5c70cdc033eece1c6aff66e12fb207618d5e6b1dc5e
                                    • Opcode Fuzzy Hash: ee9bb6d2891aefb465ad1ec7787d77ca9d9eae4ca9b0a2c900bd3ff3374e75d4
                                    • Instruction Fuzzy Hash: 2C4122B19052988BEB22DBA4C841BADB7F8EF65344F25245AE841FB7D2D7358942CB10
                                    Function 00EC4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrpCheckRedirection, xrefs: 00EC488F
                                    • minkernel\ntdll\ldrredirect.c, xrefs: 00EC4899
                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 00EC4888
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                    • API String ID: 0-3154609507
                                    • Opcode ID: be17c5900f4589dbeade20d85cd8de9028c4c5507b37c9373e138bd0a16bd511
                                    • Instruction ID: aebe4a277273ce49956c0bb49bbab48b8b842cc909a8ba787341233a595c925a
                                    • Opcode Fuzzy Hash: be17c5900f4589dbeade20d85cd8de9028c4c5507b37c9373e138bd0a16bd511
                                    • Instruction Fuzzy Hash: 6241E1B3A042549BCB24CF18DA60F6677E5AB49B54B05216EFC84F7391D722DC02DB81
                                    Function 00E4A2C3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: PS$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                    • API String ID: 0-405261330
                                    • Opcode ID: 43c62eabd5d84cfecdb51e661204b8d7cd34316055369d7a5b5c40f9f5a79183
                                    • Instruction ID: 1ed07acc71f0f29b8eda153e1878625b5d0add3eef25c40c89190ac4f4a2ffa3
                                    • Opcode Fuzzy Hash: 43c62eabd5d84cfecdb51e661204b8d7cd34316055369d7a5b5c40f9f5a79183
                                    • Instruction Fuzzy Hash: FA41DE31A40645CBCB21CF69D840BAE77B4FF89314F2860A9E901FB291E335EE40CB51
                                    Function 00E50BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-2558761708
                                    • Opcode ID: 758bc1f78d83428dca97ebde59c29299c74eff10128187ab721af17ea615fdf5
                                    • Instruction ID: cdf4ea04d5ca70b7c93c926ac1e5b25b81ba4f6810efea54428b0db46d27a5a4
                                    • Opcode Fuzzy Hash: 758bc1f78d83428dca97ebde59c29299c74eff10128187ab721af17ea615fdf5
                                    • Instruction Fuzzy Hash: F911CD32315901DFCB58C614C886BBAB3A5EF8972AF25A519F817EF291DB30EC84C751
                                    Function 00EC20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                    Download Yara Rule
                                    Strings
                                    • minkernel\ntdll\ldrinit.c, xrefs: 00EC2104
                                    • LdrpInitializationFailure, xrefs: 00EC20FA
                                    • Process initialization failed with status 0x%08lx, xrefs: 00EC20F3
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-2986994758
                                    • Opcode ID: 6c14ac1113e5ffd6097be95551064c61cc251c4f17c1e83c4209dee5f3fe92aa
                                    • Instruction ID: ce77197383dccfb0e29d91625c5e518f7162853a0df061a56500e8d34079af74
                                    • Opcode Fuzzy Hash: 6c14ac1113e5ffd6097be95551064c61cc251c4f17c1e83c4209dee5f3fe92aa
                                    • Instruction Fuzzy Hash: 50F0227064130CBBD728EB48DD03FDA37A8EB80B18F04106CF700772C1D2B0AA41D681
                                    Function 00E503E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: #%u
                                    • API String ID: 48624451-232158463
                                    • Opcode ID: c6e0a7badd6762ff3a810ab4a33045410e924786ea2fcd8858e05ea6808fb822
                                    • Instruction ID: fec0cbc683acd44c7c71863a9551a79a2ec92c6b956ca6d78702c0ff970072ce
                                    • Opcode Fuzzy Hash: c6e0a7badd6762ff3a810ab4a33045410e924786ea2fcd8858e05ea6808fb822
                                    • Instruction Fuzzy Hash: FC716AB1A0010A9FDB01DFA8C991FAEB7F8AF48704F151465F905BB291EA34EE05CB60
                                    Function 00E4C7C0 Relevance: 3.5, Strings: 2, Instructions: 960COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: MUI$\U
                                    • API String ID: 0-3971960151
                                    • Opcode ID: 6210de9cfde2532873e5b9d2ac80a917ab332fed93ef0a4448a2e93c1e5eeeb6
                                    • Instruction ID: 88552e7dc793d4eb60ee0694e3f1050f70da13c0572f1a7f6452da694d8b7a28
                                    • Opcode Fuzzy Hash: 6210de9cfde2532873e5b9d2ac80a917ab332fed93ef0a4448a2e93c1e5eeeb6
                                    • Instruction Fuzzy Hash: 47825B75E052188BDB64CFA9E880BEDB7B1FF48314F24916AE859BB350D770AD81CB50
                                    Function 00E4A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrResSearchResource Exit, xrefs: 00E4AA25
                                    • LdrResSearchResource Enter, xrefs: 00E4AA13
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                    • API String ID: 0-4066393604
                                    • Opcode ID: 180ff19e269fb06b1d03a5ccdd18cc86849bd9a2147a399d169dda45136ae201
                                    • Instruction ID: 82243834631005c092bbd7c47cef075cf6ad70effd863e3166256da2be03f751
                                    • Opcode Fuzzy Hash: 180ff19e269fb06b1d03a5ccdd18cc86849bd9a2147a399d169dda45136ae201
                                    • Instruction Fuzzy Hash: 05E18071E402189FDB218EA8D980BEEB7B9EF59324F18603AF901FB251D734AD41DB51
                                    Function 00F0A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: `$`
                                    • API String ID: 0-197956300
                                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                    • Instruction ID: b8fd3baaea8ca7ee9833a893174c3dcf281607b68531ef75e63459a036e0f7fc
                                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                    • Instruction Fuzzy Hash: 38C1C0326043429BDB25CF28C841B6BBBE5BFC4324F188A2DF995CA2D1D775D905EB42
                                    Function 00EBE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: Legacy$UEFI
                                    • API String ID: 2994545307-634100481
                                    • Opcode ID: e5289168c39426e476f961b15598386f3ec543162823b9d0061f8ab3c6d6f1f2
                                    • Instruction ID: bf0680fe4ba70ddbee2ac30e6292c6ddffe207b2d8a63ca2c9d3c9458b0caea1
                                    • Opcode Fuzzy Hash: e5289168c39426e476f961b15598386f3ec543162823b9d0061f8ab3c6d6f1f2
                                    • Instruction Fuzzy Hash: 8F612971E007189FDB18DFA88841AEEBBF5FB48704F24906EE559FB391DA31A940DB50
                                    Function 00EE43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$MUI
                                    • API String ID: 0-17815947
                                    • Opcode ID: 951b600da09b52423eb193a945cdbb69d109e08ffc7786009dfe6900f8ddb753
                                    • Instruction ID: 9f70bd7dd7fe4bf70d1238de64dac62b82a11f3666f2a5aa6543f371c69cdd7e
                                    • Opcode Fuzzy Hash: 951b600da09b52423eb193a945cdbb69d109e08ffc7786009dfe6900f8ddb753
                                    • Instruction Fuzzy Hash: 805147B1E0025DAFDB11DFA5CC81AEEBBF8EB48754F101529E615B7291D7309E09CB60
                                    Function 00E404E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                    Download Yara Rule
                                    Strings
                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00E4063D
                                    • kLsE, xrefs: 00E40540
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                    • API String ID: 0-2547482624
                                    • Opcode ID: d6be3ab54c66eb00ba9041deaad7b09fb2cf5089f7b52b03bdd53fc11a57a711
                                    • Instruction ID: 0f3d7521ac3b8ec98620d4cadea75aa6ef2263094fe8db19fd1fc4823d873cda
                                    • Opcode Fuzzy Hash: d6be3ab54c66eb00ba9041deaad7b09fb2cf5089f7b52b03bdd53fc11a57a711
                                    • Instruction Fuzzy Hash: 3551D1715047429FC724EF24D4446A7B7E8EF84308F00A83EEADAA7641E774E945CF92
                                    Function 00E7A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: Cleanup Group$Threadpool!
                                    • API String ID: 2994545307-4008356553
                                    • Opcode ID: 140bed706edcc9ff815b4f3acdc749bce11df00edd16bad3ca22023f64a7f1eb
                                    • Instruction ID: e6194c272936556c4b2caaf48aba5b2a6d8e694f2b69952eba291624e12577e5
                                    • Opcode Fuzzy Hash: 140bed706edcc9ff815b4f3acdc749bce11df00edd16bad3ca22023f64a7f1eb
                                    • Instruction Fuzzy Hash: D401ADB2240B04EFD311DF54CD46B1A77E8E784725F088939A55CDB190E334D905DB47
                                    Function 00EEA118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @
                                    • API String ID: 0-2766056989
                                    • Opcode ID: 3d8028d6a683d3d9e8a10ff02b1b3fcbd57e6db846cbf9d0c9738a5d7c0239e0
                                    • Instruction ID: a3f9d249294cb972c74c731df35d550f56ff493cc3aedf5acce72dd47f608fb0
                                    • Opcode Fuzzy Hash: 3d8028d6a683d3d9e8a10ff02b1b3fcbd57e6db846cbf9d0c9738a5d7c0239e0
                                    • Instruction Fuzzy Hash: 8922E5742046D98BD724CF2AC0503B6B7F1AF45308F1C946EE896AF285E375F851DB62
                                    Function 00EC6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: b1fad347317d547b13ef7b623ff8a31b925af8fc0e50e34557d5ced60ebcb547
                                    • Instruction ID: 9514745d1456c2478073c271ee3b1b2fc4b416bc3c175f72661d79c28be0d0db
                                    • Opcode Fuzzy Hash: b1fad347317d547b13ef7b623ff8a31b925af8fc0e50e34557d5ced60ebcb547
                                    • Instruction Fuzzy Hash: 6A9160B1940219ABDB21DB94CD85FAFB7F8EF04B50F201429F601BB291D775AD05CBA0
                                    Function 00EEE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: fd0cea62df17a9d59bcb80ba492b42f6d85a32f773b87e2bf35eaef7ea44a330
                                    • Instruction ID: a52b5cf0ea1fca1882ae66e10676ca1da75d91d0659fd07d76fd147a5d07cd0e
                                    • Opcode Fuzzy Hash: fd0cea62df17a9d59bcb80ba492b42f6d85a32f773b87e2bf35eaef7ea44a330
                                    • Instruction Fuzzy Hash: CC91DE32900689ABDB22AFA2DC45FEFBBB9EF45744F101029F504B7361EB349905CB90
                                    Function 00E7A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: GlobalTags
                                    • API String ID: 0-1106856819
                                    • Opcode ID: aae0df6be78d81af9c84bb2245a4b62a3e7d888c6c7c88f60c072bbe980c17dc
                                    • Instruction ID: aec405ccf858b79f79dd0977fcb049588c96a592b4b68f3d04bf88017daa1635
                                    • Opcode Fuzzy Hash: aae0df6be78d81af9c84bb2245a4b62a3e7d888c6c7c88f60c072bbe980c17dc
                                    • Instruction Fuzzy Hash: 10716C75E0021A9FDF28CF98D5916EEBBB2BF48718F24912EE805B7250DB389D41CB50
                                    Function 00EE4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .mui
                                    • API String ID: 0-1199573805
                                    • Opcode ID: 4ac13d2cbd879595ff3e3751d393d32fb91e6c4ff5ff75dbcd3c8ac23948b513
                                    • Instruction ID: e4aa9463c8c2772b189202792d807d890c54a3a5e2c170de6860d57c29fb5973
                                    • Opcode Fuzzy Hash: 4ac13d2cbd879595ff3e3751d393d32fb91e6c4ff5ff75dbcd3c8ac23948b513
                                    • Instruction Fuzzy Hash: 2E519FF2D002699BCF14DF9AD840AEEB7B5AF44B14F05512AE915BB381E7349D01CBA4
                                    Function 00E5E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: EXT-
                                    • API String ID: 0-1948896318
                                    • Opcode ID: f54dbd9adc0d464c1bdb2a1a677a563f2ad9b854a9acbc6be666d8047ee6ecb0
                                    • Instruction ID: 96ad41b9cf9e43f8a4ca2a67cc26f690f49369fd05e313b2a6a60da657ece8da
                                    • Opcode Fuzzy Hash: f54dbd9adc0d464c1bdb2a1a677a563f2ad9b854a9acbc6be666d8047ee6ecb0
                                    • Instruction Fuzzy Hash: 494192725083119BD714DA74C841BABB7D8AF8C709F442D2EFD84F7281E674DA08C796
                                    Function 00EBC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: BinaryHash
                                    • API String ID: 0-2202222882
                                    • Opcode ID: 5136c578b2eb44a8ecd5f5a169488692725bee0c5f0bbbf30929484c95e11bed
                                    • Instruction ID: 98d9de57a60e4eac7db74e54afe39214d85e05a4e1420c76750cd9cb4f7bc9bc
                                    • Opcode Fuzzy Hash: 5136c578b2eb44a8ecd5f5a169488692725bee0c5f0bbbf30929484c95e11bed
                                    • Instruction Fuzzy Hash: 7A4152B1D0012CABDB21DA60CC81FDEB7BCAB44714F1055A5BA0CBB151DB70AE898FA4
                                    Function 00ED6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: #
                                    • API String ID: 0-1885708031
                                    • Opcode ID: ab0d6e2f1f21bfb872f6cce7673d66a50c68b407301c35445fb6a53f9025cd44
                                    • Instruction ID: 31e7b06c462b50ba2742534ae69ae526e9f1d431c4ef716361c0098e05c57756
                                    • Opcode Fuzzy Hash: ab0d6e2f1f21bfb872f6cce7673d66a50c68b407301c35445fb6a53f9025cd44
                                    • Instruction Fuzzy Hash: AF312431A107199BDB22DF68C850BEEB7A8DF44708F10502AE984BB392DB75EC06CB50
                                    Function 00E44260 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %
                                    • API String ID: 0-2291192146
                                    • Opcode ID: ecc1e35a2fa3b76e0617832d2e5b9f64f2eec9e402137290f987cbbca9cd1f32
                                    • Instruction ID: ff819b31ea4354813206cecb202ba0aff8b9bdbcc44282dc708ca9c705c7d422
                                    • Opcode Fuzzy Hash: ecc1e35a2fa3b76e0617832d2e5b9f64f2eec9e402137290f987cbbca9cd1f32
                                    • Instruction Fuzzy Hash: 8141D171200B45DFC722CF24C885BD677E9AF8A754F109429E599AB2A1C770F844DB60
                                    Function 00EBCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: BinaryName
                                    • API String ID: 0-215506332
                                    • Opcode ID: 2d54a750456563d938f5258f28dc9be0d7dec6890359e46fdf055353a7765eee
                                    • Instruction ID: 340512d60acb4ca7ce095f935a21e55629ad9affb056d5d652ca1bcb71fe9f0a
                                    • Opcode Fuzzy Hash: 2d54a750456563d938f5258f28dc9be0d7dec6890359e46fdf055353a7765eee
                                    • Instruction Fuzzy Hash: 52312536904519AFDB19DB58C893EEFBBB4EF80760F215529E905BB250D7309E04CBE0
                                    Function 00E44690 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: P
                                    • API String ID: 0-707820851
                                    • Opcode ID: 905c84fecabb92c8dda4a2b6251faa94910fb41b5e97aeb7e444adb688c7c3b4
                                    • Instruction ID: adcd9d3fdab703cfcdab750a85f25eca83edacc4c23b702658e45d696f4c7087
                                    • Opcode Fuzzy Hash: 905c84fecabb92c8dda4a2b6251faa94910fb41b5e97aeb7e444adb688c7c3b4
                                    • Instruction Fuzzy Hash: 5511A0B6341744AFCB26CF59E849B567BA4EB8A768F10511AF904AB390C770FC41DF60
                                    Function 00EC892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    Strings
                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 00EC895E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                    • API String ID: 0-702105204
                                    • Opcode ID: 94f4ea1b25c69f0db0493baa587fadb3d0f772ba437cbbead855b767de503b9f
                                    • Instruction ID: 76a186715a997f5fd3f2dcf9696daaa81470fef774849ea12b4ace8fbd584215
                                    • Opcode Fuzzy Hash: 94f4ea1b25c69f0db0493baa587fadb3d0f772ba437cbbead855b767de503b9f
                                    • Instruction Fuzzy Hash: D20147312007009BD6246B109F85FBB3BA1EFC5764F04302CF54A32162CF72EC42D692
                                    Function 00EE2000 Relevance: .8, Instructions: 757COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9ca02c3fb18d72bca8c55592eb4c10d153ad8e3479ae8e29a1d88cf41481ead9
                                    • Instruction ID: d784e540710dd7d9e5c931b2cc1ecf350c5db242403f26a95d440e3e827f9463
                                    • Opcode Fuzzy Hash: 9ca02c3fb18d72bca8c55592eb4c10d153ad8e3479ae8e29a1d88cf41481ead9
                                    • Instruction Fuzzy Hash: 744205726083898BD725CF66C881A6FB7E9BF88304F18192DFB86A7250D730DD45CB52
                                    Function 00ED8158 Relevance: .6, Instructions: 617COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0acf9384daa7ff6d0129dff39ff335686bcc65d9f7355f7b8af3877c374fc02d
                                    • Instruction ID: 07be848f2829c3d427084d8cbcb138dd67de7386a047e14cf223d308ae600222
                                    • Opcode Fuzzy Hash: 0acf9384daa7ff6d0129dff39ff335686bcc65d9f7355f7b8af3877c374fc02d
                                    • Instruction Fuzzy Hash: 8E424975A002198FDB24CF69C981BADB7F5FF88314F14919AE889AB342DB349D85CF50
                                    Function 00E52840 Relevance: .6, Instructions: 605COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 070e09096290b0916ada62214ac85f73d10d88dd56cd3beb926753a54025242f
                                    • Instruction ID: 1185b68c1b9afd61e9246f0d2ed3eb981c1a7651a68f497fe96e28f3788c9519
                                    • Opcode Fuzzy Hash: 070e09096290b0916ada62214ac85f73d10d88dd56cd3beb926753a54025242f
                                    • Instruction Fuzzy Hash: 4C32CE70A007598BDB28CF69C8447BABBF2BF8B308F28551DE456AF280D735B805DB50
                                    Function 00E46A50 Relevance: .5, Instructions: 548COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: addad9615ad855cd3793ad4700be0a5ee860d74a215f0020de09459b74210202
                                    • Instruction ID: 2720eafe8ad8c9149f13fa2bc379014c343470fd652b5bbeda6219f2a068d7bb
                                    • Opcode Fuzzy Hash: addad9615ad855cd3793ad4700be0a5ee860d74a215f0020de09459b74210202
                                    • Instruction Fuzzy Hash: 43329970A01604CFCB24CFA8D880BAAB7F1FF49304F2495A9E956AB391D734EC45CB91
                                    Function 00E64A35 Relevance: .4, Instructions: 423COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                    • Instruction ID: 74fa8b2335172bb78e82ae07a8d9f33961cdbcb5758ad6ad05bb34ce635307fb
                                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                    • Instruction Fuzzy Hash: 6BF18DB1E402199BDB19CFA9E580BAEB7F5BF49754F049129E801BB381E774EC41CB60
                                    Function 00ED892B Relevance: .4, Instructions: 386COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0fc468ddf8c10ffa678301dfc8f30dbc2a398424f748c0fcbb81045985b88608
                                    • Instruction ID: 111f3da2d62b79537c703d9fba2fc12f657d7caa5b33ca01e1881f14a6ac74de
                                    • Opcode Fuzzy Hash: 0fc468ddf8c10ffa678301dfc8f30dbc2a398424f748c0fcbb81045985b88608
                                    • Instruction Fuzzy Hash: F1D1E171A006198BDB09CF69C941AFEB7F5EF88304F19916BD859F7380DB35E9068B60
                                    Function 00E465D0 Relevance: .4, Instructions: 383COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 95ae89c7a2c2c25d65a71520b8a911e2588e4fc891dcdeda05aaaafb03d2a165
                                    • Instruction ID: 35eff69491faf4724eef5c67762a453aece8a2dcc69efe7954f82c719d2a51ca
                                    • Opcode Fuzzy Hash: 95ae89c7a2c2c25d65a71520b8a911e2588e4fc891dcdeda05aaaafb03d2a165
                                    • Instruction Fuzzy Hash: 07E19071508341CFC714CF28D090A6ABBE0FF9A318F159A6DF999A7351D731E909CB92
                                    Function 00E38397 Relevance: .4, Instructions: 380COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5095ef47cf7e76b4e3cdab54c4c6d14879ae01779210055878898eb302d00f28
                                    • Instruction ID: e7d976500fd8b593e6d4714537c5e571f3532e558ce0a843efc2de978c8a5326
                                    • Opcode Fuzzy Hash: 5095ef47cf7e76b4e3cdab54c4c6d14879ae01779210055878898eb302d00f28
                                    • Instruction Fuzzy Hash: 8CD1E471A007169BCF18DF64CA85ABE7BE5BF44308F15562AF816FB281EB30E944CB50
                                    Function 00EC8243 Relevance: .3, Instructions: 322COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                    • Instruction ID: ca76153b6f0f5bf0182cf26f7ac2d34b6b692bab23949d9a4c888efc957e2049
                                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                    • Instruction Fuzzy Hash: 4DB16074A00604AFDB28DB94CB54FABB7F9BF84304F14645EA942A7791DE36ED06CB10
                                    Function 00E50535 Relevance: .3, Instructions: 300COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                    • Instruction ID: 8f99e6e5bbe4c0026dde52702c5c5d14609daac797bf537315cbe88aa0a0fdac
                                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                    • Instruction Fuzzy Hash: 5FB14671700645AFCB21DB64C840BBEBBF6AF89304F246969F942BB281D770ED45CB90
                                    Function 00E483C0 Relevance: .3, Instructions: 281COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cf497306366f5a87fc76b6eee278137fa7d3a6ab951c2ed030f6c4a218539d04
                                    • Instruction ID: 945dab4239bcf3181d21a5fc90b3fc90c62845ead5f915e03feefb3f3b2b6e33
                                    • Opcode Fuzzy Hash: cf497306366f5a87fc76b6eee278137fa7d3a6ab951c2ed030f6c4a218539d04
                                    • Instruction Fuzzy Hash: 77C169745083818FD764CF14C484BAFB7E5BF88308F44595DE989AB291DB74E904CF92
                                    Function 00E3C427 Relevance: .3, Instructions: 280COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f4331bacae09633b5f189f38e45ed29c4a072d23b62898f295e05d980bebfd3b
                                    • Instruction ID: 5cdeb30146efa4863fc4c2c386d0e3ae01e0a242c575cd930392aa807f322085
                                    • Opcode Fuzzy Hash: f4331bacae09633b5f189f38e45ed29c4a072d23b62898f295e05d980bebfd3b
                                    • Instruction Fuzzy Hash: 82B18070A002658BDB24DF64C894BA9B7F1EF44704F1495EAE54AF7281EB30EDC6CB21
                                    Function 00E6E5E7 Relevance: .3, Instructions: 278COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4f23da01fbdc597ed2be8ff88811a941a21cfdcf9c5847eee2ea78b99a40c8ab
                                    • Instruction ID: 6ffd3644ee55193fd344687fe7f2125c3bf05f832f0ea7962654f233bfedde67
                                    • Opcode Fuzzy Hash: 4f23da01fbdc597ed2be8ff88811a941a21cfdcf9c5847eee2ea78b99a40c8ab
                                    • Instruction Fuzzy Hash: 6EA16631E406189FDB21DBA8D848BEEBBF4AF057A8F152125E901BB3D0D774AD40CB90
                                    Function 00E80185 Relevance: .3, Instructions: 276COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 13633c48e80d524c25891d246b576f914675d5337f247cca567389c82839fdb8
                                    • Instruction ID: 6deef4366a9df01f8aa68b0565cc18665363985807c5f8d69f787fc19259bbbc
                                    • Opcode Fuzzy Hash: 13633c48e80d524c25891d246b576f914675d5337f247cca567389c82839fdb8
                                    • Instruction Fuzzy Hash: 08A1E170B006199FDB64EF65C891BAAB7F1FF54318F105029EA1DB7292EB34E805DB90
                                    Function 00F14500 Relevance: .3, Instructions: 275COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6d85faa8be426c9ccf72a8c94af8e82dd6066d896e15218d34838488c34b355b
                                    • Instruction ID: 06203bfbe011912660f802296abe257e16a412e71d01360ec63cb77a00c500f8
                                    • Opcode Fuzzy Hash: 6d85faa8be426c9ccf72a8c94af8e82dd6066d896e15218d34838488c34b355b
                                    • Instruction Fuzzy Hash: 8CA1ED72A00611AFC711DF24C981BAAB7E9FF88764F14092CF589EB251C334ED81DB91
                                    Function 00F12B57 Relevance: .3, Instructions: 266COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                    • Instruction ID: 8a4b45256b3f30c0bc73c64efb7c13a63513daf7797db95367a3c01e38e6cecd
                                    • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                    • Instruction Fuzzy Hash: 19B11571E0061ADFDF68CFA9C880AEDB7B5BF88320F148169E914A7354D730AD95DB90
                                    Function 00EC60E0 Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c7f1c3495ad5cce893488d383118ea65ffadb0714fb05b841804a2e91983a139
                                    • Instruction ID: cf5d8c7883a291f600f9005f1d9e69f05f8d49b8a74420883d16569d0076643c
                                    • Opcode Fuzzy Hash: c7f1c3495ad5cce893488d383118ea65ffadb0714fb05b841804a2e91983a139
                                    • Instruction Fuzzy Hash: 5491BE71E00225AFCF15CFA8D980FAFBBB5AB48710F14516DE610BB251D735EE029BA0
                                    Function 00E5E3F0 Relevance: .3, Instructions: 261COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7282dec573baa40dc485641e144235cade4faef875fd277d7b3321c87906564b
                                    • Instruction ID: 774cc862988495f0e439630196758ac50f7c95f8e4d5f869ccb58b7c5a3f00c5
                                    • Opcode Fuzzy Hash: 7282dec573baa40dc485641e144235cade4faef875fd277d7b3321c87906564b
                                    • Instruction Fuzzy Hash: E6914831A002159BD728DB68C441BBE77E2EF89719F15A869EC05FF381E634EE05C751
                                    Function 00E96ACC Relevance: .2, Instructions: 226COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 367ff7f31166656841089088695cfbb5a03e17117fc05762a1c2b1c715a061a2
                                    • Instruction ID: b090b379a8459b16dcc2fd115ad6b46bd6fc04d8b3c250540533c938882a0edd
                                    • Opcode Fuzzy Hash: 367ff7f31166656841089088695cfbb5a03e17117fc05762a1c2b1c715a061a2
                                    • Instruction Fuzzy Hash: 7581A0B1A0061A9FDF18DFA9C940ABEBBF9FB48704F10952EE455E7640E734D940CBA4
                                    Function 00F0AB40 Relevance: .2, Instructions: 222COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                    • Instruction ID: 068b35da4846088b1b4b2de82088555d2de53a19b39337b479c2837595c01cbc
                                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                    • Instruction Fuzzy Hash: 78817071A103099FDF18CF58C890AAEB7F2BF84310F158169E816AB385DB74ED01EB51
                                    Function 00E7E284 Relevance: .2, Instructions: 212COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c905c816b3dc0cb575fd8efd99083e13a107da41955bb0fcc6b59e2e8a054283
                                    • Instruction ID: 4bbad0c1ed2e23479420145cef63f915910feda81be49048e240fdacbd2bfd65
                                    • Opcode Fuzzy Hash: c905c816b3dc0cb575fd8efd99083e13a107da41955bb0fcc6b59e2e8a054283
                                    • Instruction Fuzzy Hash: 94817C71A00609AFDB25DFA4C880AEEB7FAFF48354F109429E559B7350DB30AC45CB60
                                    Function 00E5C640 Relevance: .2, Instructions: 206COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0e743f47ffed654b7532cc3b9cfb4470fd90ff482b65e6527efa5a32f2b527f3
                                    • Instruction ID: 610820215684b7f0dd5facc112f9a83b591a7cda7efe7124dd114a1599a70dc5
                                    • Opcode Fuzzy Hash: 0e743f47ffed654b7532cc3b9cfb4470fd90ff482b65e6527efa5a32f2b527f3
                                    • Instruction Fuzzy Hash: 0171ED75C01229DFCB258F68D9A07BEBBB5FF5D710F24651AE842BB290D770A804CB90
                                    Function 00EF47A0 Relevance: .2, Instructions: 202COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d200934def841701177c7bf3d08530e13c45aad42e67caa94a81d4f83ea77e86
                                    • Instruction ID: 028cf59b2d49f58eba4f32a8b4aa40be4623d388efbafdb72a1f1911c40c5e06
                                    • Opcode Fuzzy Hash: d200934def841701177c7bf3d08530e13c45aad42e67caa94a81d4f83ea77e86
                                    • Instruction Fuzzy Hash: B071A1B1A0060CEFCB10DF95D941AABBBF9EF84324F10A15AE608F72A5D7718D00DB64
                                    Function 00E5260B Relevance: .2, Instructions: 201COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 607c94a8ba54eabe0e8806faa847150246674c1ec14e82c7c75054e7b3a20572
                                    • Instruction ID: 2886a11c7d0738a2d808b2b513434bcd21cbf4dbf3ab2990606653700645ac03
                                    • Opcode Fuzzy Hash: 607c94a8ba54eabe0e8806faa847150246674c1ec14e82c7c75054e7b3a20572
                                    • Instruction Fuzzy Hash: 0D71E2316042418FC311DF28C480B6AB7E5FF8A315F0899AAFD58AB352DB74EC49CB91
                                    Function 00ED62A0 Relevance: .2, Instructions: 198COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a1d3448786159ea6cd84907e3d13c2c868b81708e6ed8b08be36234d2dcd8bb6
                                    • Instruction ID: e438792f25c3793e07304887ae09a4e56ae5398476b6f21343084d62c9c4ae60
                                    • Opcode Fuzzy Hash: a1d3448786159ea6cd84907e3d13c2c868b81708e6ed8b08be36234d2dcd8bb6
                                    • Instruction Fuzzy Hash: 74710132200B00AFD7319F14C845F5AB7F5FF80724F15582AE66AAB3A1D775E946CB50
                                    Function 00EC035C Relevance: .2, Instructions: 198COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                    • Instruction ID: df814630a5f022d7ffccb507fa9b84eeb94efdd0f3d42d77494925457734142c
                                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                    • Instruction Fuzzy Hash: 3F716B71A00609EFCB10DFA5CA85FAEBBF8FF48700F144569E905B7251DB35AA06CB50
                                    Function 00E48AA0 Relevance: .2, Instructions: 197COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9399bdcb466dcfd3d30d914b624cd1a3250bbf660ff75766b73ce03c9122a7bd
                                    • Instruction ID: e558fbe8fd3a319e44913ed25d5334d59ee1a43173d00b77c04b227a32da8b34
                                    • Opcode Fuzzy Hash: 9399bdcb466dcfd3d30d914b624cd1a3250bbf660ff75766b73ce03c9122a7bd
                                    • Instruction Fuzzy Hash: EC818072A043158FCB14CFA8E580BADB7B2EB49328F19616DD9007F2A1C774BD41DBA0
                                    Function 00F18324 Relevance: .2, Instructions: 192COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 75201eba0bd4f8f3a09ffe467e1b006577149aa44fca7e8640b31b7c70b66e8f
                                    • Instruction ID: d1cd39457e0ce1c491cfc17e37df32528d89decee57c937b9c372c84c732a87f
                                    • Opcode Fuzzy Hash: 75201eba0bd4f8f3a09ffe467e1b006577149aa44fca7e8640b31b7c70b66e8f
                                    • Instruction Fuzzy Hash: 37713B72E00209AFDF15DF94C941FEEBBB9FB047A0F104119F625B6290DB74AA45DB90
                                    Function 00EFA250 Relevance: .2, Instructions: 184COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8fb416ffe87a8c5b0fb45041a2412b5b436e52194338338811c3304b00617327
                                    • Instruction ID: bdc9c3c058ef8a860e24b950d5c5b08accdc4a7db734140111cb7aa8ccdbcc1a
                                    • Opcode Fuzzy Hash: 8fb416ffe87a8c5b0fb45041a2412b5b436e52194338338811c3304b00617327
                                    • Instruction Fuzzy Hash: DB51FFB2504616AFD311DE68C884E6BB7E9EBC4710F045939BB98EB150E770ED04C7A3
                                    Function 00EE8350 Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 803e51f11fcbc06cde63f1b92a9103313f3820dc0c6a1866a9cf475234528f7d
                                    • Instruction ID: 818056ce915a363311a82255ded98c41e6f36df8b90d2d850ee95c03f5de21a2
                                    • Opcode Fuzzy Hash: 803e51f11fcbc06cde63f1b92a9103313f3820dc0c6a1866a9cf475234528f7d
                                    • Instruction Fuzzy Hash: 2251F1309007499FD721CF56C980AABFBF8FF94714F20561EE1AA676E1CBB0A940CB50
                                    Function 00E7E443 Relevance: .2, Instructions: 158COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 463f7c5c9db9fdd072f9e1e4be9b6527d8203d8723225fee73bf3eb046c8961d
                                    • Instruction ID: b60c621c635aadc2569da34adea031a86d452936de80f521529cc5747505d436
                                    • Opcode Fuzzy Hash: 463f7c5c9db9fdd072f9e1e4be9b6527d8203d8723225fee73bf3eb046c8961d
                                    • Instruction Fuzzy Hash: BD517C71200A05DFCB21EF64C980EAAB3F9FF08788F515869E659A7261D734EE44DB60
                                    Function 00EE4180 Relevance: .2, Instructions: 156COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 19abab3ec65e94f26a25fb38f1e71f05832927c0e502981447b78f070134e8d3
                                    • Instruction ID: 7b562292dbb20ef7848747dfbe1e7be3d6c4da4114c1ca0dcbabf4d0e3815e8e
                                    • Opcode Fuzzy Hash: 19abab3ec65e94f26a25fb38f1e71f05832927c0e502981447b78f070134e8d3
                                    • Instruction Fuzzy Hash: E55178B16083898FC754DF2AD881A6BB7E5BFC8308F44592DF489E7290EB30D905CB52
                                    Function 00E645B1 Relevance: .2, Instructions: 156COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                    • Instruction ID: 5758df15fd2c678d1bad948893f5de4b16e01c4d3d84f747d137eb308a15401e
                                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                    • Instruction Fuzzy Hash: EE51ADB1E4021EABCF15DF94D441BEEBBB5AF49394F04506AE901BB281D734EE44CBA0
                                    Function 00ECE9E0 Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                    • Instruction ID: cafdfe7cd22bfd94415da2d60a5d0c760d10efcbe5553015fc263a9dfaee7328
                                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                    • Instruction Fuzzy Hash: 6B51A231D00219AFDF209A90CA85FBEB7B5AF00328F25566DE91677391D7329E428B90
                                    Function 00F08B28 Relevance: .2, Instructions: 152COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 05274a4c0608c0395ef32076c20578e9e451e50ee989b7c9d765bfc2ad22dd2b
                                    • Instruction ID: fffaca694fa320cdf10997fe32249516cbfdcd5847e8cd38bd73a7506193f4b9
                                    • Opcode Fuzzy Hash: 05274a4c0608c0395ef32076c20578e9e451e50ee989b7c9d765bfc2ad22dd2b
                                    • Instruction Fuzzy Hash: CB41C4B1B016119BD729DB29C895B7BB7AAAFC07B0F148119F895872C1DF34DC02F6A1
                                    Function 00ECCBF0 Relevance: .1, Instructions: 148COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 37fc717bda6031e0143fd13b50af872b837ef68ef1d90b7b74e50bd354b97179
                                    • Instruction ID: b4b14029608dd44bc758f90007cb518f722eb56418e49a77cbad02786cb059cd
                                    • Opcode Fuzzy Hash: 37fc717bda6031e0143fd13b50af872b837ef68ef1d90b7b74e50bd354b97179
                                    • Instruction Fuzzy Hash: A2517E71900219EFCB20DF68CA80E9EBBF5FF49358B259529E51AB7301D731AD42CB90
                                    Function 00E7A430 Relevance: .1, Instructions: 139COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bca8a130c8c01de86d9de9facb682d36eca5f3f5f86b85e437ae39d94f883cff
                                    • Instruction ID: 1de187050dfaf61cbda35a743820223e50c15c7c57f7edc7083639c817f63064
                                    • Opcode Fuzzy Hash: bca8a130c8c01de86d9de9facb682d36eca5f3f5f86b85e437ae39d94f883cff
                                    • Instruction Fuzzy Hash: 7E41B371744604ABCB14AF689882BAF37A6AB85718F05607DFE0ABB252D7E1DC009751
                                    Function 00F0A9D3 Relevance: .1, Instructions: 139COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                    • Instruction ID: dd7069103de1730e64bd6add085202e4e60710e07cec2612b2c9e41eaf3a62ac
                                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                    • Instruction Fuzzy Hash: 8D41E672B047169FC725CF24C980A6AB7E9FF80310B05462EF952872C1EB34ED18E792
                                    Function 00E701F8 Relevance: .1, Instructions: 138COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8b3a6d0707193388cb4c675b6ed20db3488dca695896c92c53c91455b28574b9
                                    • Instruction ID: 2d2fcf310af5bf8b048b6ada5bf06ebf06741ad85d0d605e909e7ef11cc5c86e
                                    • Opcode Fuzzy Hash: 8b3a6d0707193388cb4c675b6ed20db3488dca695896c92c53c91455b28574b9
                                    • Instruction Fuzzy Hash: 8341BD36A00219DBCB14DFA8C440AEEF7B5BF48714F24A16AE819F7252E7359D41CBA4
                                    Function 00E6EBFC Relevance: .1, Instructions: 138COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b71600d066fbcfd88bef9258d6c168f80e7843df6533fdd569a78d5d9e8b985e
                                    • Instruction ID: 9f335c2df1d6290c789189b908f3637c03913ece101d124ba6124662989bdd0b
                                    • Opcode Fuzzy Hash: b71600d066fbcfd88bef9258d6c168f80e7843df6533fdd569a78d5d9e8b985e
                                    • Instruction Fuzzy Hash: FB41DF712003019FDB20DF64D880A6BB7E9FF89368F10683DE956E7352EB31E8489B51
                                    Function 00E82750 Relevance: .1, Instructions: 137COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                    • Instruction ID: 7bfcef7b84fbc06b8ff6eb01d17b66984112a35bfca7e84afcf7e7e0e61bbdbd
                                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                    • Instruction Fuzzy Hash: 0B515B75A00219DFCB14CF98C580AAEF7F2FF85714F2891A9D865A7350D770AE42CB90
                                    Function 00E46154 Relevance: .1, Instructions: 133COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0da4dfc37707df2bd6da6396046f4eef005bc969cb6b82064835f7df4808eb87
                                    • Instruction ID: 621f730800a292f9128a1def72f9076b8e9e460d3af648cb9558b13f52961867
                                    • Opcode Fuzzy Hash: 0da4dfc37707df2bd6da6396046f4eef005bc969cb6b82064835f7df4808eb87
                                    • Instruction Fuzzy Hash: 98512770900116EBCB25CB64DC01BE8B7F1EF0A318F1492A9E529BB2E2D774AD81DF45
                                    Function 00E40BCD Relevance: .1, Instructions: 130COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bd9f9177f171b350b03872f432da6d45a91e7a8e4d9111255c0a9f4ef71c57a1
                                    • Instruction ID: 5bb181f4da2ec75b7fd14e41b4436bd377f81bc9bf89300122ea719c83167b55
                                    • Opcode Fuzzy Hash: bd9f9177f171b350b03872f432da6d45a91e7a8e4d9111255c0a9f4ef71c57a1
                                    • Instruction Fuzzy Hash: E7418F71A00228DBCF21DF64D981BEEB7B8EF45750F0515A5EA08BB241D7749E84CF91
                                    Function 00F0866E Relevance: .1, Instructions: 129COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                    • Instruction ID: 43628fe6541b6684a87de26b603f0ab408e538962b45b01e005641b1c4120f8e
                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                    • Instruction Fuzzy Hash: 3341E531F00215ABDB14DB95CC81AAFB7BAAF84390F254069E880A7381DE70DD02EB50
                                    Function 00E40887 Relevance: .1, Instructions: 128COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 04f5dda9f04acca944a776f968e5950dc1524aef7841bfc222ca79df9a933293
                                    • Instruction ID: 0bea4dc00ad25e64c5138a62696ededc4aeddebea0f5a3bac98734cbb960ff55
                                    • Opcode Fuzzy Hash: 04f5dda9f04acca944a776f968e5950dc1524aef7841bfc222ca79df9a933293
                                    • Instruction Fuzzy Hash: 0F41B0B16007019FD724DF24D580A22B7F5FFC9318B20AA7DE74AA6A52E731E845CB90
                                    Function 00E6A470 Relevance: .1, Instructions: 127COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8b7fcccac2518c49d404392bf6ff8229fbf1adda6b27c96d3ee04142d35f5367
                                    • Instruction ID: 0a762d91c935892e2249d69a0ff16b44700321171637d8081f8ac2e09304da16
                                    • Opcode Fuzzy Hash: 8b7fcccac2518c49d404392bf6ff8229fbf1adda6b27c96d3ee04142d35f5367
                                    • Instruction Fuzzy Hash: D1418C31981218CFCB10DF68E8917A97BB1BB193A4F182169D412BB391DB34A940DFA1
                                    Function 00E48BF0 Relevance: .1, Instructions: 124COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 67c10963e7dac23b36381e6503fdd5831a8aa601edfc40164d0160b7bad9e2fe
                                    • Instruction ID: 34e34b8ab98d2b2ab12d0fa0d405c24522870de42d9d8edf987307222ab537ef
                                    • Opcode Fuzzy Hash: 67c10963e7dac23b36381e6503fdd5831a8aa601edfc40164d0160b7bad9e2fe
                                    • Instruction Fuzzy Hash: A141F531A01205CBCB14DF58EA81A9EB7F6FB85714F24912EE9017B651CB75FC41DBA0
                                    Function 00E38918 Relevance: .1, Instructions: 123COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 42c9f5d139a3c8c1f5069623a98bad01a405c8447ed5d3605a2674ba12ec4875
                                    • Instruction ID: 174f13b671981ef17987f31e79816e7a8c77b4ab471de9a9d6919f44b2d6899c
                                    • Opcode Fuzzy Hash: 42c9f5d139a3c8c1f5069623a98bad01a405c8447ed5d3605a2674ba12ec4875
                                    • Instruction Fuzzy Hash: 6F418C315087169ED311DF649941B6BBBE8AF84B94F001A2AF984E7250EB30DE048BA3
                                    Function 00E3A020 Relevance: .1, Instructions: 122COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                    • Instruction ID: 40e5e42da173a27d7e6842cc89b36cdea5132842a04f75bed81ab0e08ffdd5e3
                                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                    • Instruction Fuzzy Hash: 73413C31B00211DBDF24DE549D487BABBA1EB90758F19A07AE885BF240D7318DC0DF91
                                    Function 00E409AD Relevance: .1, Instructions: 122COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4b72e08196204d281b6f3976246a777dda7ab4a3f54f228cb18ab195847ddf77
                                    • Instruction ID: 81acb4cd3677151251d3f7a46fcc0f66c02b58f2c6677d9e840de53bc21e9197
                                    • Opcode Fuzzy Hash: 4b72e08196204d281b6f3976246a777dda7ab4a3f54f228cb18ab195847ddf77
                                    • Instruction Fuzzy Hash: D3417971600700EFD721CF18E841B66B7E4FF88314F24992AEA49EB252E771ED42DB90
                                    Function 00E70710 Relevance: .1, Instructions: 121COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                    • Instruction ID: 2552836eb731504d159d8a30572553b287477ef27aadadc088a09db00cf5273d
                                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                    • Instruction Fuzzy Hash: 38413971A00605EFDB28DF98C980AAAB7F4FF08714B20996EE55AE7251D330FA44CF50
                                    Function 00E4262C Relevance: .1, Instructions: 119COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8dd6d333b8c9dac3da59d70eb66562699bedcf9ba838afbb4e47db67b782e75a
                                    • Instruction ID: f6daca4394574ff38f29d8faf62f6a31bb35d0060f164e8b98a9148b38906ead
                                    • Opcode Fuzzy Hash: 8dd6d333b8c9dac3da59d70eb66562699bedcf9ba838afbb4e47db67b782e75a
                                    • Instruction Fuzzy Hash: 3141E270901704DFCB21EF24E901765B7F2FF48324F6195AEE606AB2A1DB30A941DB51
                                    Function 00E7C8F9 Relevance: .1, Instructions: 116COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3111646126d1ea2187b72738aab5fecd00db3f706da48321df733bf3e701a26b
                                    • Instruction ID: 3ca6a9e93273fa6a78e0ff11ead6fcec943fe877e731b3984132e0e23332c7b5
                                    • Opcode Fuzzy Hash: 3111646126d1ea2187b72738aab5fecd00db3f706da48321df733bf3e701a26b
                                    • Instruction Fuzzy Hash: E73197B2A00245DFDB51CFA8C441799BBF4FB49728F2085AEE119EB291D732D902DB90
                                    Function 00EC07C3 Relevance: .1, Instructions: 114COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c8563494eef24b79f530d7d8b56dfc5b9aefde8dbe4fee3294f89e34e4f6dd41
                                    • Instruction ID: c3f9983c2dd83eb47fc5261e623c18c50df9bb8c502e3cc45e9759fe2d68d233
                                    • Opcode Fuzzy Hash: c8563494eef24b79f530d7d8b56dfc5b9aefde8dbe4fee3294f89e34e4f6dd41
                                    • Instruction Fuzzy Hash: BD417E725083549BD320DF28C845F9BBBE8FF88764F009A2EF598E7291D7709905CB92
                                    Function 00E380A0 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1aa5daf1704352abb076dd1c41a5fc9e1740772bcd344dd377f5a28bb8c0948d
                                    • Instruction ID: 4d0cb09dab09ea352ca29f86503e3a9ae79678d5e8a29a76f9403862ab3e2ded
                                    • Opcode Fuzzy Hash: 1aa5daf1704352abb076dd1c41a5fc9e1740772bcd344dd377f5a28bb8c0948d
                                    • Instruction Fuzzy Hash: FD41E171A06715AFCB00DF14CA446A9BBF1BF44764F20A229F815B7280DB34ED42CBD0
                                    Function 00EC05A7 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 44bf67b9e6ba8a44a1fe9bf39103423c0be5b1d3bb09119d5cc3667e36255505
                                    • Instruction ID: 1ae3309b4b7535fe00433b379c0c2afc1b6c9fe41572bede844277b542caad0f
                                    • Opcode Fuzzy Hash: 44bf67b9e6ba8a44a1fe9bf39103423c0be5b1d3bb09119d5cc3667e36255505
                                    • Instruction Fuzzy Hash: 4A41BF726047519FC320DF68C941FAAB3E9AFC8700F140A2DF899A7691E731ED15C7A6
                                    Function 00E44859 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 911cf2313d7898adf129687c22d3c76e56f15fa4a16a963a661e4fef92ed1035
                                    • Instruction ID: b59a1131ddef41d81ac7f0db131346bf4e7ca45b168605a3ff5d62814b408338
                                    • Opcode Fuzzy Hash: 911cf2313d7898adf129687c22d3c76e56f15fa4a16a963a661e4fef92ed1035
                                    • Instruction Fuzzy Hash: FC41C0B13003028BD725DF28E884B27B7E6AFC1368F14542DEA41AB2A1DB30DD05DA51
                                    Function 00E38B50 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 568595c89f07a2e949fc74fe50f2c44e073ae273db6bf228358613c2547ebb54
                                    • Instruction ID: 69fb9c242742bee003a7825cce11f73fb2cb9a72a194ba2b4273e17893ac7342
                                    • Opcode Fuzzy Hash: 568595c89f07a2e949fc74fe50f2c44e073ae273db6bf228358613c2547ebb54
                                    • Instruction Fuzzy Hash: B5418F71A017058FCB14CF69CA8499DFBF1BF88324F20A56AE466B7250DB349D41CB50
                                    Function 00E502E1 Relevance: .1, Instructions: 106COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                    • Instruction ID: 920c8b5bfc58c7128322a71914d8dd743d8ebb6b63f89938bbfb448ba5c14765
                                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                    • Instruction Fuzzy Hash: 63312631A01244AFDB128B68CC44BDEBBE9AF04350F0455A5F819FB392C6B49988CBA0
                                    Function 00EEE3DB Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b9058ae6933026b17a651b6021df812f4eeb64ec2a087430fc89a3e36a8804f
                                    • Instruction ID: 82cc0434e90606258ced1d05b7305145fc31fa1e42a54eef2af6570f900ce610
                                    • Opcode Fuzzy Hash: 3b9058ae6933026b17a651b6021df812f4eeb64ec2a087430fc89a3e36a8804f
                                    • Instruction Fuzzy Hash: 9031B631750759ABD726AFA59C52FAB77E8AB48B50F101028B600BB3D1DAA4DD0487A0
                                    Function 00EF4B4B Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fa8d815e1b99b9493d333ca685f71c315a40ac7b80bba533a8c1da3af0b815f9
                                    • Instruction ID: 75158c2ba862ebe46d9383d5d9f96f6ccfbc4b7fc4379a379675209245e05b6f
                                    • Opcode Fuzzy Hash: fa8d815e1b99b9493d333ca685f71c315a40ac7b80bba533a8c1da3af0b815f9
                                    • Instruction Fuzzy Hash: D13106B22052049FC320DF19D880E77B3F6FB85364F06A46DEA95AB2A1D730EC01DB91
                                    Function 00EF4BB0 Relevance: .1, Instructions: 101COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aa2937f23345442e45089afd65e352f3d6e7c2fd9943c713ee5049e067c9f069
                                    • Instruction ID: e6163c9906de948366b5f40df0908fef01694550b0f02bb8d611f389aac34ff7
                                    • Opcode Fuzzy Hash: aa2937f23345442e45089afd65e352f3d6e7c2fd9943c713ee5049e067c9f069
                                    • Instruction Fuzzy Hash: 9931ADB12052099FD720DF29C880A7BB3E5FB84724F05696DFA55EB291E730ED04DB91
                                    Function 00F061C3 Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 32fcdd9195e7017491d61b807f9b2aae44b578da1c0e3f74316b28ec8d4ec09f
                                    • Instruction ID: 5d0c702296a913f308db849a31a40aa767784f0cb3b836b5a6ff7422ab5246b9
                                    • Opcode Fuzzy Hash: 32fcdd9195e7017491d61b807f9b2aae44b578da1c0e3f74316b28ec8d4ec09f
                                    • Instruction Fuzzy Hash: B731D076E0021AABDB15DF98CC41BAEB3B5EB48B40F414168F904EB281D770ED10DBA0
                                    Function 00EE483A Relevance: .1, Instructions: 96COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f76cd9c486b64cf85e94339883b9f635e3ee97dc3413fb60718fde3cf2093e9b
                                    • Instruction ID: 985eaec71ffeea7fa53c8de00876baf995c2d0988c9c3e85f92ccf9d409d5ed1
                                    • Opcode Fuzzy Hash: f76cd9c486b64cf85e94339883b9f635e3ee97dc3413fb60718fde3cf2093e9b
                                    • Instruction Fuzzy Hash: 0E317076A4016DABCB21DF55DC89BDEB7FAAB98310F1000A5B908B7251CA31DE91CF90
                                    Function 00E6EB20 Relevance: .1, Instructions: 96COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 12f4c791e8e0b5a8cacc9f2455b0ef7bd2bbad35481e7075d320945804c7871a
                                    • Instruction ID: 27c4d49402e8626852b6a5b5797b3dc8656b907d159f46572bf69438577d3a5d
                                    • Opcode Fuzzy Hash: 12f4c791e8e0b5a8cacc9f2455b0ef7bd2bbad35481e7075d320945804c7871a
                                    • Instruction Fuzzy Hash: D931CF76E40218AFCB31DFA9D840BAFB7F9EF08790F114466E816F7290D6709E009B90
                                    Function 00F060B8 Relevance: .1, Instructions: 95COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0ae999bf904a81201bbb04158a2a462d360aa14232524179f308aa9a81d96200
                                    • Instruction ID: 002a60183c13ab64ad3a416832149b1e707ad2fa59e50e77e2173b1accdf2d1d
                                    • Opcode Fuzzy Hash: 0ae999bf904a81201bbb04158a2a462d360aa14232524179f308aa9a81d96200
                                    • Instruction Fuzzy Hash: 5331D672B40615AFD712DF68CC51B6AB7F5AF44764F100069F505EB392DA30ED11B790
                                    Function 00E407AF Relevance: .1, Instructions: 95COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5b541beea5f284f14925173cf9526278dcfafaf3bfdb4604c14cedd59929a4e1
                                    • Instruction ID: e0c7e59bc3d8d88942aa44e8a423d5a2fbfdc863799cb6ee0599b9ead068e557
                                    • Opcode Fuzzy Hash: 5b541beea5f284f14925173cf9526278dcfafaf3bfdb4604c14cedd59929a4e1
                                    • Instruction Fuzzy Hash: 7D310532A04751DBC71ADE24A980EABBBE5AFD8360F016539FE55B7311DA30DC0097E1
                                    Function 00E48550 Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a82f2aebaab89686330ac2851508882ae142b4284dc8b6a9491ce2a03bf1bdb5
                                    • Instruction ID: 5e9883989aed2577f1d2098e5f4434c4bfab6135721d94969c86ca4bf9280917
                                    • Opcode Fuzzy Hash: a82f2aebaab89686330ac2851508882ae142b4284dc8b6a9491ce2a03bf1bdb5
                                    • Instruction Fuzzy Hash: 333187B16093018FD320CF19C980B2AB7E4AB88704F15596EE998AB391DB74EC44CB91
                                    Function 00E7A6C7 Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                    • Instruction ID: f643f9f2e3138033614356a3e58270e55115c9fc3ad94aadfe44b2de101dcf54
                                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                    • Instruction Fuzzy Hash: 7D312C72B00B00AFD768CF69DD41B5BB7F8AB48754F18593EE59EE3650E630E9008B61
                                    Function 00EEEBD0 Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0670f762da1ed3e005e554acba2dfa2719b55a101515c1fb29f310cccca74a9b
                                    • Instruction ID: c2d7be6351c38b4088ba69a34744b8729f304947f3dc1680a83d28746ae04db6
                                    • Opcode Fuzzy Hash: 0670f762da1ed3e005e554acba2dfa2719b55a101515c1fb29f310cccca74a9b
                                    • Instruction Fuzzy Hash: 8D3169B16093859FC710DF19C54195ABBF1FB8A318F1499AEE888AB351D331DE04DB92
                                    Function 00E6438F Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b49ed5208296ca2318d53cfc5cd38a9522dedce9665418c3ea4c86f6157634bb
                                    • Instruction ID: cc129a30e5218fb85b23ae69bc4e9eace41b77a47248bcb42868109883466795
                                    • Opcode Fuzzy Hash: b49ed5208296ca2318d53cfc5cd38a9522dedce9665418c3ea4c86f6157634bb
                                    • Instruction Fuzzy Hash: 3831E272B402059FC714EFA8D982B6EB7FAAF84384F109529E455F7291DB30ED45CB90
                                    Function 00E3CB7E Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                    • Instruction ID: 7eb532be4b359252746a489c2f0a11abe078e7bdbb30c47f14bd9fa03d2ae5d5
                                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                    • Instruction Fuzzy Hash: 7821F232E4025AAACB11DBB58801BEFFBB5AF04744F19A435AD55F7240E230DD00C7E1
                                    Function 00E3C156 Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3253316aff29f336b59831c27b9cf76c795ceccb8c5b1920aefde3338dd0a599
                                    • Instruction ID: 82939681d49fa56a87d3e2b5d2b99d11d79ac32427064e3c6e434ab88e451ef6
                                    • Opcode Fuzzy Hash: 3253316aff29f336b59831c27b9cf76c795ceccb8c5b1920aefde3338dd0a599
                                    • Instruction Fuzzy Hash: AD31F9715042209BCB21AF24CC42BB977B4AF41318F54A5A9ED45BF343DA74DD86DB90
                                    Function 00EFC3CD Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                    • Instruction ID: 0fd5f0798523e6fca9905f96886ed76c589cd538aa07055ef9eb18841bb9a8cf
                                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                    • Instruction Fuzzy Hash: 0E214D3660065D66CB24AB948D11ABAB7F4EF80710F70A01AFBA9E7591E734DD40C360
                                    Function 00E3E420 Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 714668c074b72bc9d55d2a05bb877ebfb2dfbbf353b749998c365b11eb247038
                                    • Instruction ID: 28f3e0203f5d6007f0376871f465c1d016bd640504eb18484791e87623807f6e
                                    • Opcode Fuzzy Hash: 714668c074b72bc9d55d2a05bb877ebfb2dfbbf353b749998c365b11eb247038
                                    • Instruction Fuzzy Hash: 3231B132A01528ABDB219A14CC46BEEBBB9EB15744F0114A1E655B72D0D674AE80DFA0
                                    Function 00E744B0 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: abc807176f673f31c6aa9fef8177d0755ddf86890aa88a7a6c1f362bb1b44319
                                    • Instruction ID: 03ebff79be610725b8b0bb65e16c03ab44dece0347edd2293365c6094897361d
                                    • Opcode Fuzzy Hash: abc807176f673f31c6aa9fef8177d0755ddf86890aa88a7a6c1f362bb1b44319
                                    • Instruction Fuzzy Hash: F121C3B26047459BC722DF18C841B6BB7E5FF88764F048529FD58BB281D730EE008BA2
                                    Function 00E74588 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                    • Instruction ID: d49453d68cc325cf5d26d73fc73e0d26f623e6008d05bbbd99d0da1e4fbfddae
                                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                    • Instruction Fuzzy Hash: F02180B6A00608ABCB15CF98C980A9EB7E5FF49314F10C069ED19AB281D770EE059B90
                                    Function 00E3E388 Relevance: .1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                    • Instruction ID: 93cfdf3027c9bfe5f5f90d66dd0086b8dcf9f1ab88e9d21cf0393a45b70ba78c
                                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                    • Instruction Fuzzy Hash: 36319A31600604EFDB21DF68C888F6ABBF8EF84354F2045A9E556AB391E770EE01CB50
                                    Function 00EBE609 Relevance: .1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 33a4db5cd6a7a193add0837e662a664860ea4ed8a133b3af0777d1b11f38558e
                                    • Instruction ID: 45e91198fc61b2d082c07935ba2f06c77c82ce73d01d60a7a75cf574eb8760ea
                                    • Opcode Fuzzy Hash: 33a4db5cd6a7a193add0837e662a664860ea4ed8a133b3af0777d1b11f38558e
                                    • Instruction Fuzzy Hash: 73318D75A00205EFCB14CF18C8809EEB7B5FFA4314B15945AE80AAB395E731EE40CBA0
                                    Function 00EC06F1 Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ee13c08bbb5063c216128449b3634c4d045f6b6b4530d256047d74689cb603af
                                    • Instruction ID: c3808c615a069e6c34db637ed4855940eb715c2eb3a877b76406570adb71e248
                                    • Opcode Fuzzy Hash: ee13c08bbb5063c216128449b3634c4d045f6b6b4530d256047d74689cb603af
                                    • Instruction Fuzzy Hash: 7921AD71900629DBCF15EF59C981ABEB7F8FF48744B50006AF945BB250D738AD52CBA0
                                    Function 00EC019F Relevance: .1, Instructions: 78COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9f8f1ac76fc9c51c3b39e20cb40c4eb02d0400a040440111bedd51d581fd30ae
                                    • Instruction ID: 728340b4767cf2d639bb658156aef02c5fa31e856e0a566dae927f2b25005a6f
                                    • Opcode Fuzzy Hash: 9f8f1ac76fc9c51c3b39e20cb40c4eb02d0400a040440111bedd51d581fd30ae
                                    • Instruction Fuzzy Hash: 2E218B71600644EBC716DB68C945F6AB7F8FF88744F140069F908E76A2D635EE41CB64
                                    Function 00EC0283 Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4b1fef83b4bbc70247b68e91eb6bd4b1edf2e0b741885dda2d679f849882a33f
                                    • Instruction ID: 296124d41e67b94e009b6db28ac811f974966f2a0e141007293fd6453a88f342
                                    • Opcode Fuzzy Hash: 4b1fef83b4bbc70247b68e91eb6bd4b1edf2e0b741885dda2d679f849882a33f
                                    • Instruction Fuzzy Hash: 8521C472504385DBC711EF69C948F5BB7ECAF81344F08145AFC80A7262D731CA4AC6A1
                                    Function 00E62835 Relevance: .1, Instructions: 73COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8b7d480c7006da13fd122918ec50b3185c04894002d80590e3f58a8d2d261b61
                                    • Instruction ID: 2d47c5395b4fb7466f318906968b26cf46b2f88dcf4cf21c74251e2c0ca4c11f
                                    • Opcode Fuzzy Hash: 8b7d480c7006da13fd122918ec50b3185c04894002d80590e3f58a8d2d261b61
                                    • Instruction Fuzzy Hash: 75210A31644B809BE73657789C05B643BD49B457B8F291374FA61BFAD3D768DC01C201
                                    Function 00E7A30B Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d388b216b30e2885b2c50a51ef3dfd4d5f19aa3205a90043d09e4e3ed40a818a
                                    • Instruction ID: ef7530086900be319d6c6ceffe3eec66881a8f472ebd927cf08515609a87eb98
                                    • Opcode Fuzzy Hash: d388b216b30e2885b2c50a51ef3dfd4d5f19aa3205a90043d09e4e3ed40a818a
                                    • Instruction Fuzzy Hash: 0D21B035201600AFC725DF28CC01B4AB3F5EF48744F249868A409DBB61E335ED42CB94
                                    Function 00EFA49A Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d6dd12e4f6d9c0e2cf4856e79a71560e36dbb7c8953b06f32c67f1d13206f619
                                    • Instruction ID: 757575af3d932b4f14be3d74d1f93d0f2c648f9814f2d861f98097fd0b4132a7
                                    • Opcode Fuzzy Hash: d6dd12e4f6d9c0e2cf4856e79a71560e36dbb7c8953b06f32c67f1d13206f619
                                    • Instruction Fuzzy Hash: B911E7B2340B157FD3225A559C41F7776DADBC4B60F191038B71CFF191DA60DC018696
                                    Function 00EC0946 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4784dbdabb78dfc66e2445444b476f8f8ec7f7d2573ddeb1e7ede9b4b1f60f05
                                    • Instruction ID: 2caf01cf90ee86dcd53f9c1d4bac684d89a8093a15db212b5922e90e0e0cc260
                                    • Opcode Fuzzy Hash: 4784dbdabb78dfc66e2445444b476f8f8ec7f7d2573ddeb1e7ede9b4b1f60f05
                                    • Instruction Fuzzy Hash: E721E6B1E00218ABDB10DFAAE981AAEFBF9FF98710F10116EE409B7251D7719941CB50
                                    Function 00ED80A8 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                    • Instruction ID: a1fd44d2ac6ebd78e323dc90f1cc7a985fcc17e2d455effb5745a6e392fed92c
                                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                    • Instruction Fuzzy Hash: EB216D72A00209AFDB129F98CD40BAEBBB9EF58350F20185AF940B7251DB34DD569B50
                                    Function 00E70124 Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                    • Instruction ID: 0d362ec1ba443b9e7ea4b768edb1d9fb164c769d48dcf29a018006be7afc39b1
                                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                    • Instruction Fuzzy Hash: DF11B273601614EFD7229B94CC41F9BBBB9EB80754F109429F609AB190D6B1ED45CB50
                                    Function 00E48770 Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4846d82ba940351439a1d3bcac3224ed97eefd7b179407eee36547cd468782b8
                                    • Instruction ID: be933d532675ee83dfdc607673d7e1db89d63cdd3c2958be0ad6fbeb9cc7c84e
                                    • Opcode Fuzzy Hash: 4846d82ba940351439a1d3bcac3224ed97eefd7b179407eee36547cd468782b8
                                    • Instruction Fuzzy Hash: B611C1327006109BCB15CF49D6C4A6AB7E9AF4A754F29906AFD08EF205DAB2DD01C790
                                    Function 00E7AAEE Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                    • Instruction ID: eef6130878bbf6a8d6ac992521ddbfb9ea45f0a0995762f1ebc7adfa838a9ed3
                                    • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                    • Instruction Fuzzy Hash: 37219D72640A40DFC731DF49C540AAAF7E6EBD4B54F28943EE84AA7610C730ED01EB81
                                    Function 00E480E9 Relevance: .1, Instructions: 66COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf13b32d18df60667d96677c38bcf5dd4ea0acdba7943b20de8669d86e33b5f0
                                    • Instruction ID: a6375613819abc9785f02dbe6b5a1fe383de61b3f0d0de6fdd9cc180701f2df8
                                    • Opcode Fuzzy Hash: bf13b32d18df60667d96677c38bcf5dd4ea0acdba7943b20de8669d86e33b5f0
                                    • Instruction Fuzzy Hash: 5E218E75A01209DFCB14CF98D691AAEBBF5FB88718F24416ED505AB310CB71AE46CBD0
                                    Function 00E7674D Relevance: .1, Instructions: 65COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fdcdf12a1e5fbfb0054e61c466af055acbfab7c54ee98ac3000530ef2edee95b
                                    • Instruction ID: fcbf1608557e3081f420f3bfd9b44b522e8729c2a3f10f9479d21525385f3b1c
                                    • Opcode Fuzzy Hash: fdcdf12a1e5fbfb0054e61c466af055acbfab7c54ee98ac3000530ef2edee95b
                                    • Instruction Fuzzy Hash: 3C214D75510A00EFD724DF68C841BA6B3E8FB44398F54982EE49EE7251DA70BD50DB60
                                    Function 00E6E8C0 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 471ed2c9bf466d08c0069b7c5ca392a10a6528d53df0d0823f4a1e9bbd585a8f
                                    • Instruction ID: e6e8388ebb1c891bc94f09ed92d6367b06b40fc4721f1cf1a5e3e2d14a193b95
                                    • Opcode Fuzzy Hash: 471ed2c9bf466d08c0069b7c5ca392a10a6528d53df0d0823f4a1e9bbd585a8f
                                    • Instruction Fuzzy Hash: C8114836300114ABCB19DB25CC81A7BB296DFD63B8B34953CE922EB381D9309C02C3A0
                                    Function 00ED6870 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3021f682e21e3b39f52aa097459b8e9020e1236feb87ee50906d121fdab9ad15
                                    • Instruction ID: 30e0c671c5f8818d281f4bc3f9e5b93be85c5955c647c9df5e943ea56552690a
                                    • Opcode Fuzzy Hash: 3021f682e21e3b39f52aa097459b8e9020e1236feb87ee50906d121fdab9ad15
                                    • Instruction Fuzzy Hash: 9511E332240614EFCB22CB69CD51F9AB7E8EF99B64F115026F601EB351DA70ED02D7A0
                                    Function 00E766B0 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 669bcbeb991594b74b2d758b0b211cf49506478ee67ae891d4948bc5ce654bd1
                                    • Instruction ID: 09867df543a122660f2619ac30ac608d20c99d8e657a8d19681c0e5a1119112d
                                    • Opcode Fuzzy Hash: 669bcbeb991594b74b2d758b0b211cf49506478ee67ae891d4948bc5ce654bd1
                                    • Instruction Fuzzy Hash: F511C476A01644EFCB28CF59D58095ABBF59F8479CB11D07AE909FB310D630DD00DB90
                                    Function 00F0A8E4 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                    • Instruction ID: f05d17d2cc2dcdc83399a63d4caf97758a0803de460e3cbe1c92547fb2f7830a
                                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                    • Instruction Fuzzy Hash: DF11E632A00505AFDB19CB54CC01B9DB7F5EF84310F058269E845A7380E675AE01EB80
                                    Function 00E40AD0 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                    • Instruction ID: e43d553fbf31e5361eb23d421f5a6dc4e9054a8f2a27138bec9c3135367f3328
                                    • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                    • Instruction Fuzzy Hash: 162103B5A00B459FD3A0CF29D481B56BBF4FB48B20F10492EE98AC7B40E371E814CB94
                                    Function 00ECE7E1 Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                    • Instruction ID: 9ddb41091962671f00c5c9a2504cb691e5617c052c0b0f7b49055b17f80cb0c0
                                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                    • Instruction Fuzzy Hash: F611BC33601600EBEB289B44CA41F5AB7E5EB41748F09942CF808BB361DB32EC42DB90
                                    Function 00E627ED Relevance: .1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 837e6af5886bdb7146e6ed5a258ea02b3855cbce64e76baf721f53dbb657d8a3
                                    • Instruction ID: ad48c4aafae87164e72fd623103d3bb69ee68bba77c3b481f017a4bbf5ffcbd7
                                    • Opcode Fuzzy Hash: 837e6af5886bdb7146e6ed5a258ea02b3855cbce64e76baf721f53dbb657d8a3
                                    • Instruction Fuzzy Hash: 84012B31346644AFE32A9269EC44F6767DCEF45398F191079F901BB641D614EC00C2B2
                                    Function 00E76620 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a0e9a47930365678195480074f436c1c4fb92e34f8ad08c3a39e9c44da8bbd23
                                    • Instruction ID: 12cd057b6888fd03d77f5b80c2c644a4a370bf6d3a27f1dbf94274c1f4330701
                                    • Opcode Fuzzy Hash: a0e9a47930365678195480074f436c1c4fb92e34f8ad08c3a39e9c44da8bbd23
                                    • Instruction Fuzzy Hash: 1211E572900B14ABCB21DFA8DD81B5EF7F8EF84758F905468E909B7202C730AD058B60
                                    Function 00E6EA2E Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4177a4d966a522c42ff2a91989237521c20526eadf0cc1b0de77644aa8de2521
                                    • Instruction ID: 56b634a28f98a86beeda58f69a428c4d93e4407f426178a14bdeb0224af6bd4b
                                    • Opcode Fuzzy Hash: 4177a4d966a522c42ff2a91989237521c20526eadf0cc1b0de77644aa8de2521
                                    • Instruction Fuzzy Hash: 6501D2755002089FC714DB18E804F16B7FAEBC5768F20916AE0049B3A1C7709C45CB90
                                    Function 00E6E53E Relevance: .1, Instructions: 55COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                    • Instruction ID: e99e1275fdc9c0b35f79cd4555c0fc88114295775d92cfeafbc4ea5f7a80ead0
                                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                    • Instruction Fuzzy Hash: BD1129352416C19BD72287A8E444B6677E4EB467DCF1A24B0ED02BF782F328DC42C350
                                    Function 00ECE75D Relevance: .1, Instructions: 54COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                    • Instruction ID: a6b79cef339ebee23663677a609deceb8f672c0b5f897ab821774446f81ba3b4
                                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                    • Instruction Fuzzy Hash: DF01D232600104AFDB219F54CA02F9A7AE9EB80B54F15A42EF905BB361E772DE42C790
                                    Function 00E3A250 Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                    • Instruction ID: e27077c3d4f211cee4ee6ca0e2f6381992935108c06c940536d833cce6cf69da
                                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                    • Instruction Fuzzy Hash: 95010032404B119BCB308F159844A777FE8EB55B64B089A3DFCD9AB2A0C731D840CBA1
                                    Function 00F14940 Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4248443c6f103bf5a8f3103e89c0ce21f82100c61b6d9f752209a16d21be9516
                                    • Instruction ID: d35fec618aa62b738382c69ac564906f8c8de6fc9d040dabc2e88bb60c6acc37
                                    • Opcode Fuzzy Hash: 4248443c6f103bf5a8f3103e89c0ce21f82100c61b6d9f752209a16d21be9516
                                    • Instruction Fuzzy Hash: 0901D6739415009FC321DF18D840E93B7A8EBD1770B654665E9689B1A2D730EC41DBD0
                                    Function 00EBE1D0 Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6908261bf04dc3b79951070e19332f6baaf620bca73599c02b69478c120a0b47
                                    • Instruction ID: 95590a478d44cae28c1cfb511e46cfa5023aab626408bf2bcb974dcaf268ac56
                                    • Opcode Fuzzy Hash: 6908261bf04dc3b79951070e19332f6baaf620bca73599c02b69478c120a0b47
                                    • Instruction Fuzzy Hash: D6118B32241240EFCB16EF58D981F96B7B8FF48B94F241065F905AB7A2C235ED01CAA0
                                    Function 00E46259 Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2868dbfa1b5c992b804653955663dbeaaef0dccf9cb5e5bc2c5021c17628e1c3
                                    • Instruction ID: b9b06aff0382604a2fd8450a0282a7ac27dfc085b60630ccd5c3f805acde5d50
                                    • Opcode Fuzzy Hash: 2868dbfa1b5c992b804653955663dbeaaef0dccf9cb5e5bc2c5021c17628e1c3
                                    • Instruction Fuzzy Hash: F8115E71A42218ABDB25AB64CD42FE9B3B4AB04714F505198B31CB60E1D7709E81CF95
                                    Function 00E4208A Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                    • Instruction ID: 49aaecfd423e824211f075530edde1b2dec1a528e5674f2413bd8932d2def7c9
                                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                    • Instruction Fuzzy Hash: EC0147326001008BDF149E29E880B92B7AABFD4704F9564A9FE01EF286EA71DC81D390
                                    Function 00EC6050 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 13a166b33ee089e7b54dd4344e727e7477636c9d0021bfa554147e44440c0033
                                    • Instruction ID: e488e30d8f912ba0810821492162c9b94b50519c51b921b0504df572bec7704d
                                    • Opcode Fuzzy Hash: 13a166b33ee089e7b54dd4344e727e7477636c9d0021bfa554147e44440c0033
                                    • Instruction Fuzzy Hash: 5F111B73900019ABCB11DB94CD81EDFBBBCEF48358F044166E906B7211EA34AA15CBA0
                                    Function 00ED6500 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 85fabf24c845091fe3182168f236e707e517cb26e77a7562cc57201f27a22b28
                                    • Instruction ID: bfbd045902a8ec480a717e301abe27f7763d2a523acaab22c126ceaac57f6a89
                                    • Opcode Fuzzy Hash: 85fabf24c845091fe3182168f236e707e517cb26e77a7562cc57201f27a22b28
                                    • Instruction Fuzzy Hash: 891104326041469FC300CF58E800BA6B7BAFF9A314F08855AE848DF311D732EC81CBA0
                                    Function 00ECC810 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d77f8f043d185dcb121742519924be4595ea4faaed157026fd08ffe0ec89ac17
                                    • Instruction ID: e623f484eb9c158712b5b3233c115eb444f1806762f0e566f7d3761cc94ae176
                                    • Opcode Fuzzy Hash: d77f8f043d185dcb121742519924be4595ea4faaed157026fd08ffe0ec89ac17
                                    • Instruction Fuzzy Hash: 9711E8B1A002199BCB04DFA9D541AAEB7F8EF48750F10406AF909F7351D674EE018BA4
                                    Function 00EEEA60 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 12dabf7b4d04381253c280172f1c77458db5584aa2c0c3bf794822359ef57a23
                                    • Instruction ID: d95e2aea4767ab85422b0d362c3c42be9397eb5c1280d6bbe6e91a23909d2818
                                    • Opcode Fuzzy Hash: 12dabf7b4d04381253c280172f1c77458db5584aa2c0c3bf794822359ef57a23
                                    • Instruction Fuzzy Hash: CD01B1311402549BC721AF22844197ABBE9FF527A5B14683EF6597B311CB219C41DB91
                                    Function 00E820F0 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 683295f096336e215d9bc51e7c0a582c859fffa167f6b1ea8b2347c4ad997fe9
                                    • Instruction ID: c82281bc3ba855ab0115b27ea81a723bfb3970ab69b83a6870b9d7ccce94befa
                                    • Opcode Fuzzy Hash: 683295f096336e215d9bc51e7c0a582c859fffa167f6b1ea8b2347c4ad997fe9
                                    • Instruction Fuzzy Hash: B411C071A0220CAFCF04EFA4C855FAE7BB6EB44340F104059FA09A7290E735EE01CB90
                                    Function 00E3C020 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                    • Instruction ID: 41d15dcf36f98a641d56c432f5d90a052a7a4dc76695c0643a95501ec85db55c
                                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                    • Instruction Fuzzy Hash: 2601F532204744DFDF229666D804BA777F9FFC4354F15A819A986AB540DA70E842CB60
                                    Function 00E7E5CF Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1a1a207192e234fb5c4cebdc2258ae0af5707a0cf79494f0e0663729b497ce1d
                                    • Instruction ID: 28b7efeeca125dfbf6bb6740d9dd7040f0d2ceeb9b9efa0b18fdbceb72221f73
                                    • Opcode Fuzzy Hash: 1a1a207192e234fb5c4cebdc2258ae0af5707a0cf79494f0e0663729b497ce1d
                                    • Instruction Fuzzy Hash: 2201A771601504BFC311AB79CD41E57B7ECFF897A5B001929B605A3562DB24EC05C6F0
                                    Function 00ED69C0 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9909e93dd03d6eaba9d45fea0a5b666585ec1052b28a58e1ab89fffb269a4b37
                                    • Instruction ID: f3cec2655706eea2598e8675a210fd19e16922486fed61f966f0ec470b57360b
                                    • Opcode Fuzzy Hash: 9909e93dd03d6eaba9d45fea0a5b666585ec1052b28a58e1ab89fffb269a4b37
                                    • Instruction Fuzzy Hash: C4014C322142019BC320EF78C8499A7F7F8EF48764F21552AF959A72D0E7309D06C7D1
                                    Function 00ECC460 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 618d04dd207027e7bb2766e41e5e6234f7a280d89f6bdc5f6de4bf95cb20f19d
                                    • Instruction ID: d7b281687742a887f0e2f3a00bea0530034e2f36a5488711d365c415ed1c2c7e
                                    • Opcode Fuzzy Hash: 618d04dd207027e7bb2766e41e5e6234f7a280d89f6bdc5f6de4bf95cb20f19d
                                    • Instruction Fuzzy Hash: F8118B70A0020CABCB08EFA4C951EEE7BB5FB48344F108059F919A7390DA35EE12CB90
                                    Function 00ECC97C Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 43bdbd41cb9138cdf906a68a53aa1cdb00eb43ceaf4d556eadb2b62073cf6530
                                    • Instruction ID: 1c82f347a8b1decb0246ae10ac88dafc00c71effc42a1f1c79726d8547410da3
                                    • Opcode Fuzzy Hash: 43bdbd41cb9138cdf906a68a53aa1cdb00eb43ceaf4d556eadb2b62073cf6530
                                    • Instruction Fuzzy Hash: E311A1B16043089FC700DF69C442A9BBBF4EF88710F00851EF998D7391E630E901CB92
                                    Function 00F14A80 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                    • Instruction ID: 25d0b261ff7a0b743e984300ce7c3eacd79eafa69c10f9384df89823a8fad868
                                    • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                    • Instruction Fuzzy Hash: 770124326406019FDB258E69D841FD6B7EAFFC1310F054819F542CB690DAB8F881D790
                                    Function 00ECCA11 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f4f0c2ef0b730906ef50f843d4fa3db34df5081584e211fe8bfc74c1a7c786bd
                                    • Instruction ID: 427f1caa31c061c0ecc448a76e970b58e8ec6b2d91a61b988daafdea72744dfc
                                    • Opcode Fuzzy Hash: f4f0c2ef0b730906ef50f843d4fa3db34df5081584e211fe8bfc74c1a7c786bd
                                    • Instruction Fuzzy Hash: 1B118EB16043089FC300DF69C441A4BBBF4EF89750F00451EF958D73A1E630E901CB92
                                    Function 00E5E016 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                    • Instruction ID: 0df9979137629f609bd1ceb2b7579809fa58bd7f563bdc2633ceb119bed2dfb4
                                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                    • Instruction Fuzzy Hash: 72017C32200680DFD726CA1DC948F6677E8EB44754F0918A5F805EB6D2D668DE40C621
                                    Function 00E3826B Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 383fb915c1e17f65fd4a9afc046c1ae6c3d58fa6492cde9f4976b8618a31c601
                                    • Instruction ID: 6c379fb4b6c70e8e63c37b98e3424a0016a5b27793c71613b8c9b1830a59708c
                                    • Opcode Fuzzy Hash: 383fb915c1e17f65fd4a9afc046c1ae6c3d58fa6492cde9f4976b8618a31c601
                                    • Instruction Fuzzy Hash: C9018431710608DBC704EB6ADE15AAF7BE9EF81724F155069B905B7662DE20DD02C690
                                    Function 00EEEB50 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 0c6214b5561bc14ba9b3daadaa8c9ec459a115e0e0f6662d9a60ed4e5b89047a
                                    • Instruction ID: 9f3bf7342890b1315d83853fec416071789fdf88b03541a1dcaa11ceab6f1f93
                                    • Opcode Fuzzy Hash: 0c6214b5561bc14ba9b3daadaa8c9ec459a115e0e0f6662d9a60ed4e5b89047a
                                    • Instruction Fuzzy Hash: 7F0126B1244704AFC3319F16D802F06BAE8DF45B60F10182EF70AAF391D6B0E840DB44
                                    Function 00E42582 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 32f46c239b40cdd94388a41534197c5c884d93e8647f976362636af54cfc9458
                                    • Instruction ID: d09852f5f31b2358df981a6c6b213edf9828b97640d56968fecd491e7d7574c3
                                    • Opcode Fuzzy Hash: 32f46c239b40cdd94388a41534197c5c884d93e8647f976362636af54cfc9458
                                    • Instruction Fuzzy Hash: 09F0F432A41B20B7C731DB569C41F57BAE9EB84B90F104429BA05B7640CA34ED01CAA0
                                    Function 00E6C073 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                    • Instruction ID: 6cb000d57ecaaeb063a61f20756942ad6ee161567fedbb5e8992456eba4160ab
                                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                    • Instruction Fuzzy Hash: C4F0C2B3A00A10ABD325CF4DDC41E67F7EADBC0B80F148128A549D7221EA31ED04CB90
                                    Function 00F162D6 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c06cda305500c7af0bffd708fbb128e1f302c9a76ac57830ecd4efcfeb002a13
                                    • Instruction ID: 7d4186b2e4a2357db7ede440e8638b7b29b832b3d49848075c892448c3fb7e7c
                                    • Opcode Fuzzy Hash: c06cda305500c7af0bffd708fbb128e1f302c9a76ac57830ecd4efcfeb002a13
                                    • Instruction Fuzzy Hash: 26017CB1A00209ABCB00DFA9D441AAEB7F8EF48304F50402AF914E7391D6749E008BA0
                                    Function 00F1625D Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 14535e5a6ee48f987c113e0b4baf16c346b467ed1773ee368f9e24270da4cba3
                                    • Instruction ID: fec1229cd402b509d96b69f077fa1a1714a769a568e9dd654e84ed1728593bb2
                                    • Opcode Fuzzy Hash: 14535e5a6ee48f987c113e0b4baf16c346b467ed1773ee368f9e24270da4cba3
                                    • Instruction Fuzzy Hash: DD017C71A00249ABCB04EFA9D451AAEB7F8EF48300F10402AF904E7391D674AA008BA0
                                    Function 00F1634F Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 00bc0128d5a9d2f064af251d9adc819f8cdc42acf6dc35d2cf882466a9984033
                                    • Instruction ID: 12c69c31d3a6fe1c2ef594c362b2a60309e0a63f79f5ac20c8396fca6fa14124
                                    • Opcode Fuzzy Hash: 00bc0128d5a9d2f064af251d9adc819f8cdc42acf6dc35d2cf882466a9984033
                                    • Instruction Fuzzy Hash: 7E017C71A10209ABCB00DFA9D451AAEB7F8EF48300F10402AF914E7391D6349A009BA0
                                    Function 00E3C310 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                    • Instruction ID: 41d0df9f8431bef8923343f12b8116b8d5544776898deb76bbbeace237f14dd1
                                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                    • Instruction Fuzzy Hash: 42F021332046329BC73216594848B6BAEE58FC1B64F395075F505BB200CD70CC01E7D1
                                    Function 00E7CA6F Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                    • Instruction ID: 5300f2ef7ed68815b8aa2ea53f22ed1219a1c1f4077f317c336368a41d548d24
                                    • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                    • Instruction Fuzzy Hash: D80126312006899FC7328618C905F9ABBECEF41754F1990A5F919AB791DA74CD00C211
                                    Function 00F161E5 Relevance: .0, Instructions: 41COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f236b56874a651f0dc64b0021abf5705daa3cc210719d9b23808b395d5d7768f
                                    • Instruction ID: 0ed0a051b1409f2280c3f6053e3800420db1386cdb9fa70eb41701ad1cfd0ed4
                                    • Opcode Fuzzy Hash: f236b56874a651f0dc64b0021abf5705daa3cc210719d9b23808b395d5d7768f
                                    • Instruction Fuzzy Hash: EC018F71A012499BCB00DFA9D841AEEB7F8EF48310F14005AF505F7290D734EA01CB94
                                    Function 00ECA4B0 Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 103b587864f850d2f66d039cc8e672a00d338c2904aa21712ce8fb7251ee41e3
                                    • Instruction ID: 3e2caedf270cba2949f65db171b982decf874dd001b485c9f7f113d6e499ce9a
                                    • Opcode Fuzzy Hash: 103b587864f850d2f66d039cc8e672a00d338c2904aa21712ce8fb7251ee41e3
                                    • Instruction Fuzzy Hash: C201853610010DABCF129F84DD40EDA7BA6FB4C768F0A8215FE1866220C236D971EB82
                                    Function 00E3C0F0 Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bc8b46790718d927114b79ea727d3604945cd07466c67ba93778a5e965840cbd
                                    • Instruction ID: 4811ed4d19e2b6b649a57e07cb1bcc375ecd681ccdbff334d7f4fbdb0e15c71b
                                    • Opcode Fuzzy Hash: bc8b46790718d927114b79ea727d3604945cd07466c67ba93778a5e965840cbd
                                    • Instruction Fuzzy Hash: CBF024723092005BF71096159C06BA23BBAE7C0B54F75A03AEB09BB2C2E970DC41D394
                                    Function 00E7656A Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9392b9a84872016ac67a4f0f95fd0cec6a2ba400dfe15ba5049d6925f1b95322
                                    • Instruction ID: 555d46b8e6059fa1d2bc14ce1fe2449804e6b25fed19c63cef6ecc50667c4142
                                    • Opcode Fuzzy Hash: 9392b9a84872016ac67a4f0f95fd0cec6a2ba400dfe15ba5049d6925f1b95322
                                    • Instruction Fuzzy Hash: 7101A4B0204A85DFE3329778DD49F6633E4AB40B48F586994F905BB6E3D728D9019610
                                    Function 00EE437C Relevance: .0, Instructions: 37COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                    • Instruction ID: f01035cd90a4f9bd863963cb8fb53e7792c34445d8c0862df4a75b483978451b
                                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                    • Instruction Fuzzy Hash: BCF0E276341E9647DB36AA2B9820F2EA2D5AFC0B44B15363CA845FB6C0DF20DC0087A0
                                    Function 00ECC89D Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: df7ccde3251c58b7c166ea75e7d64aa1955a4bd886cd962cead726049e86eabc
                                    • Instruction ID: 0a98883bee6301f83143aedaa2b04b9eb00b493bc50a8112f0ab3f94693e1244
                                    • Opcode Fuzzy Hash: df7ccde3251c58b7c166ea75e7d64aa1955a4bd886cd962cead726049e86eabc
                                    • Instruction Fuzzy Hash: 98F0AF716053049FC314EF68C942E1BB7E4EF88710F50565EB898EB391E635EA01C796
                                    Function 00ECE872 Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                    • Instruction ID: 101e17a2f139f7675c3e1831a9c1cf5bfeed89f9618dc6c57df2808acae138b5
                                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                    • Instruction Fuzzy Hash: FBF05E337116119BD3359A59CD81F16B3A8EFC5B60F6D1469BA04BB360C762EC02C7E0
                                    Function 00E70854 Relevance: .0, Instructions: 35COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                    • Instruction ID: fef2884c4a39e2e86f1f576e2990d4369b9607bc99e9afbfc30afe6f9da7f2a6
                                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                    • Instruction Fuzzy Hash: B0F0B4B2610204EFE718DB21CC05F96B6E9EF98340F14C4789949E7261FAB0EE01D655
                                    Function 00ECC912 Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b0a2806bfb666380d5979d34182e803120f4c6b50df87a68095558835529d623
                                    • Instruction ID: 3afb181d9ed646d36626ed28780b314803c4b575b510ebaeba2dde7958c6c8ca
                                    • Opcode Fuzzy Hash: b0a2806bfb666380d5979d34182e803120f4c6b50df87a68095558835529d623
                                    • Instruction Fuzzy Hash: F3F04F70A012499FCB04EFA9C516E9EB7F4EF48300F108159B959EB395DA34EA01CB50
                                    Function 00E447FB Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 870b0ab88b1308baf15117b93f363df0683f1268f79dc36aad167c9f4cc2eb53
                                    • Instruction ID: bddaa0b344c64b6dd8ddc9f37cf6a3395cdd4d43f5c69f2ef026fdd4570cfb7a
                                    • Opcode Fuzzy Hash: 870b0ab88b1308baf15117b93f363df0683f1268f79dc36aad167c9f4cc2eb53
                                    • Instruction Fuzzy Hash: D0F024B1B023D08FD739CB58E004B61B7C49B08728F0868AAF489A3981C375DC80C600
                                    Function 00F00115 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 44a5ac50faa491ae8c8ba46220734147bf690d1e739b569eb6e3d35a2c21e0e9
                                    • Instruction ID: 4fd7c3b7a5db41548fa559d9f72c21b0fad6c555aeb71d36877a1355d9d94c97
                                    • Opcode Fuzzy Hash: 44a5ac50faa491ae8c8ba46220734147bf690d1e739b569eb6e3d35a2c21e0e9
                                    • Instruction Fuzzy Hash: 39F0273681AA8856CB315B287C523A17BA79741334F0A2085D4A4A7253C9748C83F224
                                    Function 00E7C5ED Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0227481fa7697f0b473f300319163ba61af3ad435e35cdcfabfa551bbf91d301
                                    • Instruction ID: aec2f86e28862395518eff410b1871783844921851cfeaefbbd4a280cfb92554
                                    • Opcode Fuzzy Hash: 0227481fa7697f0b473f300319163ba61af3ad435e35cdcfabfa551bbf91d301
                                    • Instruction Fuzzy Hash: B7F0E2715116509FC3229798C1C8B91B3DCAB40FA9F39F4ADD80EA7512C364DC82CA90
                                    Function 00E82619 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                    • Instruction ID: a05728f6153dcb796e99e7190023b2aa5519908cd1f1e5d4047c38802eea136d
                                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                    • Instruction Fuzzy Hash: 9CE09272300A402BD712AE998C81F5777AE9F82B10F04047DBA086E252CAE29D0983A4
                                    Function 00ED6030 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                    • Instruction ID: 9c6dfa4baca67ffea7831e00f763156746577fdcbd3014593073eca2a4500060
                                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                    • Instruction Fuzzy Hash: 7BF0E572100204DFE3308F05D840F92B7E8EB05368F11C02AE608AB260D339EC41CBA0
                                    Function 00E40710 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                    • Instruction ID: 374b7ee13095cbbc028ae0175575dd3767d695271654b0299531de0ef42a61c5
                                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                    • Instruction Fuzzy Hash: FAF0E5392043449FDB19EF15D040AE57BE4EB41350B102465FE429B301E731FD91CB41
                                    Function 00E749D0 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                    • Instruction ID: 2bbbcd7cef8d1ed70fb940831cee53bf97a4c74875d61d8284e115ffc4d660f3
                                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                    • Instruction Fuzzy Hash: 40E0D873694584ABC3231A559801B6A77E5DBD07A0F159429F508AB1E0FB70DC40D7D8
                                    Function 00F14164 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e15d387f31cceae9c85e1e492db4635ea91cab56ce8465eaa647b001a8829063
                                    • Instruction ID: d3eec78b02a6bb52ef71472cdb962e81b07904ef206065b6968c929d326b2fd1
                                    • Opcode Fuzzy Hash: e15d387f31cceae9c85e1e492db4635ea91cab56ce8465eaa647b001a8829063
                                    • Instruction Fuzzy Hash: F0F0E531D255905FD773D728D550BD173E0AB90734F1A1994E408E7911C324FCC0D650
                                    Function 00EE678E Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                    • Instruction ID: b3e57b12c481028a804f6738f967bfaed397dc71590f9437269f5d517a3c3591
                                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                    • Instruction Fuzzy Hash: 06E0DF72A00164BBDB22A79A8D02F9ABAACDB94FA4F050056BA00F70D0D630EE00C690
                                    Function 00F108C0 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                    • Instruction ID: 39f4c1a7a6550ab3c842391912de3c2a11fef61352c82956dbf61b722b0bc16a
                                    • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                    • Instruction Fuzzy Hash: 95E09B32A443508BCB288A29C541BD3B7E8EFA9774F258069D90547612C671FCC2E6D0
                                    Function 00EFA456 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                    • Instruction ID: 4c8a3d98ced644ecc4234718de29e9dfdc605c50bddf2f6adb16dbc094ec6ad4
                                    • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                    • Instruction Fuzzy Hash: 67E09A31010A10DFD7326F26D809B62BBE0AF40755F18AC2CB1AE369B1C7B5ACC0CB40
                                    Function 00E425E0 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: b65abd46d75d5d44d713fedc2c7e928daa01ff6f70925709cb27adee712abfa2
                                    • Instruction ID: 555c5a18c5466a87a71c3a8ce7b969789ab40132077fb9638dbfc12fe26cad8b
                                    • Opcode Fuzzy Hash: b65abd46d75d5d44d713fedc2c7e928daa01ff6f70925709cb27adee712abfa2
                                    • Instruction Fuzzy Hash: 4BE09272100954ABC312BF29DD02F8B77DAEF903A0F014519B219671A1CA30A910C794
                                    Function 00EC4000 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                    • Instruction ID: 515b6fad96273802b49fde5e7205418fd039d86df60c88a57e4b32a4d4a7afbd
                                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                    • Instruction Fuzzy Hash: B1E0AEB43402058BD715CF19C151B6277A6BFD5B14F28C068A9488F245EB33A8438A41
                                    Function 00E7CA38 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c898efe74bfd90abda8621b9ca9a90d9c2558e42e56f01bcf2771ae8545a83f2
                                    • Instruction ID: 2213a37a8590b0071e9c15662bf9f4aa1757c8a2af7a0e186042a234dd8d3764
                                    • Opcode Fuzzy Hash: c898efe74bfd90abda8621b9ca9a90d9c2558e42e56f01bcf2771ae8545a83f2
                                    • Instruction Fuzzy Hash: 82D02B324C54747ACB25E2147C19FD33A9DDB40361F11A864F50DF2021D554CC81A2C4
                                    Function 00E3823B Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                    • Instruction ID: 524b2860a7f1b24a478f2a9cf1f8934884b7010ccdd88e3dacb233a912037fa3
                                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                    • Instruction Fuzzy Hash: 39E08C31001A10EFDB312E21DE05B927BE1FB54B50F227829F189360B48BB4AC81DB54
                                    Function 00E42050 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 33eedf5e82fa456d2ca4ff6295946e1c3cea72000effa1b80e20e00fdbfcea32
                                    • Instruction ID: 6c8b3fcaecd2c87ad0a98953a9e1bf1871bd1d25af2b965a4261718b75fb7467
                                    • Opcode Fuzzy Hash: 33eedf5e82fa456d2ca4ff6295946e1c3cea72000effa1b80e20e00fdbfcea32
                                    • Instruction Fuzzy Hash: 23E08C322004546BC212FF6DED02F4A73DAEF943A0F014125B250AB2A1CA20AD00C7A4
                                    Function 00E78A90 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                    • Instruction ID: 8f4dd70a62d43dc7319c7fbb56e51af494c2d670337936cc9fc47ec5365dd237
                                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                    • Instruction Fuzzy Hash: E8E02633150A0487C328DE18C515B7277A4EF44720F08823EA51747380C930E804C794
                                    Function 00E96AA4 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                    • Instruction ID: 40f4b0b89a90c37629ec8ffe8108147589a0367c94e4e210b8138edc173b5227
                                    • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                    • Instruction Fuzzy Hash: 65D05E36511A50AFC7329F1BEA00C13FBF9FBC5B517050A2FA445A3920C670AC06CBA0
                                    Function 00E7E59C Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                    • Instruction ID: b46a07d766ad6fdfdd56426f998308a11cc0693ab71b196c00657a96e85145d5
                                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                    • Instruction Fuzzy Hash: B3D02233604620AFDB32AA2CFC00FC373E8BB88761F060859F108E7161C360EC81CA84
                                    Function 00EBE908 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                    • Instruction ID: fb48cc42aed695e56c0e82d5c869697f3acf0e7973a3ee9949bea87a26406159
                                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                    • Instruction Fuzzy Hash: 1DE0EC359506849BCF16DF59D640F9AB7F5FB84B40F191454A4087B761C624AD04CB40
                                    Function 00E3A0E3 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                    • Instruction ID: 25132888c6bc7e56f750fe07b3a054a8f9aa25c6b896110d17591dd7c19ba7a8
                                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                    • Instruction Fuzzy Hash: 1ED0123221707097CB2996656918FA7AE559F81B95F1E117D780AB3900C5158C82D6E1
                                    Function 00E7A830 Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                    • Instruction ID: 45b303eac82ed1e564c31f955edcf36fef06e20d473826ea0e13e0d613fdbee5
                                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                    • Instruction Fuzzy Hash: ADD022370D010CBBCB119F61CC02F907BA8E750BA0F004020B904870A0C63AE950C580
                                    Function 00E7CA24 Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 088a28a79825cd0c15c1dcfb704d6adae44ca4b14cde96bf906efaf57d93f14c
                                    • Instruction ID: 24d56ecedab9ae6dfc98e4c04e2e3b856c0f969319fc40207edec0aa8c1392a5
                                    • Opcode Fuzzy Hash: 088a28a79825cd0c15c1dcfb704d6adae44ca4b14cde96bf906efaf57d93f14c
                                    • Instruction Fuzzy Hash: 84D0A730501406DBCF1ADF14CA11DAF7BB8EB10781B50607CE601B1120D324DC02D610
                                    Function 00E502A0 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                    • Instruction ID: f2212277da5b739ead634c5744802f203eef0383c41e2069bd36f643cbe04cb7
                                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                    • Instruction Fuzzy Hash: F8D0C939212E80CFD62ACB0CC5A8B1573A8BB84B49F8118D0F801DBB62D66CED44CA00
                                    Function 00E7C700 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                    • Instruction ID: 0eabf7a1b6908933a727d5b6f53103dc8cb733c3caec48a2111a4fac899898b4
                                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                    • Instruction Fuzzy Hash: 52C08033150644AFC711DF94CD01F0177E9E798B40F000421F70457571C531FD10D654
                                    Function 00E60310 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                    • Instruction ID: 78eaaf442e4a92a06aa4c33d4083512db3680b3212cce79c4b1c68e0653eb8a6
                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                    • Instruction Fuzzy Hash: 35D01236140288EFCB05DF41D890D9A776AFBD8B50F109019FD19077118A31ED62DA50
                                    Function 00E40750 Relevance: .0, Instructions: 9COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                    • Instruction ID: 0a0fc7e2a1702f2e616405e65eb9556a6eabb9f795f1c669c9cb69a651387e25
                                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                    • Instruction Fuzzy Hash: 42C04C757015418FCF15DB29D294F4577F4F744745F151890F945DB721E624ED05CA10
                                    Function 00E84340 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5b04e49a53d8fec82906e9b3ae716e7f2a8302daa796385def588c3f2e459e23
                                    • Instruction ID: 531662315c0c7e9923736595dcdf021bec735a7bc77dd003ddaaeb13ebb69dd1
                                    • Opcode Fuzzy Hash: 5b04e49a53d8fec82906e9b3ae716e7f2a8302daa796385def588c3f2e459e23
                                    • Instruction Fuzzy Hash: 2790023160580012968071584985546400597E1301B55D022E0429555C8E548A565365
                                    Function 00E84650 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2818861ac2968c853418557837f063763481966434ae56452707fe0a4f5a2b68
                                    • Instruction ID: 97a592f32952ff208aa22b9ea8b91d6e2314ba4663f05e796a01288645181ca6
                                    • Opcode Fuzzy Hash: 2818861ac2968c853418557837f063763481966434ae56452707fe0a4f5a2b68
                                    • Instruction Fuzzy Hash: 0D90027160150042468071584905406600597E2301395D126A0559561C8A588955926D
                                    Function 00E82AF0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2a50319d378386e44d7dc5ae2126ac799503e5aea294f6c6bb9c260c0f320e26
                                    • Instruction ID: 05a816ce3e30a012faf604d039fd10122e1c512804cc5fa1ab0e16aec3764f7a
                                    • Opcode Fuzzy Hash: 2a50319d378386e44d7dc5ae2126ac799503e5aea294f6c6bb9c260c0f320e26
                                    • Instruction Fuzzy Hash: EF900235221400020685B558070550B044597D7351395D026F141B591CCA6189655325
                                    Function 00E82AD0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3c811f2c6fa8a8a94d58099f87d3bcccb43e802474518e04a20774a48954cd13
                                    • Instruction ID: 070308c41b80a0388edaa88ecdb146270f30a4e2028e1d2609224898d53040d6
                                    • Opcode Fuzzy Hash: 3c811f2c6fa8a8a94d58099f87d3bcccb43e802474518e04a20774a48954cd13
                                    • Instruction Fuzzy Hash: C3900435311400030745F55C07055070047C7D7351355D033F101F551CDF71CD715135
                                    Function 00E82AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb4a0e4902c2627efd69b8031e5508477fd7370c5215d81d0e916b5cc2cee5f3
                                    • Instruction ID: e5ab0e9af8f130eaa6b90249d600394ff8cc25b629dc5013b9e3f682cabde7b1
                                    • Opcode Fuzzy Hash: fb4a0e4902c2627efd69b8031e5508477fd7370c5215d81d0e916b5cc2cee5f3
                                    • Instruction Fuzzy Hash: B59002B1201540924A40B2588505B0A450587E1301B55D027E1059561CC96589519139
                                    Function 00E82BE0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d75e4dfe5e0516fefa85a1a69c7e599925e376688f5ae1cebf6e811093b98d91
                                    • Instruction ID: af18785dd10ccb7e7b306caa6d2148afb93f66ec6ddef99bea8e0c18858d781c
                                    • Opcode Fuzzy Hash: d75e4dfe5e0516fefa85a1a69c7e599925e376688f5ae1cebf6e811093b98d91
                                    • Instruction Fuzzy Hash: 6A90023120544842D68071584505A46001587D1305F55D022A0069695D9A658E55B665
                                    Function 00E82BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9e96a786f8eab1d6ed9e29f5a8f1e7d6246bd685a32575caa2c4389937433ec1
                                    • Instruction ID: e6f796242dec55ff5c92f7caaf71eb97817aa320f98b874409064a93856d26ee
                                    • Opcode Fuzzy Hash: 9e96a786f8eab1d6ed9e29f5a8f1e7d6246bd685a32575caa2c4389937433ec1
                                    • Instruction Fuzzy Hash: F990023120140802D6C07158450564A000587D2301F95D026A002A655DCE558B5977A5
                                    Function 00E82BA0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e32c5bd50de24b58f3ebfde429aaf9bef0e726aa8b189bf24f5834df333ee3fc
                                    • Instruction ID: 603312a734fb3abc3af5540bd1959efdfdb4030c06fa541fb1043132cd1adb93
                                    • Opcode Fuzzy Hash: e32c5bd50de24b58f3ebfde429aaf9bef0e726aa8b189bf24f5834df333ee3fc
                                    • Instruction Fuzzy Hash: 0A90023160540802D69071584515746000587D1301F55D022A0029655D8B958B5576A5
                                    Function 00E82B80 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 466c69370159be48382dec930078c227643af2e2980a516d2700871b71409ae6
                                    • Instruction ID: 67bde2ed5dfa34aa869fe902219dce103b176cf7d7813a5d5ce7ea9b7db0df06
                                    • Opcode Fuzzy Hash: 466c69370159be48382dec930078c227643af2e2980a516d2700871b71409ae6
                                    • Instruction Fuzzy Hash: B990023120140802D64471584905686000587D1301F55D022A6029656E9AA589917135
                                    Function 00E82CF0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 417617a81bbcb1b584c637da9822a37bd0eeda1d2d3269e2958adbe6928815c7
                                    • Instruction ID: fd979ad9ff17be29246dd75f85f1ee22f159ba243546f09180cba188408c0777
                                    • Opcode Fuzzy Hash: 417617a81bbcb1b584c637da9822a37bd0eeda1d2d3269e2958adbe6928815c7
                                    • Instruction Fuzzy Hash: 8B90023120140403D64071585609707000587D1301F55E422A0429559DDA9689516125
                                    Function 00E82CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c68f151a9858a5d05d4891aa786d9437d616be5465f87d74081a24ab525fc2fa
                                    • Instruction ID: 544357d8f563292eaa6282b7bcac1b9bec3dd80938a12ad0b0c1a1b25c08a70b
                                    • Opcode Fuzzy Hash: c68f151a9858a5d05d4891aa786d9437d616be5465f87d74081a24ab525fc2fa
                                    • Instruction Fuzzy Hash: 0190023160540402D68071585519706001587D1301F55E022A0029555DCA998B5566A5
                                    Function 00E82CA0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 69dc4e8ed690688b081518d30be74c260cbe61fdd113b8d5d8a0722ab401df0a
                                    • Instruction ID: c43dc6f6724f67cf495f47787e297e9343229406be921f9cb8596aa0fb28a7bc
                                    • Opcode Fuzzy Hash: 69dc4e8ed690688b081518d30be74c260cbe61fdd113b8d5d8a0722ab401df0a
                                    • Instruction Fuzzy Hash: 9890023120140402D64075985509646000587E1301F55E022A5029556ECAA589916135
                                    Function 00E82C60 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 41f3df880035dc7f173356a8d9261bfd6786715f01abe9e1405b26667caddd7c
                                    • Instruction ID: 7e983191c392021fcb265d6910eac50b3da5bb867814556ccd66f021c0da53ef
                                    • Opcode Fuzzy Hash: 41f3df880035dc7f173356a8d9261bfd6786715f01abe9e1405b26667caddd7c
                                    • Instruction Fuzzy Hash: 7890023120140842D64071584505B46000587E1301F55D027A0129655D8A55C9517525
                                    Function 00E82DD0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f9738334d746263225e2a310d92a2fd57d470b10f39e1b50d39c0b5cb45b73ce
                                    • Instruction ID: b37c3256926e5e24a186727240cf49b0b1b46d21c79d77ce4bb9cca47d551021
                                    • Opcode Fuzzy Hash: f9738334d746263225e2a310d92a2fd57d470b10f39e1b50d39c0b5cb45b73ce
                                    • Instruction Fuzzy Hash: C4900231242441525A85B1584505507400697E1341795D023A1419951C89669956D625
                                    Function 00E82DB0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8de0a67c2e85bd0df599c04a9b85420a0fa5aef66007f0d855167bc17e69d06b
                                    • Instruction ID: 1bee2ed16be1dc51c12d44f9868e73d6103852ce447dd7bae3edf32028c57ea0
                                    • Opcode Fuzzy Hash: 8de0a67c2e85bd0df599c04a9b85420a0fa5aef66007f0d855167bc17e69d06b
                                    • Instruction Fuzzy Hash: 4090023124140402D68171584505606000997D1341F95D023A0429555E8A958B56AA65
                                    Function 00E82D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9c3c69bf56dde13771d9709bcaf0fb45eb4823020f9dba3571ecc73b8d66c6c9
                                    • Instruction ID: 9d6e993e438c8397358853605d4ca67ee948c487d5763c0bc7bcab55a2e343d5
                                    • Opcode Fuzzy Hash: 9c3c69bf56dde13771d9709bcaf0fb45eb4823020f9dba3571ecc73b8d66c6c9
                                    • Instruction Fuzzy Hash: 5090023130140003D680715855196064005D7E2301F55E022E0419555CDD5589565226
                                    Function 00E82D00 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bdebd6e2ca046951ed81d80226634a271ae9d41bf55f1ec1f32b8835d41be825
                                    • Instruction ID: 7ff662d933de8a36c930598540a739dc5ac184bedf7080a909991393f8bca1d6
                                    • Opcode Fuzzy Hash: bdebd6e2ca046951ed81d80226634a271ae9d41bf55f1ec1f32b8835d41be825
                                    • Instruction Fuzzy Hash: 1A90023120544442D64075585509A06000587D1305F55E022A1069596DCA758951A135
                                    Function 00E82D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aa8b6aef2298572c2936526d01f6e3f767929e09316b46eceedd2c0fd3739678
                                    • Instruction ID: a307bc3b4a70fa1f79b97a5e04c14c4c86c652be207d6b13bcc2503842611048
                                    • Opcode Fuzzy Hash: aa8b6aef2298572c2936526d01f6e3f767929e09316b46eceedd2c0fd3739678
                                    • Instruction Fuzzy Hash: ED90023921340002D6C07158550960A000587D2302F95E426A001A559CCD5589695325
                                    Function 00E82EE0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dd21970e504a1d59275ce53b5a7c737ea929221ab8e607d4ec35e1c19a13bc40
                                    • Instruction ID: 2ff462e938c0c6fb2b737f295bec0885ef652180ef0125ee4a5585d1cd3a1afe
                                    • Opcode Fuzzy Hash: dd21970e504a1d59275ce53b5a7c737ea929221ab8e607d4ec35e1c19a13bc40
                                    • Instruction Fuzzy Hash: E690027120180403D68075584905607000587D1302F55D022A2069556E8E698D516139
                                    Function 00E82EA0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 92a55ed536a9c30f4d75544802170deaa1781d6eafa667bd835327a4efc53b84
                                    • Instruction ID: 131533b5a18941e2863c6f4fe05c472c7b3d10f2c000bc15c4424b740dc36f92
                                    • Opcode Fuzzy Hash: 92a55ed536a9c30f4d75544802170deaa1781d6eafa667bd835327a4efc53b84
                                    • Instruction Fuzzy Hash: 8C90027120140402D68071584505746000587D1301F55D022A5069555E8A998ED56669
                                    Function 00E82E80 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5d1978a6f58020279cdd21aea11903118fbbb82119eb123fafff6f10d5424167
                                    • Instruction ID: 191f7784ccd701262b585a1f6790060b24f6cd08a4d8ea4cada2098cacc50ea8
                                    • Opcode Fuzzy Hash: 5d1978a6f58020279cdd21aea11903118fbbb82119eb123fafff6f10d5424167
                                    • Instruction Fuzzy Hash: ED90023160140502D64171584505616000A87D1341F95D033A1029556ECE658A92A135
                                    Function 00E82E30 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a5cecce42c1a60cc23a76b58f6c35aa67c790ce2cbaa5ed85bf839a0cdf8511a
                                    • Instruction ID: 52f65e7119e7ff192aa10a93e7b06a070ece33ab38680ab3942aabf5d2534374
                                    • Opcode Fuzzy Hash: a5cecce42c1a60cc23a76b58f6c35aa67c790ce2cbaa5ed85bf839a0cdf8511a
                                    • Instruction Fuzzy Hash: C290023130140402D642715845156060009C7D2345F95D023E1429556D8A658A53A136
                                    Function 00E82FE0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eec4a96e5899a80a5e63416ef5ced8c54d0a6e28e468e1132732d72a2a60dcb9
                                    • Instruction ID: 4f1ac33ada8db783b40193a6b23e9e768a678003de6b430c3a4041e93a84fdd0
                                    • Opcode Fuzzy Hash: eec4a96e5899a80a5e63416ef5ced8c54d0a6e28e468e1132732d72a2a60dcb9
                                    • Instruction Fuzzy Hash: B5900231211C0042D74075684D15B07000587D1303F55D126A0159555CCD5589615525
                                    Function 00E82FA0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 453171bab8e4cc728586bd331365774ae1c447b846c97462b9050c0c479f016f
                                    • Instruction ID: fc8cd0358a3d4562bb5391adb0fabe8e0cba155114f94d7ac878e629bf6a96e5
                                    • Opcode Fuzzy Hash: 453171bab8e4cc728586bd331365774ae1c447b846c97462b9050c0c479f016f
                                    • Instruction Fuzzy Hash: 9590023120180402D64071584909747000587D1302F55D022A5169556E8AA5C9916535
                                    Function 00E82FB0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ce61263d05e7c15c6e6875ffda7ce7d631c521707d09f061fac55ec2abc4495
                                    • Instruction ID: e4d8b46eccdbd623acefd8638c0ccba4b834bc5f4b830d8911fb27370c56f726
                                    • Opcode Fuzzy Hash: 7ce61263d05e7c15c6e6875ffda7ce7d631c521707d09f061fac55ec2abc4495
                                    • Instruction Fuzzy Hash: E4900231601400424680716889459064005ABE2311755D132A099D551D899989655669
                                    Function 00E82F90 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 786517d1f9a66d21994aaf4eacd3a348e6c49686c404ae007dfccac5dc9fdfda
                                    • Instruction ID: f3be456b150e2278d43eba9850357b883d7c085bfced7bfbd0ccae8375f21273
                                    • Opcode Fuzzy Hash: 786517d1f9a66d21994aaf4eacd3a348e6c49686c404ae007dfccac5dc9fdfda
                                    • Instruction Fuzzy Hash: 6990023120180402D6407158491570B000587D1302F55D022A1169556D8A6589516575
                                    Function 00E82F60 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 11cfbb4428911c30e77072e10d3aa8de98c662a9def431e97d9e3049a1263969
                                    • Instruction ID: 5f51ad35709912308807e67538608d57cbb3995343e92be5cd6f6f00599d48e8
                                    • Opcode Fuzzy Hash: 11cfbb4428911c30e77072e10d3aa8de98c662a9def431e97d9e3049a1263969
                                    • Instruction Fuzzy Hash: BB90027121140042D64471584505706004587E2301F55D023A2159555CC9698D615129
                                    Function 00E82F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4e02de100cba77d71d03ad45c062c8ebba6d8d4dd6f354aadffbdc13ed7d5bce
                                    • Instruction ID: 17f691e227ae8f46587784637d9c8813bcbc051d71ee8963c21bd4896793502c
                                    • Opcode Fuzzy Hash: 4e02de100cba77d71d03ad45c062c8ebba6d8d4dd6f354aadffbdc13ed7d5bce
                                    • Instruction Fuzzy Hash: 6E90027134140442D64071584515B060005C7E2301F55D026E1069555D8A59CD52612A
                                    Function 00E83090 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d4fedd1e8d3c9f823b2c22fb5431f9a793395a89d6e56ad1cabd37f833d0564e
                                    • Instruction ID: a85bd407b929dbd16bfd840904b215ec95ece598b8e7d2b1b94d1aa2aac5d510
                                    • Opcode Fuzzy Hash: d4fedd1e8d3c9f823b2c22fb5431f9a793395a89d6e56ad1cabd37f833d0564e
                                    • Instruction Fuzzy Hash: 1790023124140802D680715885157070006C7D1701F55D022A0029555D8A568A6566B5
                                    Function 00E83010 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4a3bf2bb7135eeaabde919ab9b39ca239a444789a6021641ede7c282058e8b47
                                    • Instruction ID: 18e8a6a64dc6d1f2a38dbcf31996f6247039dc88e18d901b675dd5f8c7165d37
                                    • Opcode Fuzzy Hash: 4a3bf2bb7135eeaabde919ab9b39ca239a444789a6021641ede7c282058e8b47
                                    • Instruction Fuzzy Hash: 4290023120184442D68072584905B0F410587E2302F95D02AA415B555CCD5589555725
                                    Function 00E839B0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e43d6a6b5c4825640c803e71fe5eed49444b6b37c86391c099133a726be1f882
                                    • Instruction ID: 18460c4bd31f642b034c3b465a6b0a664c42efbe01e6fe5f53fe92a3e5fc2d59
                                    • Opcode Fuzzy Hash: e43d6a6b5c4825640c803e71fe5eed49444b6b37c86391c099133a726be1f882
                                    • Instruction Fuzzy Hash: 0F90023124545102D690715C45056164005A7E1301F55D032A0819595D899589556225
                                    Function 00E83D70 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2a804a745b134a60b65b39bcc0542944d511438497bb7ee2e066aeaabef95ec3
                                    • Instruction ID: 06f83dc32e8eca312ce3fc92ba26b53016c8bbd9d7fdad78ac2b4e940fe4b78a
                                    • Opcode Fuzzy Hash: 2a804a745b134a60b65b39bcc0542944d511438497bb7ee2e066aeaabef95ec3
                                    • Instruction Fuzzy Hash: 1090023520140402DA5071585905646004687D1301F55E422A0429559D8A9489A1A125
                                    Function 00E83D10 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 63605cce552aed576228e30ab0709c108564854db53cd03207d3726d2de4132c
                                    • Instruction ID: 9d49261b8d26febf2565e57eb717e4050cf2956b67f42d12dbf9a787326e047d
                                    • Opcode Fuzzy Hash: 63605cce552aed576228e30ab0709c108564854db53cd03207d3726d2de4132c
                                    • Instruction Fuzzy Hash: 0A900231202401429A8072585905A4E410587E2302B95E426A001A555CCD5489615225
                                    Function 00E82C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                    • Instruction ID: 74f20a8f92aa3332bc62b6e5f0eedcbf0f476255aba781aab611d7e9f25819cc
                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                    • Instruction Fuzzy Hash:
                                    Function 00E82890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                    • API String ID: 48624451-2108815105
                                    • Opcode ID: 40ffc1b67cba1600618c4815e68af3001e3f22f2fa7f6f77e1930d8734b2e91d
                                    • Instruction ID: 1d0c8b5dafe9bd010bb1e7d8a900c59ae7ec3e92f95d50313e9f528ac520c2ec
                                    • Opcode Fuzzy Hash: 40ffc1b67cba1600618c4815e68af3001e3f22f2fa7f6f77e1930d8734b2e91d
                                    • Instruction Fuzzy Hash: 9B51B8B6A00216AFCF24EF9888909BEF7B8BB48304B54916DE56DF7641D234DE5087A0
                                    Function 00EF2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                    • API String ID: 48624451-2108815105
                                    • Opcode ID: 85ed0dc141d357ec822353f50218075000f6a01dacffbe66226084a290839584
                                    • Instruction ID: f89bfd266805c3203c61240965cbae3e948442c496f7a3b1be991f3748bcfe60
                                    • Opcode Fuzzy Hash: 85ed0dc141d357ec822353f50218075000f6a01dacffbe66226084a290839584
                                    • Instruction Fuzzy Hash: 3251F375A00649AFCB30DFA8C89087EBBF9AB44304B50945DE7A5E7681E7B4DE40CB60
                                    Function 00E77630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                    Download Yara Rule
                                    Strings
                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00EB46FC
                                    • ExecuteOptions, xrefs: 00EB46A0
                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00EB4742
                                    • Execute=1, xrefs: 00EB4713
                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00EB4655
                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00EB4725
                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 00EB4787
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                    • API String ID: 0-484625025
                                    • Opcode ID: 2492abdf3ec1a3d64d9d743d528b9b5bea0edbcabb4dd5256fabdad292d6cf8d
                                    • Instruction ID: 4b1c38cf66705bd086977f4150daf1cc652667c0e1bbeabaa15782e7dc1c06bf
                                    • Opcode Fuzzy Hash: 2492abdf3ec1a3d64d9d743d528b9b5bea0edbcabb4dd5256fabdad292d6cf8d
                                    • Instruction Fuzzy Hash: 40512671604219BADF14ABA4EC86FEA73E9EF14304F1460EAE509B71D1EB71AE41CB50
                                    Function 00F16940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                    • Instruction ID: 389e0346bca3a8f21400d9a8adc10ee7e69488604e50e76f2597d81fc6ac6064
                                    • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                    • Instruction Fuzzy Hash: B3022671508341AFC309DF18C890AABBBF5EFC8710F148A2DF9899B265DB35E945DB42
                                    Function 00E8B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: __aulldvrm
                                    • String ID: +$-$0$0
                                    • API String ID: 1302938615-699404926
                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                    • Instruction ID: bd1cc8acb0a0824e6e4c3cd0bf6570af6e40161aea8604be55e5eeda1ca7ea00
                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                    • Instruction Fuzzy Hash: EF81E230E452498EDF28AF68C8517FEBBB6AF85314F18621AE86DB72D1D7359C40CB50
                                    Function 00EF20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: %%%u$[$]:%u
                                    • API String ID: 48624451-2819853543
                                    • Opcode ID: 28eed687c06735a23a6d13cfd2792a58c29e7290874d113ffab622088f46263b
                                    • Instruction ID: aa22bc6b5ada50d54a78b5bbff879b805fdcebf2e330ec47e303c1be9c283241
                                    • Opcode Fuzzy Hash: 28eed687c06735a23a6d13cfd2792a58c29e7290874d113ffab622088f46263b
                                    • Instruction Fuzzy Hash: 14214F76A0121DABDB10DE79C841AFFBBE8EF54744F44111AEA09F3241E7309A018BA5
                                    Function 00E6F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                    Download Yara Rule
                                    Strings
                                    • RTL: Re-Waiting, xrefs: 00EB031E
                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00EB02BD
                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00EB02E7
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                    • API String ID: 0-2474120054
                                    • Opcode ID: 707d9e8d0e5ca6a3f8bbf44b6e3c6264547db478cfd8716946949f0b62687afe
                                    • Instruction ID: 31d2cae6a50fca336e519d94a113c6e12ac4049eabae4681b5a26d3e85787854
                                    • Opcode Fuzzy Hash: 707d9e8d0e5ca6a3f8bbf44b6e3c6264547db478cfd8716946949f0b62687afe
                                    • Instruction Fuzzy Hash: 43E1E0306047419FD724CF28E885B6BB7E0BF84368F241A6DF5A5AB2E1D774E944CB42
                                    Function 00E7BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                    Download Yara Rule
                                    Strings
                                    • RTL: Re-Waiting, xrefs: 00EB7BAC
                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00EB7B7F
                                    • RTL: Resource at %p, xrefs: 00EB7B8E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                    • API String ID: 0-871070163
                                    • Opcode ID: afcfa881e84019c218eb7e030e0787fa676da2a1869a361194092b5fde3a395b
                                    • Instruction ID: 8bf6ed5bec08f608cf9b71f553eb9db487c8dea2006bf8503975efb8d886058c
                                    • Opcode Fuzzy Hash: afcfa881e84019c218eb7e030e0787fa676da2a1869a361194092b5fde3a395b
                                    • Instruction Fuzzy Hash: A241D1313047028BC728DE248D41BA6B7E6EB84B14F105A2DF89AE7690DB31E9058B91
                                    Function 00E7B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                    Download Yara Rule
                                    APIs
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EB728C
                                    Strings
                                    • RTL: Re-Waiting, xrefs: 00EB72C1
                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00EB7294
                                    • RTL: Resource at %p, xrefs: 00EB72A3
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                    • API String ID: 885266447-605551621
                                    • Opcode ID: 18f6f3b38e29b344039d956b654f82f4e9e6f5e51b8aa0a8bf5e6a96cfb18e7b
                                    • Instruction ID: 3a4dd4180672e4e1818829d78853c7c00613ed2192db24cc073ddd254ad1bdec
                                    • Opcode Fuzzy Hash: 18f6f3b38e29b344039d956b654f82f4e9e6f5e51b8aa0a8bf5e6a96cfb18e7b
                                    • Instruction Fuzzy Hash: A7412271704212ABC724DE24CC42FA6B7E5FF84714F106629F899FB691EB31E84287D0
                                    Function 00EF2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: %%%u$]:%u
                                    • API String ID: 48624451-3050659472
                                    • Opcode ID: fed8480d1255c6421d6ca12f0f910fdb33b628fa8ad9888f3322a224d9ff23eb
                                    • Instruction ID: 9ad217ac97d52dfca79998eeceb62a2a8af254b910a44eb2e63e4042d76ddf49
                                    • Opcode Fuzzy Hash: fed8480d1255c6421d6ca12f0f910fdb33b628fa8ad9888f3322a224d9ff23eb
                                    • Instruction Fuzzy Hash: 18318472A0161D9FCB20DE28CC41BFEB7F8EB54714F841599EA49F3240EB34DA448BA0
                                    Function 00E87D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: __aulldvrm
                                    • String ID: +$-
                                    • API String ID: 1302938615-2137968064
                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                    • Instruction ID: 2ef2840d8bd5a3515a980dea415ecaf454f199951942ba5dd07465084341f6e7
                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                    • Instruction Fuzzy Hash: A591A170B0821A9ADB24FE6AC9816BEB7A5EF44364F74651AE99DB72C0DB30DD40C710
                                    Function 00E49126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $$@
                                    • API String ID: 0-1194432280
                                    • Opcode ID: a2488738de24cd194a0e84907790a55edcf7965d1788d17d89f65bcdecb62ca4
                                    • Instruction ID: 16868684cd63dfadb93aff40c1c84d91bcdebcd9de839e7c0452c5241b031435
                                    • Opcode Fuzzy Hash: a2488738de24cd194a0e84907790a55edcf7965d1788d17d89f65bcdecb62ca4
                                    • Instruction Fuzzy Hash: A3814A71D012699BDB35DB54CC45BEEB7B4AF48710F0051EAEA09B7241E770AE84CFA0
                                    Function 00ECCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                    Download Yara Rule
                                    APIs
                                    • @_EH4_CallFilterFunc@8.LIBCMT ref: 00ECCFBD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1965097852.0000000000E10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E10000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_e10000_4N4nldx1wW.jbxd
                                    Similarity
                                    • API ID: CallFilterFunc@8
                                    • String ID: @$@4rw@4rw
                                    • API String ID: 4062629308-2979693914
                                    • Opcode ID: c4b20aa2a0fbd66ca66cf859925a91be3a4902abc4e7eef2fb888a47aa725dea
                                    • Instruction ID: cc36ee94391bb48db9a2cbfcbf46d86ca53305b522dbf8face4119921d6d1ec4
                                    • Opcode Fuzzy Hash: c4b20aa2a0fbd66ca66cf859925a91be3a4902abc4e7eef2fb888a47aa725dea
                                    • Instruction Fuzzy Hash: 6141DF71A00218DFCB21DFA8C941AADBBF9EF44714F10542EF904EB261E736C902DB65